Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Win32/fynlovski.aa trojan problem


16 Jun 2012   #1

Windows 7 64bit
 
 
Win32/fynloski.aa trojan problem

Hello,

I got Win32/fynloski.aa trojan today & I am not sure if I had completely removed it, as I had heard it reappears after some time if not successfully removed from the computer.
Well, firstly I scanned my computer with Eset NOD 32 Antivirus & it found the trojan attached to my calc.exe (C:/Windows/SysWOW64/calc.exe), but it had failed to remove it. I tried to put it into quarantine which also ended up failing.
Afterwards, I ran CCleaner, Spybot S&D + removed the calc.exe manually from my computer & re-checked all of the registries connected to that trojan(listed below)

(The problem about this trojan is that it always changes places where it is, which makes it hard to remove manually, and even harder for an antivirus to remove it.
It also stealthily installs the backdoor encased in a Cabinet self-extractor, on the affected system. Also, it is a type of RAT (Remote Administration Tool) trojans and so far, no RAT actions have been taken on my PC, which is why I don't know if it's gone or not.
So far, as I had searched through internet, I found absolutely no antivirus programs that are capable of removing it themselves, without having to do it manually.)

This is all I had found about this trojan so far & that's why I'm asking is there something else left to do to remove it permanently off my computer?
(I had re-scanned my PC with Eset and it found no viruses, however, many people complain that the trojan stays hidden & undetectable after so called "temporary remove".)


Quote:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′


My System SpecsSystem Spec
.

16 Jun 2012   #2

Windows 7 Professional SP1 64-bit
 
 

Welcome to Seven Forums.

Older thread but may help
Virus: Backdoor:Win32/Fynloski.A keeps reappearing. - Windows 7 Forums
My System SpecsSystem Spec
16 Jun 2012   #3

Windows 7 64bit
 
 

Malwarebytes Anti-Malware -> Found no threats
HitmanPro 3.6.0 -> only found GameMon.des as suspicious file, but it is a anti-cheat for multiplayer games so it should be safe.

I guess there's no other programs to check it with? (Still believe CCleaner, S&D & ESET are the best for such stuff so far, as they have one of the biggest databases)

PS: I had contacted my friend who is a student in system-, security- and network administration & he had said that the trojan might still be somewhere on the PC, but that I would have to wait for a while to see if something happens or not. Other solutions?
My System SpecsSystem Spec
.


Reply

 Win32/fynlovski.aa trojan problem




Thread Tools



Similar help and support threads for2: Win32/fynlovski.aa trojan problem
Thread Forum
Trojan.Win32.Jorik.Midhos.axf System Security
Trojan:Win32/FakeSysdef System Security
Solved Trojan:Win32/Comroki!rts System Security
Win32/Lethic is a trojan Security News
Kaspersky: Trojan.Win32.AutoRun.atq. Has it been detected on MSE yet? System Security
trojan downloader:win32/cutwail.ba HELP! System Security
Trojan-Downloader.Win32.VB.bbl System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:23 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33