HI, my computer has been infected by TrojWare.Win32.GameThief.Magania.~YB@225330048 for about 2 weeks now, Comodo has tried to clean it, but it stays on and just appears on some other exe. I have tried to clean it with comodo cleaning essentials, but same results and my computer is getting ripped apart program by program, but the virus lives on. Malwarebytes does not detect this virus at all, and most other anti-virus programs also fail. Need big help, please.
====== System Information ======
Computer Name: DRAGON-BLAZE
Log on User: David
Memory Size: 2.00 GB.
Windows Directory: C:\WINDOWS
Windows Version: Xp (32bit)
CCE Version: 1.7.192479.98
====== Cleanup results ======
E:\Program Files\CDisplay\CDisplay.exe TrojWare.Win32.GameThief.Magania.~YB@225330048 VIRUS Disinfect OK
E:\Program Files\CDisplay\CDisplay.exe TrojWare.Win32.GameThief.Magania.~YB@225330048 VIRUS Disinfect OK
and
====== System Information ======
Computer Name: DRAGON-BLAZE
Log on User: David
Memory Size: 2.00 GB.
Windows Directory: C:\WINDOWS
Windows Version: Xp (32bit)
CCE Version: 1.7.192479.98
====== Cleanup results ======
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe TrojWare.Win32.GameThief.Magania.~YB@225330048 VIRUS Disinfect OK
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe TrojWare.Win32.GameThief.Magania.~YB@225330048 VIRUS Disinfect OK
C:\Program Files\CyberLink\Shared files\RichVideo.exe TrojWare.Win32.GameThief.Magania.~YB@225330048 VIRUS Disinfect OK
C:\Program Files\CyberLink\Shared files\RichVideo.exe TrojWare.Win32.GameThief.Magania.~YB@225330048 VIRUS Disinfect OK
C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe TrojWare.Win32.GameThief.Magania.~YB@225330048 VIRUS Disinfect OK
C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe TrojWare.Win32.GameThief.Magania.~YB@225330048 VIRUS Disinfect OK
as examples.
Thanks for any help or light any one can give me on this.
try emsisoft antimalware free version to make a full scan.
you should think about one thing:
after this trojan was able to act on your computer, can you trust in your computer after “the trojan” was removed?
stealers have an agenda.
they steal logins of paid games, steal personal information, steal money informations.
removing them does NOT solve all problems!
if no antivirus but one “finds” it, upload the specific files to virustotal to get many opinions of other antivirus programs. maybe, in the luckiest case, it has been a false positive
EDIT: do i read it right, that cmdagent.exe is infected by this trojan? that would be bad news.
if it is allready able to infect an installed antivirus product, new installed ones would be most likely facing at least the same effect.
I downloaded Kaspersky 2012, and used it from my laptop, that is clean, to create the Kaspersky rescue disk.
After booting my pc with it and letting it do a full scan… it reported a clean system. I then rebooted my pc and then ran Comodo Cleaning Essentials, this was the result:
====== System Information ======
Computer Name: DRAGON-BLAZE
Log on User: David
Memory Size: 2.00 GB.
Windows Directory: C:\WINDOWS
Windows Version: Xp (32bit)
CCE Version: 1.7.192479.98
Lol, CCE has killed Comodo Internet Security and the Geek helper service, so for a test, i installed Kaspersky, and ran a full scan, it found nothing. I also ran killswitch and looked in the quick repair, nothing there to report.
I ran PSC-exam and could see nothing out of sorts and have attached the report.
Now I’m going to run CCE again and see all those flashing warnings… lol.
kk, after all the above I downloaded and ran a freash copy of CCE and this is the result:
====== System Information ======
Computer Name: DRAGON-BLAZE
Log on User: David
Memory Size: 2.00 GB.
Windows Directory: C:\WINDOWS
Windows Version: Xp (32bit)
CCE Version: 1.7.192479.98
====== Cleanup results ======
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\DisableSR System Restore.Disabled@0 SYSCHANGE Ignore OK
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe TrojWare.Win32.GameThief.Magania.~YB@225330048 VIRUS Ignore OK
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe TrojWare.Win32.GameThief.Magania.~YB@225330048 VIRUS Ignore OK
So the only program that detects it is CCE, CCE then has taken out my system programs, anti virus etc, but even if i boot from a boot disk CCE can detect it, but nothing else can.
Any ideas?
on a side note, is this a real virus identity? and can any other AV program detect it? where would i actually be able to find the real virus, if it just keeps infecting different files every time the so called infected ones are removed?
how comes it can even show up on a TinyXP OS, run from CD?
I’d like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
•Click the
button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the
icon on your desktop.
•Check
•Click the
button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the
button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Ok, completely wiped my PC, and started again, I finished building my software etc up on sunday, then ran CCE, low and behold… it says I still got the virus. I then ran the ESET online and it picked up my gamecheat program, but nothing else. I have an idea that maybe it is picking up on my Windowblinds program, as I remember having a lot of trouble with Comodo internet security earlier on, until Comodo fixed it. CCE only finds the virus in files in memory, that I have opened, and the more things I open, the more files it tags as having the virus. I am about to check this out. Will post the results later on.
Hi all, and sorry about this, I un-installed Windowblinds and re-booted my PC, then ran CCE again, results:
====== System Information ======
Computer Name: DRAGON-BLAZE
Log on User: David
Memory Size: 2.00 GB.
Windows Directory: C:\WINDOWS
Windows Version: Xp (32bit)
CCE Version: 1.7.192479.98
====== Cleanup results ======
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\DisableSR System Restore.Disabled@0 SYSCHANGE Disinfect OK
The error shown is because i always have the system restore off as viruses tend to go in there and keep re-installing themselves, any way, no more gamethief virus alerts, so my conclusion is that CCE does not like Windowblinds.
thanks for all your support and ideas, my pc has been re-built and runs like a dream, lol. thank god I keep back ups of everything. LOL.
+1 to this solution. I just unloaded WindowBlinds rather than uninstalling, and no more Game Thief alerts.
Very odd, indeed, as if it were a false positive, then I don’t understand why it started moving from program to program. But anyway, all scans run clear now.
