General discussion

Locked

Trojan or Virus

By robby ·
I am trying to remove either a Trojan or a Virus from a clients computer. They are running XP Home w/Nortons 2003 AV. In Windows Task Manager the process(es) running are Ynu10vj.exe and Lbf38.exe. Every time I end process it returns with either a different name (Yak3x9EP/Bsbjbh6.exe) and is using usually around 80% of CPU. I cannot download the updates to Windows XP while on line and Norton's returns No Viruses Found. Did a search through the Registry and found no matches. What is running? Tried a search through Symantecs site, no joy. Somebody must have run across this before. I removed 178 spyware instances (Search & Destroy) and cleaned the cookies as well as history. Someone point me in the right direction.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Parbo In reply to Trojan or Virus

It must be triggered by a different process. So double check all the processes that you have running to verify that they are all legitimate. You can also do a search for these files while they are in memory and see where they are located. maybe the main file(s) that create these processes is located in the same folder.

Hope this helps..

Collapse -

by robby In reply to

Poster rated this answer.

Collapse -

by 1stladytech In reply to Trojan or Virus

The antivirus software may be compromised, if a virus snuck in it will spoof to the AV inorder to continue running. The best way is to slave the drive in a known clean machine and run a anti-virus scan from there. Barring that, try to get to Symantec's site on the WEB and run an online scan. It sounds like you may have a variant of several virus files. If Symantec comes up clean, download Cwshredder and run that to remove Cool Web search and it's variants. A google search will give you several download sites. If you have cool web search running, it may not allow you to download the exe file, then download it in .zip format or download it on a different computer and then move it to a floppy. Several of these new variants could be viewed either as spyware or a virus. Generally, it is best to boot into safe mode when running cwshredder or other removers. BTW, if they have multipule users setup, you have to remove the virus and spyware from each user profile in order to clean the machine. Good luck, I know these can be hard.

Vickie

Collapse -

by robby In reply to

Virus Software was compromised. After saving all important docs & files. Formatted Hard Drive and reinstalled all software. Just had to be done in the (evening almost all night). Client never allowed the updates even though it was set up on auto. They won't make this mistake again...and if they do they will be paying me again. Thanks for the help.

Collapse -

by glyall In reply to Trojan or Virus

I think ladytech@ has your answer.
the two file Ynu10vj.exe and Lbf38.exe are running the anti-virus program do not stop them and can not delete them from the bootable drive.

Only as a secondary drive you can delete them.

I only think you have not got all your problems solved. You still have other spyware in the background you can not find.

I would copy only the data files that the client needs to a diiferent source to replace them later
after you rebuild the harddrive. I hope you have an image of the unit before you gave to the client.

Good Luck

Collapse -

by robby In reply to

Poster rated this answer.

Collapse -

by robby In reply to Trojan or Virus

This question was closed by the author

Back to Desktop Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums