Megaleecher.Net

Making technology work for you...

Get Your Free Subscription By Email:

Timul Trojan Downloader Giving Tough Time To System Admin's

Trojan-Downloader.Js.Timul.CV is one of the most annoying trojan I have ever came across, giving me a tough time removing it since past two days, I had tried every single popular Antivirus and AntiSpyware removal tool out there, Kaspersky Internet Security 2009 detects the exploit being executed denying the trojan download but can't remove the download trigger bombarding me with numerous notifications each time a webpage is accessed.

Detected: Trojan-Downloader.JS.Timul.cv

Further investigation revealed similar problems being reported at computer help forums with NO SOLUTION, collecting all the facts from the different sources I found that the cause of the problem is not your computer

but a infected computer on your PC injecting http traffic with malicious trojan downloading script before every page triggering the anti-virus alert.

Exploit HTTP Injection

The Solution:

The first thing you would like to do is to install a good anti-virus blocking the trojan downloader from executing, The infection seems to come from several domains making use of existing security holes in Windows OS to inject http traffic, The only working solution to the problem seems to update all the computers in your network with latest Windows patches.

The most common suspected vulnerability are :

  • Microsoft Data Access Components (MDAC)
  • MPS StormPlayer
  • Realplayer
  • Xunlei Thunder DapPlayer

You can also search Google for the following vulnerabilities known to help this malware:

Adodb.Stream, MPS.StormPlayer, DPClient.Vod, IERPCtl.IERPCtl.1, GLIEDown.IEDown.1

Since, this malware exploits known vulnerabilities, Downloading and installing the latest OS and applications updates is the only solution to the problem.

You can also ask your system admin or ISP to block traffic from these known malicious domains.

v.freefl.info
mx.content-type.cn
ad.5iyy.info
sun.63afe561.info
mx.000b213c.info
ad.8d77b42a.info
free.idcads.info
goodnetads.org
51113.com
update999.cn
50db34d5.info
cn3721.org
rm510.com
sb941.com
ad9178.com
91tg.net

Comments

This malware is damn advanced and very hard to remove, I searched everyhwere and cant get info untill I found this page, superb info I will try the solution and post if it works, Thanks.

i m trying to remove that damn trojan too. but i didnt found anyway too. if anyone finds something about it pls type here... thanks

The solution is posted above, just upgrade all your computers in the network to latest Windows service pack 3 and it will solve the problem, I did it myself and it worked without any problem.

Ugrading the windows system to SP3 and installing all the post hotfixes released by microsoft seems to solve the problem and its the only way to do it.

I downloaded a nasty trojan, I think multiples, that have disabled my administrative rights, hidden my C-Drive, disabled me from downloading any virus removers, etc... Any ideas????

Try booting into safe mode and use removal tools, if that also fails try using this bootable CD with virus removers.

Hope this helps.

I downloaded a nasty trojan, I think multiples, that have disabled my administrative rights, hidden my C-Drive, disabled me from downloading any virus removers, etc... Any ideas????

Listen to me..that has also happen to me, but i have found a different way, the first thing to do is too recovery your whole computer back to normal.

then use this link under to get rid of Malware:

http://wiki.castlecops.com/Malware_Prevention:_Prevent_Re-infection

trust me..it works good...VERY GOOD!!!

(it helps you in so many ways)

Add new comment

This is just one of the many helpful tips we have posted, You can find more stories here,
Do subscribe to updates using your favorite RSS feed reader or using the secure FeedBurner email update form on top of this post.