Trojan Spy.Goldun.ML need help

[DuVeL]

Hi guys, at 2 out of 4 computers at work we have problems with a trojan called Spy.Goldun.ML
Suggestion and tips are welcome on how to remove the bloody thing.
I've tryed AntiVir which only detects it but it keeps popping up.
 
Help!

[suicidal_monkey]

dunno if it'll help but:
http://www.wilderssecurity.com/showthread.php?t=152238



A few general things I have done when tackling stubborn infections...

run more than one anti-spyware application to clean out infections
re-run the anti applications immediately afterwards a second time
reboot and re-run the antivir straight away
try cleaning the pc in safe mode

There's a program called hijackthis which will likely help you spot the offencing files, but it's complicated to use

[DuVeL]

I've allready tryed all that stuff and NOD32 is still running but doesn't seem to find the problem.
There is a difference with the suggestion about the site you made and the virus the computers have.
On the computers here it's the: TR/Spy.Goldun.ML
 
AntiVir does recognize the virus and it's also on the list @ AntiVir but it doesn't give a proper solution.
It seems to effect my internetexplorer btw. I can't start my IE up anymore as the files seem to have been deleted from the I386 under C:\WINDOWS\I386\
With that I mean IEXPLORE.EX_
 
AntiVir gave Errors under:
C:\WINDOWS\I386\IEXPLORE.EX_ and C:\ProgramFiles\InternetExplorer\iexplore.exe

[suicidal_monkey]

It'll be a variation of that one though so a good place to start?

perhaps try ariva? only antivir to pop up with that in google... http://www.avira.com/en/threats/section/vdfhistory/vdf_no/6.36.00.19/6.36.00.19.html
that or nod32...

other than trying to remove it in safe mode I'd suggest posting a hijackthis log somewhere like wilder

[DuVeL]

I've got NOD running on 1 computer (30day-trialversion) and hopefully that will detect it so I can use one of the programs that was suggested in your first link.
For the rest, tomorrowmorning we're getting an ICT'er over who's going to have a look in to it.
The trojan seems to affect not only IE but also our drawingprogram...:angry:
Thanks for the replies atleast m8...

[King]

what is an good one to remove spyware and stuff.:g:
I have  hitman pro installed now but this doesn't blog everythimg i have noticed.:ranting2: :ranting2: :ranting2: :ranting2: :ranting2:

[suicidal_monkey]

nothing blocks everything. I use AVG and Spybot. Worked okay so far. Main thing is not to open the wrong files

[DuVeL]

I got a tip from the guys who check our network to use Windows defender (Free program if you have a legal version of windows which offcourse everyone has).
 
My computer at work still has one problem: It can't connect to the internet.
It has no problem to locate the computer which stores our files.
When I set my computer to the exact same settings as the other computers I can't locate the storagecomputer anymore (and still no internet).
 
Any suggestions oh yee of great geekness who read these forums? :flirty:
 
BTW, I've just seen this smilie: :racing:
About time it got added

[DuVeL]

Okay, this problem has FINALLY been solved today!
 
It seems that the nice bugger screwed up my TCP/IP-files which had to be replaced in the old Windows98-style.
As you know in "old" Windows you could replace the files that Windows used easily but with the newer vesions of Windows like XP this couldn't be done anymore.:sideways:
Finally one guy (he was the 3rd) from the firm who checks our computers understood the problem and he tryed setting back the corrupted files oldschoolstyle and it worked!
If that hadn't worked he would have had to reinstall everything on my computer including the programs that I use for drawing (I'm the only 1 here who uses both drawingapplications, the rest only 1 program and we got them to work seperatly on 1 comp which took us alot of effort).
 
So now I can go back to work properly, offcourse I'm still testing my computer if everything is working properly again :norty:.
Oooohhh boy, look, the workday is allready over again :flirty:.

[Anonymous]

Its easy to repair XP. Boot from the XP CD and select repair!

[DuVeL]

Its easy to repair XP. Boot from the XP CD and select repair!

Negative.
I've tryed that but it didn't work.
The file was corrupt and couldn't get repaired.

[Anonymous]

Negative.
I've tryed that but it didn't work.
The file was corrupt and couldn't get repaired.

But that's the whole idea of the repair, to overwrite corrupt files!

Did you try both types of repair? i.e. a repair from the first repair option or select install and then pick the other repair option that appears.

[DuVeL]

But that's the whole idea of the repair, to overwrite corrupt files!
 
Did you try both types of repair? i.e. a repair from the first repair option or select install and then pick the other repair option that appears.

Aye, both didn't work.
Somehow it got reset probably everytime again.
Must say that the previous guys from that firm who tryed it wern't the smartest guys but I couldn't do to much to the computers myself because of the waranty and such.:sideways:

[Anonymous]

Aye, both didn't work.
Somehow it got reset probably everytime again.
Must say that the previous guys from that firm who tryed it wern't the smartest guys but I couldn't do to much to the computers myself because of the waranty and such.:sideways:

Sounds like there was a registry entry screwing things up for you. You can normally check in the following 3 locations to see what is being run at startup:

Code Select Expand

1/ The Startup folder in the Programs menu.
2/ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
3/ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\There are also "RunOnce" and "RunOnceEx" registry keys which could contain entries for startup but it is less likely to find entries there.

[DuVeL]

Good info BB.
I couldn't try to much on the computers as the computers were still under warranty.
These computers at work are btw Compaqs which have a hidden partition for a reinstall.
Ahwell, I'm glad it's sorted again as now I have an Foldingcomputer back.:flirty: