hello everybody,

well, i got infected by a virus last week(donno which one though but it was a trojan) and i cleaned my system and deleted the virus....but i cant understand what it did to my system......my avast home edition anti-virus(ad aware 2007 and windows defender for spyware) although installed is not being detected by the windows security centre and the downloads are also not downloaded completely....they get struck at say half way the progress bar say,i checked with the netlimiter 2 like if i download a 10mb file the download gets struck at 4-5mb and from then the transfer rate is zero.......i know this is a virus problem coz my downloads seem to be normal in bittorrent clients (i use utorrent)..plz help....

btw. am attaching a hijackthis report just in case if anyone would want it....

Attached Files

hijackthis.log (9.9 KB, 4 views)

__________________

hello mahesh, and welcome to the forums. First off, you got infected by using utorrent and bittorrent and any other P2P sites, most likely. Those places are breeding grounds for viruses and malware.

I need you to upload a file to a virus checker and post the results, please.

First, please right-click on start, and choose Explore. Click on Tools, Folder Options, and then View. Make sure that there is a tic next to Display contents of System Folders, Show Hidden Files and Folders is selected, and Hide known file extensions is not selected. Now close Explorer.
Next, go to Online malware scan and upload the following files by clicking on the 'browse' button at the top of the page and navigating to the below files. Please post the results in your next post.


C:\Documents and Settings\Mahesh\Application Data\Transcend\JFSW2\JFSW2Launch.exe


Thanks,
v

__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall

First of all, thanks for replying god i thought my request was not going to be answered.......but am sure happy now that it is answered ..

so,as you told....i did everyting as you told and even scanned the jfsw2launch.exe at the site specified..and the file was not infected....

Service
Service load: 0% 100% File: JFSW2Launch.exe Status: OK
MD5: 672505b2c1366eae3029b2f44408b808 Packers detected: -
Bit9 reports: Scanner results
Scan taken on 12 May 2008 15:31:01 (GMT) A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

i use bittorrent clients only for media (music,movies,books& nothin else) and am cautious enough to scan it before even opening the files........

p.s. my friend too had this same problem...and he formatted his drive and the problem is gone but i dont want to format my drive as i have some important data in it.....so any temporary solutions....?plz...

and oh..!! transcend is my new 8 gb pendrive .....jfsw2launch.exe is its software.....so i think it is safe as it is a such successful company it wont cheat on its customer...right..?or will it..........www.transcendusa.com/

Bittorent clients work so fast-- because they bypass all your normal security software.
It only takes one infected machine out of hundreds to infect everyone--so everything spreads like wildfire.
You are often sharing files with places like China/Korea/Former Soviet states-- it is estimated that 80% of PC's in china are infected-- because people are uninformed due to government censorship--and too poor to pay for security software if they did know.

Bittorrent clients can be very useful between trusted network PC's -- but out there-- it's begging for trouble.
Infections expand exponentially... depending on that file's popularity--- and the number of previously infected machines in the data-link.

__________________

thanks for checking that out, mahesh.....even an old dog like me can learn something.

and ih8bills is right, as usual.....those places are indeed legit, but you need to be exceedingly careful navigating your way around there. My neighbor had some bad html that was injected into his browser and ended up with the midADdle bugger...always a fun one.

Regardless, let's see what combofix has to say:

Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Thanks,

v

__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall