Downloader.qdown.c trojan (help!)

[Thorin Hammer]

AVG found Downloader.Qdown.C trojan in what looks to be a restore folder that I can't find (it is hidden), nor can avg scan and find it. Unfortunately, I cant remember the full path to the virus, but it was a DLL file (something like 0000014.dll). I am running XP pro SP1, AMD Athalon 1900xp processor, 512ram, and one hard drive with a partitioned system ghost recovery drive(although at the moment I think it is now gone, but I could be wrong).

My other problem is that I can’t get AVG to do a full scan. It keeps crashing about 2/3 of the way through or a few seconds after it starts. I have reinstalled it in a different directory but that didn’t help. All of this started while I was getting rid of the PSW.Agent.H Trojan (thanks to this site it is now gone). The downloader.qdown.c virus popped up in two places and I went in and deleted them. I put them into the trash and used an eraser program and it said it couldn’t erase them but they were gone from the recycle bin. My system stability has gone way down. About 50% of the time XP will freeze when on the login screen or right after I have put in the password. I have been running virus protection and a firewall (Zone Alarm) since I have had this computer. I have run Spy Sweeper and that found a lot of junk that I deleted. Any help will be greatly appreciated. Sorry if this post seems desperate because I am!

[s7p9a2m4]

The restore folder you mention is your system restore files. You will need to turn off system restore and reboot your pc to purge all the restore info as well as the bugs that live on in there. You can do an online virus scan at trend.
http://housecall.antivirus.com/house...tart_frame.asp

[Jazz]

Hi Thorin Hammer

Turn off System Restore, prior to performing the following and re-enable it after, if you wish to do so: -

http://support.microsoft.com/default...&Product=winxp

Run an online AV scan, as some virii are designed to disable installed AV, as in your problem with AVG. In addition, I take it that you have a quality, updated and properly configured Firewall on your system: -

http://www.pandasoftware.com/active...n_principal.htm

Dl, install, update and run the following free apps: -

http://www.lavasoftusa.com/software/adaware/ (Ad-aware)

http://www.lavahelp.com/howto/fullscan/index.html (Ad-aware Tutorial)

http://www.safer-networking.org/ (Spybot-S&D)

http://www.net-integration.net/reviews/spybot2.html (Spybot-S&D Tutorial)

http://209.133.47.200/~merijn/downloads.html (CWShredder)

I take it you do not use p2p file sharing software such as KaZaA?

[Thorin Hammer]

Ok, so far I have run all the programs listed. Those programs found lots of junk... Adaware found a system registry file that I am wary of modifying. Is it ok to do so? The online scanners kept crashing (2 times each) but finally the Pandasoftware one finished. No viruses.

After I got off of work today I went down to the help desk and they gave me Stinger and McAffe 7. No viruses or trojans... But how do I get my system stability back to where it was? AVG and Microsoft Money (95 version pulled from old computer) still crashes after being open for a few moments. Internet Explorer works fine. What else do you need to know to help me?

And by the way, thank you for all the help so far.

P.S. I just recently stopped using Limewire and I deleted kazaa off my system.

[Play_The_0dds]

after having a virus, or file corruption when you have trouble, reinstall the program that is giving the problems. some programs require you uninstall before you can reinstall, but usually they will just go over the top of the existing program. if windows it's self is causing the error, you can go to start, then run, type
sfc /scannow
drop in your xp cd to replace any system files that it may ask for. at worst you can reinstall xp over it's self without formatting so you wont lose file, drivers, or any of your stuff. if you have a retail copy of xp you can start the reinstall from windows by selecting the upgrade option.

[Thorin Hammer]

When I bought this computer it didn't come with an XP Pro CD only a Systmem Recovery CD. Will this do the trick if I need to reinstall Windows? I am running the scan and it is asking me for the XP CD. Will my System Recovery CD work (I assume not)?

[Play_The_0dds]

some recovery CDs do work, some dont, you can check your C drive for a I386 folder, if you have one you can make a bootable copy of xp from it if you have a cd burner. go to
http://www.bootdisk.com/
look for bootable cd, then bart's way, it has detailed instructions and the files needed to make the cd.

[Jazz]

You have a 'helpful' Help Desk. Most unusual. ;-)

First and foremost, dl the following free program and run it. It will uninstall the remaining junk KaZaA bundled with its own insidious software: -

http://www.spychecker.com/program/kazaagone.html

Regarding the Ad-aware system registry file, if you are wary modifying it, then leave it. It really is a personal choice. However, the program does have a Restore option. In addition, if you want to modify it, you could always make a backup of your registry and restore it if you encounter any problems.

http://support.microsoft.com/default...b;EN-US;322756

Play_The_0dds recommendation of sfc /scannow was a good idea. Try it using your System Recovery disk/s. Nothing ventured..............

Also, the In-Place Upgrade (Reinstallation) of Windows XP was another good idea, as per the following link: -

http://support.microsoft.com/default...b;EN-US;315341

However, you would require an original hologramed M$ XP disk with a legitimate Product Key.

