Need help, Trojan, urgent

TheAnonymity · Oct 15, 2009

Alright, here's the problem I'm having... I don't remember exactly what I downloaded, but something gave me this (It was detected by Microsoft Security Essentials) -
TrojanDownloader:Win32/Renos.JS
I said "meh, whatever" and clicked remove. It said successful, but about an hour later, the same thing was back again. I kept clicking remove, it kept saying it worked, and it kept coming back. Now Microsoft Security Essentials is saying "Microsoft Security Essentials isn't monitering your computer because the program's service is stopped. You should restart it now." Sure. So I click the big red button which says "Start" and I get this..
Couldn't start the Microsoft Security Essentials service - Access is denied. Error code: 0x80070005

Now, every time I boot my computer up and login to a user, explorer.exe no longer runs on startup, so I am forced to manually start it. On top of that, my default browser (Mozilla Firefox) crashes every time I open it. Did I mention my internet connection isn't reliable at the moment, and could disconnect at any time? Headache after headache.. Please, PLEASE, someone help me fix this crap. It's really getting on my nerves. Thanks..

~TA

Antman · Oct 15, 2009

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft online scanner (http://safety.live.com). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

System Changes

The following system changes may indicate the presence of this malware:

The presence of the following registry modifications (or similar):
Value: MSFox
With data: <full pathname of Win32/Renos<variant>>
In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Value: Str<digit>
With data: <base64 encoded string> (for example, "x6tveq8ngbtmpknqirnnqauudxwx")
In subkey: HKLM\Software\Mozilla\MSFox

DocBrown · Oct 15, 2009

I agree with Antman, sounds like it could be malware saying you have a trojan virus.

Try MalWareBytes running in safe mode to see if it can clean all malware on you drive.

Link:

http://www.malwarebytes.org/

TheAnonymity · Oct 15, 2009

I'm 99.9% positive it isn't malware. I've not yet seen malware that can control the Microsoft Security Essentials GUI..

Antman · Oct 15, 2009

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft online scanner (http://safety.live.com). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

System Changes

The following system changes may indicate the presence of this malware:

The presence of the following registry modifications (or similar):

Value: MSFox
With data: <full pathname of Win32/Renos<variant>>
In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Value: Str<digit>
With data: <base64 encoded string> (for example, "x6tveq8ngbtmpknqirnnqauudxwx")
In subkey: HKLM\Software\Mozilla\MSFox

cbkitt · Oct 15, 2009

TheAnonymity said:
Alright, here's the problem I'm having... I don't remember exactly what I downloaded, but something gave me this (It was detected by Microsoft Security Essentials) -
TrojanDownloader:Win32/Renos.JS
I said "meh, whatever" and clicked remove. It said successful, but about an hour later, the same thing was back again. I kept clicking remove, it kept saying it worked, and it kept coming back. Now Microsoft Security Essentials is saying "Microsoft Security Essentials isn't monitering your computer because the program's service is stopped. You should restart it now." Sure. So I click the big red button which says "Start" and I get this..
Couldn't start the Microsoft Security Essentials service - Access is denied. Error code: 0x80070005

Now, every time I boot my computer up and login to a user, explorer.exe no longer runs on startup, so I am forced to manually start it. On top of that, my default browser (Mozilla Firefox) crashes every time I open it. Did I mention my internet connection isn't reliable at the moment, and could disconnect at any time? Headache after headache.. Please, PLEASE, someone help me fix this crap. It's really getting on my nerves. Thanks..

~TA

Microsoft recommends either a-squared Free or mailwarebytes..

Both Free Programs. I had the same bug and this took care of it.

Jacee · Oct 16, 2009

Umm, ***OS... Windows 7 RC Build 7057

TrojanDownloader:Win32/Renos.JS
This is a 'fake' Anti-virus' downloader .... it's also called Vundo and may have included Rootkit along with it.

I don't advocate cleaning up Rootkits on a computer because you can never be sure that your OS will ever be stable again. I draw the line at Rootkits.

I personally would wipe and do a ***clean Windows installation (not the RC build version that you have now!).

How to prevent Malware:
http://miekiemoes.blogspot.com/2008/02/how-to-prevent-malware.html

Antman · Oct 16, 2009

Jacee is the resident subject matter expert on this topic. You are well-advised. There is simply no one else on this forum with more expertise in the subject.

rayb · Oct 16, 2009

Fisrtly apologies for my ignorance as i am new to all things pc. I also have the same issue whereby it wont remove - it seems like it has been removed but when opening internet explorer and looking in the history random sites appear that have never been visited - i already have a norton product installed on my machine and the trojan was picked up by windows defender - although still appears even after removal - what are the quickets and easiest steps for a novice like me to resolve the issue - any step by step process would be greatly appreciated

rayb · Oct 16, 2009

sorry in addition i did run a full system scan with the norton product but it came back with no results

Tews · Oct 16, 2009

Read 3 posts up...

Barman58 · Oct 16, 2009

Although I would strongly advise that you listen to Jacee,

you could try a specific removal tool ...

Take your pick here ....

vundo removal tool - Bing

or install Avast free avast! - Download antivirus software for spyware and virus protection and let it run a full boot scan

rayb · Oct 16, 2009

thanks - again apologies for my lack of experience i will follow Jacee's advise - is it possiible to advise step by step how i do this - as i say i am very inexperienced on pc's

Martin · Oct 16, 2009

As stated before, its just a better way to wipe out your HD and do a clean installation so you can be for sure safe

Antman · Oct 16, 2009

rayb said:
thanks - again apologies for my lack of experience i will follow Jacee's advise - is it possiible to advise step by step how i do this - as i say i am very inexperienced on pc's

Insert installation medium. Boot. Install.

Jacee · Oct 16, 2009

Please see the description of this Trojan:
Encyclopedia entry: TrojanDownloader:Win32/Renos.JS - Learn more about malware - Microsoft Malware Protection Center

Need help, Trojan, *urgent*

New member

My Computer

New member

Crazy Scientific Senior

My Computer

New member

My Computer

New member

New member

My Computer

Consumer Security

My Computer

New member

New member

My Computer

New member

My Computer

Professional Lurker

My Computer

Post no evil ;)

My Computers

New member

My Computer

New member

My Computer

New member

Consumer Security

My Computer

Similar threads

Need help, Trojan, urgent