TR/FraudPack.amgb

bonzo · 25 Feb 2010 at 04:00

Currently using

Win XP pro SP3
Avira
Malwarebytes
SAS
Spybot

Avira flagged up the above trojan, TR/FraudPack.amgb, so far there's about 10 events it detected and quarantined,

and just one of these..

TR/Dldr.Zlob.AK

I did a system restore clear out, temp files, etc

Then logged into safe mode as admin to turn sys retore off, and basically i get the message that there's an error, and i cant turn off sys restore. ?

Is that part of what this trojan does, so that it can keep coming back ?

Virus or unwanted program 'TR/Dldr.Zlob.AK [trojan]'
detected in file 'C:\Documents and Settings\pete\Local Settings\Temp\Zsk.exe.
Action performed: Move file to quarantine

Virus or unwanted program 'TR/FraudPack.amgb [trojan]'
detected in file 'C:\System Volume Information\_restore{40DD03A2-13EE-4271-A24D-D00D34316870}\RP161\A0041929.exe.
Action performed: Move file to quarantine

bonzo · 25 Feb 2010 at 20:40

Well i've deleted IE8, which i never use anyway. It wasnt my default browser, as i use FF. I managed to turn off sys restore

The nasties mentioned have stopped, but now i get ...

Virus or unwanted program 'HTML/Infected.WebPage.Gen [virus]'
detected in file 'C:\Documents and Settings\pete\Local Settings\Temporary Internet Files\Content.IE5\C5LC72ZX\CAZMSRFD.htm.
Action performed: Move file to quarantine

Its listed as Malware, but none of the malware progs got rid of it, or even found it, after scanning

Diggsy · 25 Feb 2010 at 20:44

Did you try MalwareBytes?

bonzo · 25 Feb 2010 at 21:49

yes mate - got rid of 2 suspicious items, but neither had the names of the above.

Just got another Avira warning about suspicious HEUR/HTML

Found in C/Docs&settings/Pete/Local Settings/Mozilla/FF/profiles/n7u6zevb.default/cache/_CACHE_001

I dont have a clue whats going on here.

bledd · 26 Feb 2010 at 01:31

try nod32

bonzo · 27 Feb 2010 at 01:38

Had some luck it seems, ran combofix - and then downloaded noscript, and it all seems to be ok

Except for one website where any images / avatars / all icons, are not visible. All i can see is the text.

This problem is only affecting that one webstie. Tried opening the site with a different browser, same thing.

Checked under page info and everything is set ' allowed ' and images not blocked.
I think i must have been a criminal in my past life or something. I get the weirdest problems - must be karma :cool: