Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Win32/fynlovski.aa trojan problem

16 Jun 2012   #1
jackthewar

Windows 7 64bit
 
 
Win32/fynloski.aa trojan problem

Hello,

I got Win32/fynloski.aa trojan today & I am not sure if I had completely removed it, as I had heard it reappears after some time if not successfully removed from the computer.
Well, firstly I scanned my computer with Eset NOD 32 Antivirus & it found the trojan attached to my calc.exe (C:/Windows/SysWOW64/calc.exe), but it had failed to remove it. I tried to put it into quarantine which also ended up failing.
Afterwards, I ran CCleaner, Spybot S&D + removed the calc.exe manually from my computer & re-checked all of the registries connected to that trojan(listed below)

(The problem about this trojan is that it always changes places where it is, which makes it hard to remove manually, and even harder for an antivirus to remove it.
It also stealthily installs the backdoor encased in a Cabinet self-extractor, on the affected system. Also, it is a type of RAT (Remote Administration Tool) trojans and so far, no RAT actions have been taken on my PC, which is why I don't know if it's gone or not.
So far, as I had searched through internet, I found absolutely no antivirus programs that are capable of removing it themselves, without having to do it manually.)

This is all I had found about this trojan so far & that's why I'm asking is there something else left to do to remove it permanently off my computer?
(I had re-scanned my PC with Eset and it found no viruses, however, many people complain that the trojan stays hidden & undetectable after so called "temporary remove".)


Quote:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′



My System SpecsSystem Spec
16 Jun 2012   #2
C-11

Windows 7 Professional SP1 64-bit
 
 

Welcome to Seven Forums.

Older thread but may help
Virus: Backdoor:Win32/Fynloski.A keeps reappearing. - Windows 7 Forums
My System SpecsSystem Spec
16 Jun 2012   #3
jackthewar

Windows 7 64bit
 
 

Malwarebytes Anti-Malware -> Found no threats
HitmanPro 3.6.0 -> only found GameMon.des as suspicious file, but it is a anti-cheat for multiplayer games so it should be safe.

I guess there's no other programs to check it with? (Still believe CCleaner, S&D & ESET are the best for such stuff so far, as they have one of the biggest databases)

PS: I had contacted my friend who is a student in system-, security- and network administration & he had said that the trojan might still be somewhere on the PC, but that I would have to wait for a while to see if something happens or not. Other solutions?
My System SpecsSystem Spec
Reply

 Win32/fynlovski.aa trojan problem




Thread Tools





Similar help and support threads
Thread Forum
Trojan.Win32.Jorik.Midhos.axf
I let SuperAntivirus and then Microsoft Security essentials try and take care of the problem. I suspect something is still wrong and I am wondering if some files are missing as the computer is not behaving normally. Any ideas to find out if I am missing part of windows 7 now and if this is...
System Security
Trojan:Win32/FakeSysdef
This computer again: http://www.sevenforums.com/browsers-mail/214851-ie9-32bit-context-menu-fails-w7-pro-64bit.html Here is some of what I know about the box build. I was asked to cleanup the aftermath of this: Encyclopedia entry: Trojan:Win32/FakeSysdef - Learn more about malware -...
System Security
Trojan:Win32/Comroki!rts
Downloaded and ran the Microsoft Safety Scanner and it found this. Trojan:Win32/Comroki!rts Safety Scanner removed so it says. All I found with Google besides sales pitches to buy things is this at MS. Encyclopedia entry: Trojan:Win32/Comroki - Learn more about malware - Microsoft Malware...
System Security
Win32/Lethic is a trojan
MSRT January
Security News
trojan downloader:win32/cutwail.ba HELP!
Microsoft Security Essentials discovered this trojan virus today and three times it said I needed to restart to clean computer yet, it never leaves and is caught again on returning to Desktop. I've looked this up on Microsoft KB and that document says to keep MSSE up to date however, the problem...
System Security
Trojan-Downloader.Win32.VB.bbl
I found this awesome virus "Trojan-Downloader.Win32.VB.bbl" and analyzed its behaviour in a VirtualBox and quickly found a weaknes :p It is very hard to remove, it closes antivirus setups and then deletes them, closes all windows containg anything about antivirus tools (even if you google anything...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 20:05.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App