Jump to content

Trojan.Tracur.XGen infection


Recommended Posts

I just got done getting rid of malware on my laptop. That thread can be found here:

http://forums.malwarebytes.org/index.php?showtopic=88897&st=20&p=453313&fromsearch=1entry453313

but my computer performance stunk with frequent stoppages of 15-30 seconds due to hard drive activity following allowing Windows updates to update my laptop and install SP3 (this is a Windows XP Pro system). I downloaded some sysinternals to defrag and recover disk space. While they worked well, I still had the problem. Using procmon I identified a suspicious program running - atl32.exe identified as codesnip database viewer. It's co-conspirator seemed to be UMDMXFRM32.exe.

Going to google to search on these I found that I was getting redirected to garbage pages. I decided to run malwarebytes again. I've attached the log. It tagged atl32.dll as trojan.tracur.xgen. Rebooting did not delete either of the programs. I stopped those tasks, deleted the programs and rebooted again. While those tasks were no longer running (at least the problem of the stoppages seems to have gone away), google searches are still being redirected.

Help on freeing myself from this new scourge wil be greatly appreciated.

Note that I've disconnected my laptop from the network and am using an alternate machine to post this.

Thanks in advance. Jim

mbam-log-2011-07-15 (18-27-37).txt

Link to post
Share on other sites

While waiting for a response, I went ahead and ran TDSSkiller. It said my system was clean. That log is attached.

I then ran Combofix which said that I was infected with Rootkit.ZeroAcess - that log is attached.

Once Combofix was done I ran a quick scan with Avast which found 1 infection.

Connecting to the internet and doing a google search, I am still getting redirected so the virus/malware is obviously not gone.

So what should my next step be?

TDSSKiller.2.5.11.0_16.07.2011_09.52.26_log_Safemode.txt

ComboFix_2011_07_16_log.txt

Link to post
Share on other sites

Well I seem to have gotten rid of the problem myself by restarting the process of TDSSkiller, Combofix, MBAM, and Avast. All now say that I'm clean and my google searches are no longer being redirected. Note that as a part of the cleanup I got rid of the Ask & Record toolbar which had a process running (not counting its auto update programs) FLVSrvc.exe (excessively in my opinion) even though my browser had not been started.

I find it really weird that, having had this laptop since 2004 and never having a problem, I get hit twice within a 10 day window

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.