PC Pals Forum

Technical Help & Discussion => Broadband, Networking, PC Security, Internet & ISPs => Topic started by: mistybear on September 05, 2006, 08:41

Title: Trojanhorse downloader.Swizzor.8.BB
Post by: mistybear on September 05, 2006, 08:41

Does anyone know anything about Trojanhorse Downloader. Swizzor.8.BB

It's in C/System Volume information/_restore{7D90F8FC-7017-4D-3D-B54C-8581A6BA87A4}/RP159/A0045820.exe

AVG picked it up, but can't heal it or delete it.

I have been looking at this freeware, is it any good?

http://www.majorgeeks.com/Trojan_Remover_Database_Update_d4971.html

Title: Trojanhorse downloader.Swizzor.8.BB
Post by: Clive on September 05, 2006, 08:53

Have you tried using Ad-Aware, Spybot search and destroy and Spywareblaster (all free downloads).  I'm sure that one of those should weed it out for you MB.  I have heard only good reports about AVG but I know it can't deal with Swizzor.8.BB since it's basically a virus detector rather than a trojan detector.

Title: Trojanhorse downloader.Swizzor.8.BB
Post by: mistybear on September 05, 2006, 09:04

I didn't realise you could use those for Trojans Clive, but thanks, I think Michael has all of those on his computer, so I'll get him to run them when he gets home.
I guess he will stop giving me grief about my Zone Alarm Firewall now. :laugh:

Title: Trojanhorse downloader.Swizzor.8.BB
Post by: Clive on September 05, 2006, 09:11

Just make certain that you download the latest updates for them because I think your trojan is fairly new.

Title: Trojanhorse downloader.Swizzor.8.BB
Post by: Simon on September 05, 2006, 09:51

I think you'll find that C/System Volume information/_restore{7D90F8FC-7017-4D-3D-B54C-8581A6BA87A4}/RP159/A004 5820.exe is the System Restore folder, so you will need to disable System Restore (Right click My Computer > Properties > System Restore tab) before trying to remove the trojan, or it will keep coming back.  If you do that first, try AVG again, but you obviously haven't got adequate protection, otherwise it wouldn't have got in in the first place.

Title: Trojanhorse downloader.Swizzor.8.BB
Post by: mistybear on September 05, 2006, 10:27

Quote from: "Simon"

but you obviously haven't got adequate protection, otherwise it wouldn't have got in in the first place.

You can only lead them to Firewalls, but you can't make them install them.
(https://www.pc-pals.com/smf/proxy.php?request=http%3A%2F%2Fimg.photobucket.com%2Falbums%2Fv411%2Fhells%2Fmore2%2F3_8_8.gif&hash=7bfd19beb8d5ff7e6b23c176f5003e1668ae7208)(https://www.pc-pals.com/smf/proxy.php?request=http%3A%2F%2Fusers.telenet.be%2Feforum%2Femoticons4u%2Fmad%2F1018.gif&hash=caf38d72b5fdb5a0d85fd0fed5ef318558822a53)

Title: Trojanhorse downloader.Swizzor.8.BB
Post by: Simon on September 05, 2006, 10:38

:grin:

Title: Trojanhorse downloader.Swizzor.8.BB
Post by: mistybear on September 05, 2006, 11:24

Michael ran AdAware and deleted quite a few spyware and tracking cookies.
Then Hijackthis, it apparently came up with a few nasties, which Michael asked it to fix but didn't take note on what they were.
He just finnished doing what you suggested Simon, and AVG came up clean, but just to make sure, he is now running a-squared.

Title: Trojanhorse downloader.Swizzor.8.BB
Post by: Simon on September 05, 2006, 13:49

By disabling System Restore, this deletes the folder where that trojan was lurking, so hopefully it's gone.

Title: Trojanhorse downloader.Swizzor.8.BB
Post by: mistybear on September 06, 2006, 09:01

Thanks Simon, I've been informed that all scans are now clean.

I think he got away lightly, a friends computer that he was laning with, was so badly infected that the hard drive had to be formatted and all information on the C drive was lost.
You would think that would be enough to convince someone that they need a firewall, but no.(https://www.pc-pals.com/smf/proxy.php?request=http%3A%2F%2Fwww.mfbb.net%2Freaper%2Fimages%2Fsmiles%2Ftlab41.gif&hash=54e70b89f2797fc21b5ee057dafc63be28df5481)