Trojan disguised as link to Facebook Photo

I don’t know if my sister was the one who downloaded the trojan into our computer. Nonetheless, our computer is infected of what I suspect to be a trojan. It affects my messaging clients such as Yahoo! Messenger and Skype and controls them to send out links to said trojan file. Here is the link:

I’ve scan our laptop with Avira (nothing turned up), and as of this writing, with Malwarebytes’ Anti-Malware. I don’t know how else I’m to rid of this infection. Any suggestions?

Link removed by moderator please do not post Malware links on the forum.

Have you tried HitmanPro?

I haven’t, but I’ll give that a try.

As for the result of the Malwarebyte’s scan, 3 trojans were detected. 2 were related to Java’s updaters, although I don’t know why. It seemed the third one is in the registry, but I could only gather so much. I tried removing the three to no avail–an error message appeared and before I knew it the laptop was shutting down. I couldn’t boot the laptop at first, so I feared it was a hard disk crash, but now we have it up and running. I wonder what went wrong.

Can you post the malwarebytes logfile?

Also have a look at this post please:

maybe a bootable av disk would help such as dr.web or kaspersky

Ronny, this is the log file. Thanks for the link, by the way.

Malwarebytes’ Anti-Malware 1.46

Database version: 4329

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/20/2010 6:03:57 PM
mbam-log-2010-07-20 (18-03-57).txt

Scan type: Quick scan
Objects scanned: 210954
Time elapsed: 31 minute(s), 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Users\Public\jusched.exe (Trojan.Downloader) → Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java developer script browse (Trojan.Downloader) → Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Public\jusched.exe (Trojan.Downloader) → Delete on reboot.

A boot able disk should be able to get rid of these… let’s she what turns up…

Facebook is full of horrible stuff. In the future, just chat with friends, message them, update stuff if needed, then log off. The apps lead to nothing but trouble.