PDA

Click to See Complete Forum and Search --> : trojan ?

danseur35
February 16th, 2007, 03:50 AM
it comes up cp1041.nls
mutant Trojan.DL.OBFU.......
all AV and antispy tried so far won't touch it.
can anyone recomend somthing?

ashampoo cant even find it
pc tools AV says its in memory,
zone alarm ,norton, mckafee , no good.
they find it ,just can't clean it?
almost ready to reformat.
nihil
February 16th, 2007, 04:28 AM
Well,

Of course they can't "clean" it (if that is what you really mean), it is pure malware................let them delete it.

This should work as it is supposed to have a fully functional trial period:
http://www.superadblocker.com/C/CP1041.NLS-10076.html

EDIT: for future reference with this sort of thing create bookmarks to:

http://virusscan.jotti.org/ and:

http://www.virustotal.com/en/indexx.html

If you capture a sample of the suspicious file and submit it to these sites, they will run it through a variety of AV products and you will see which ones would be likely to work............it would be a waste of time to run any of those that do not report it as malware.;)
danseur35
February 16th, 2007, 05:26 AM
thankyou nihil,
will try those.
yes it was a poor use of words,
I mean't they couldent delete it.
even after reboot.
d35
nihil
February 16th, 2007, 07:19 AM
OK d35, I understand you now :D

Please get this utility if you have problems with deleting anything:

http://www.diamondcs.com.au/index.php?page=apt

It is free :)
DaGnome
February 19th, 2007, 01:30 AM
I had the same problem. Check windows\system32\drivers\ndis.sys, mine was
patched to about 260 kb, should be 179 kb. If it is patched, reboot to safe mode, copy correct ndis.sys from dllcache to drivers, delete cp1041.nls,
reboot and hopefully the problem is gone.
This fixed the problem on my computer, but use at your own risk.

/DaGnome
danseur35
February 22nd, 2007, 01:48 AM
I tried the lot,
the owner did'nt want to try anymore.
this was a school loaner box.
had to reformat, loaded him with as/av ware.
keeping my fingers crossed. I was going to add site blocker,
unfourtunatly, he wiped his broser history so I never did find out where he
got it. I think I got a copy to send virustotal, but I am going to wait until I get a sacraficial box. It was to hard to kill to risk lossing on a good one.
as allways THANKYOU! to all who tried.
end it.
d35