In addition, there is also the slim possibility, as per the aforementioned M$ Knowledge Base Article - 315341, you may lose data or program settings after reinstalling, repairing, or upgrading Windows XP.

Finally, and I would double check this with your computers manufacturer, Dell, HP, etcetera, if I were you, that you could Fdisk your HDD and use the System Recovery disk/s to return your computer to a pre-sold, factory installed state, naturally, after backing up all your important data. I see no reason why.

http://www.blackviper.com/Articles/OS/fdisk/fdisk1.htm

Good luck anyway.

[Thorin Hammer]

Thank you all for the advice. I will see what I am able to do and post the results. I ran the sfc /scannow but it wants the XP disk (which I don't have). I dislike the idea of using the system recovery CD (it looks to be the same thing as when making one as Play_The_Odds said).

Blast it, I really hate not getting the actual disk with the purchase of a new pc. I got the little hologram sticker with the product id and registration number, but it still irritates me. I should be able to go to Microsoft’s website and DL the files that the sfc /scannow needs!

As for the virus and trojan makers... They should be chained to a fence and scourged, squirted with lemon juice, and cured with salt!

Now that that is out of my system...

What is the most methodical way to backup data on the computer? I do have the first step complete. I put all important docs and small files (like money accounts, and IE favorites) all saved on a CD-RW. But what else do I need to be concerned about? Is their a list of commonly forgotten backups? Or should I use the backup program that is already on the computer (the one under Accessories/System tools)?

[Jazz]

You're welcome Thorin Hammer.

System Restore disks in no way compare to the original M$ hologramed XP disk, IMO! However, that's an OEM for you.

Now that's a funny one as well. An OEM, Original Equipment Manufacturer, is a term for a company that has a special relationship with computer producers. OEM’s buy computers in bulk and customize them for a particular application. They then sell the customized computer under their own name. The term is really a misnomer because OEM’s are not the original manufacturers; they are the customizers!

Quote:

As for the virus and trojan makers... They should be chained to a fence and scourged, squirted with lemon juice, and cured with salt!

I really would not worry too much, as they will always be around. In addition, once virii are created and put into the 'wild', they are there for all eternity. You may be able to disinfect you computer if you get infected, by say the Sasser and its variants, but the virus itself will be making its way around the world wreaking havoc as it goes along, as so many users are ignorant to computer and internet security in general. So long as it works, that's all that counts, until it gets infected, or crashes, that is. That is merely a personal opinion only, based on my own personal experiences! ;-)

So long as you have a quality AV and Firewall installed, updated at all times and properly configured, you are doing the best you can. Better still, incorporate a NAT enabled Firewall router with the above. The best defence a home user can have, IMO, short of never going online. ;-_

Backing up data is another personal thing. I utilize Norton Ghost 2003. Once I have performed a ‘clean install’ of XP, along with installing various software/programs, tweaking services, settings, etcetera, I then take an image of my HDD. If I ever encounter a serious crash, which I don’t, or feel the need to reformat and perform another clean install 4-6 months later, I just reload the image using my Ghost image backups and I am up and running again in approximately 20-30 minutes. OS, programs, tweaks, etcetera, all installed as per my original specifications. Just back up regularly! You can use the installed M$ Backup service if you want to, however, I have no experience of using that. Or you can just do what you are already doing and backup adhoc to CD’s. Music, films, pictures, programs, etcetera. The choice is yours really.

One last thing. If you are seriously considering purchasing an original XP disk, buy an upgrade. Contrary to popular belief, all you need to have is a qualifying, original M$ hologramed version of Win98/Me/2000 CD in order to do a full clean install. Naturally, if you do not have one, then you will have to purchase the full version.

http://www.michaelstevenstech.com/cleanxpinstall.html

Another thing to remember is that if your Restore Disk has an i386 folder, it will usually work as well. Contact your vender first to confirm that this will definitely work though!!!!!

Good luck anyway.

[Waterworth]

I read this area with interest because I too have the Downloader.Qdown.c trojan horse.
However, no one mentions how to get rid of the thing.
AVG finds it but can't move it to the virus vault. My trojan horse is in C:\Program Files\Common Files\WINTOOLS\BTIEIN.DLL and C:\Windows\SYSTEM32\BTIEIN.DLL
What do I do next? Can I just delete the files without harming something else or do I need to get a new BTIEIN.DLL file to replace the old ones?

[Thorin Hammer]

I deleted those two files before the Trojan popped up in my system restore directory. I am not 100% sure but I think deleting those two files is making my system unstable (please correct me if I am wrong). I haven’t had time to run the sfc /scannow command with my sisters XP cd but I will post the results when I do.

[ScowGuy]

I just got an automatic virus database update to my AVG and the next time it ran, it found the qdownc and disposed of it.

Perhaps you just need the latest update form today?

[Azn_tweaker]

ScowGuy are u infected with this trojan?

[Thorin Hammer]

Well, after a format and clean XP Pro install I am having the same lockup problems. I am beginning to think that it isn't a software problem any more. How do I go about troubleshooting my RAM, Graphics card, motherboard, and processor?
And again, thank you for any input.