Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Need help, Trojan, *urgent*

15 Oct 2009   #1
TheAnonymity

Windows 7 Ultimate x86 7600.16385
 
 
Need help, Trojan, *urgent*

Alright, here's the problem I'm having... I don't remember exactly what I downloaded, but something gave me this (It was detected by Microsoft Security Essentials) -
TrojanDownloader:Win32/Renos.JS
I said "meh, whatever" and clicked remove. It said successful, but about an hour later, the same thing was back again. I kept clicking remove, it kept saying it worked, and it kept coming back. Now Microsoft Security Essentials is saying "Microsoft Security Essentials isn't monitering your computer because the program's service is stopped. You should restart it now." Sure. So I click the big red button which says "Start" and I get this..
Couldn't start the Microsoft Security Essentials service - Access is denied. Error code: 0x80070005

Now, every time I boot my computer up and login to a user, explorer.exe no longer runs on startup, so I am forced to manually start it. On top of that, my default browser (Mozilla Firefox) crashes every time I open it. Did I mention my internet connection isn't reliable at the moment, and could disconnect at any time? Headache after headache.. Please, PLEASE, someone help me fix this crap. It's really getting on my nerves. Thanks..

~TA


My System SpecsSystem Spec
.
15 Oct 2009   #2
Antman

 

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft online scanner (http://safety.live.com). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

System Changes

The following system changes may indicate the presence of this malware:
  • The presence of the following registry modifications (or similar):
    Value: MSFox
    With data: <full pathname of Win32/Renos<variant>>
    In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Value: Str<digit>
    With data: <base64 encoded string> (for example, "x6tveq8ngbtmpknqirnnqauudxwx")
    In subkey: HKLM\Software\Mozilla\MSFox
My System SpecsSystem Spec
15 Oct 2009   #3
DocBrown

Win7 Enterprise, Win7 x86 (Ult 7600), Win7 x64 Ult 7600, TechNet RTM on AMD x64 (2.8Ghz)
 
 

I agree with Antman, sounds like it could be malware saying you have a trojan virus.

Try MalWareBytes running in safe mode to see if it can clean all malware on you drive.

Link:

http://www.malwarebytes.org/
My System SpecsSystem Spec
.

15 Oct 2009   #4
TheAnonymity

Windows 7 Ultimate x86 7600.16385
 
 

I'm 99.9% positive it isn't malware. I've not yet seen malware that can control the Microsoft Security Essentials GUI..
My System SpecsSystem Spec
15 Oct 2009   #5
Antman

 

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft online scanner (http://safety.live.com). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

System Changes

The following system changes may indicate the presence of this malware:
  • The presence of the following registry modifications (or similar):
    Value: MSFox
    With data: <full pathname of Win32/Renos<variant>>
    In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Value: Str<digit>
    With data: <base64 encoded string> (for example, "x6tveq8ngbtmpknqirnnqauudxwx")
    In subkey: HKLM\Software\Mozilla\MSFox
My System SpecsSystem Spec
15 Oct 2009   #6
cbkitt

Windows 7 RTM 7127
 
 

Quote   Quote: Originally Posted by TheAnonymity View Post
Alright, here's the problem I'm having... I don't remember exactly what I downloaded, but something gave me this (It was detected by Microsoft Security Essentials) -
TrojanDownloader:Win32/Renos.JS
I said "meh, whatever" and clicked remove. It said successful, but about an hour later, the same thing was back again. I kept clicking remove, it kept saying it worked, and it kept coming back. Now Microsoft Security Essentials is saying "Microsoft Security Essentials isn't monitering your computer because the program's service is stopped. You should restart it now." Sure. So I click the big red button which says "Start" and I get this..
Couldn't start the Microsoft Security Essentials service - Access is denied. Error code: 0x80070005

Now, every time I boot my computer up and login to a user, explorer.exe no longer runs on startup, so I am forced to manually start it. On top of that, my default browser (Mozilla Firefox) crashes every time I open it. Did I mention my internet connection isn't reliable at the moment, and could disconnect at any time? Headache after headache.. Please, PLEASE, someone help me fix this crap. It's really getting on my nerves. Thanks..

~TA
Microsoft recommends either a-squared Free or mailwarebytes..

Both Free Programs. I had the same bug and this took care of it.
My System SpecsSystem Spec
15 Oct 2009   #7
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Umm, ***OS... Windows 7 RC Build 7057

TrojanDownloader:Win32/Renos.JS
This is a 'fake' Anti-virus' downloader .... it's also called Vundo and may have included Rootkit along with it.

I don't advocate cleaning up Rootkits on a computer because you can never be sure that your OS will ever be stable again. I draw the line at Rootkits.

I personally would wipe and do a ***clean Windows installation (not the RC build version that you have now!).

How to prevent Malware:
http://miekiemoes.blogspot.com/2008/...t-malware.html
My System SpecsSystem Spec
15 Oct 2009   #8
Antman

 

Jacee is the resident subject matter expert on this topic. You are well-advised. There is simply no one else on this forum with more expertise in the subject.
My System SpecsSystem Spec
16 Oct 2009   #9
rayb

Windows vista
 
 

Fisrtly apologies for my ignorance as i am new to all things pc. I also have the same issue whereby it wont remove - it seems like it has been removed but when opening internet explorer and looking in the history random sites appear that have never been visited - i already have a norton product installed on my machine and the trojan was picked up by windows defender - although still appears even after removal - what are the quickets and easiest steps for a novice like me to resolve the issue - any step by step process would be greatly appreciated
My System SpecsSystem Spec
16 Oct 2009   #10
rayb

Windows vista
 
 

sorry in addition i did run a full system scan with the norton product but it came back with no results
My System SpecsSystem Spec
Reply

 Need help, Trojan, *urgent*




Thread Tools




Similar help and support threads
Thread Forum
Trojan called 'Trojan.Generic.2582177' on my system
Hi, I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't...
System Security
HELP! *Urgent* A Trojan.VBAgent Virus
I Don't know how to remove this Virus . But Please help me remove this virus .. I have alot of imporant files in my computer please!
System Security
[URGENT] BOOT LOADER ERROR [URGENT]
Hi Guys, This is quite a long story, So let me get straight to the point. :) On my Dell Optiplex 360 Computer (Windows 7-Ultimate) I partitioned the hard drive to make space for another windows installation. I then installed Windows Vista Ultimate on it. All of that went successfully but...
Installation & Setup
trojan
so i was downloading a file off the internet and i got a lovely little trojan, i ran norton on it and it didnt detect it, and every time i tried to open bittorrent or google chrome microsoft like security advisor or something said that it could not open because of the trojan and it advised me to...
BSOD Help and Support
Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro
A little help,please.Got this trojan earlier.It disabled MSE,MBAM,Internet,CCleaner,and pretty much anything .exe.Claimed everything was infected...so says whatever fake AV program that came with it.(I wish I could figure out how to use the indention tool here)I had to restart,open task manager...
System Security
[URGENT] All System Restore Point Gone!![/URGENT]
The problem occurred when I made a standard user account and through that i redirected to the admin profile under c:/Users/xxxx and i right clicked the profile>properties>security> and i removed the standard account access to that admin folder and got some "Access denied error". After i logged off...
Backup and Restore


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:39.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App