Free Malware Removal Forum

[askey127]

eli125,
You have both Symantec (Norton) and Microsoft Security Essentials running at the same time.
Choose one only and uninstall the other. Two antivirus apps running at the same time will actually reduce protection and may cause system instabilities.
IF you choose to Uninstall Norton, you may need to run this next instruction to get rid of leftovers:
---------------------------------------------
Symantec did not remove everything as it should. This is a common problem.
To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
-----------------------------------------------------------
No matter which one you chose to remove, REBOOT(RESTART) Your Machine
-----------------------------------------------------------
Replace the Current HOSTS File with MVPs
Download HostsXpert and unzip (extract) it to your computer, somewhere where you can find it.

• Double click on HostsXpert.exe to launch the program. Give whatever Permissions are required.
• In the bottom half of the left pane, click on File Handling
• If the first button at the top is labeled Make Writeable?, click on it so the label changes to Make Read Only
• Click third button from the bottom, labeled Download. A couple new buttons will appear at the top.
• Click on the top button labeled MVPs Hosts and choose Replace
• When asked to verify if you want to Replace present Hosts file, click OK.
• When it finishes , click on File Handling again.
• Click the button at the top labeled Make Read Only, so the label changes to Make Writeable?
• Hit the X in the upper right corner to exit HostsXpert

If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.
-----------------------------------------------------------
Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.
--------------------------------------------------
Check Security Center
Got to Start, Run.
Type wscui.cpl into the box and hit <Enter>
It should report Firewall ON, Automatic Updates ON, Virus Protection ON.
If any are OFF, choose Manage Security Settings for the item and correct it.

Check to be sure everything is running normally. If not let me know.
If everything looks good, you can delete OTM from your desktop.
You also can uninstall SuperAntiSpyware and PC-Doctor 5 for Windows. You only need one good anti-spyware app.
I would keep Malwarebytes Anti-Malware and update/scan with it every week.

askey127

[eli125]

Hi askey127,

I am happy to report that after following your last instructions my computer is running smoothly, with no alerts in the last couple of days.
Hopefully the trojan is gone for good.

Thank you so much for your detailed guidance and I really appreciate your help. You have saved me the frustration and the many many hours of formatting and re-installing my software and data.

There is one question that is left open for me: Where did the trojan hide itself? Was it in "Ape to MP3 Plus" ???

Thanks again,
Eli

[askey127]

eli125,
Because so much has been removed we can't be certain of all the details, but it looks like this one started it:
C:\Program Files\APE To MP3 Plus\ape-to-mp3-plus.exe
It's a trojan downloader which likely dropped those below onto the system:

C:\WINDOWS\system32\sdra64.exe << this is a trojan which has a lot of functionality and gets locked into the logon process

These are likely related, or used as a repository for data:
C:\WINDOWS\system32\lowsec\local.ds
C:\WINDOWS\system32\lowsec\user.ds

-----------------------------------------------------------
One other thing that is probably a good idea, is to remove any old Restore points that may contain infections:
Reset System Restore Points

• Click Start > Help and Support
• Click on ->Undo changes to your computer with System Restore.
• Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
• Close Help and Support Center.
• Click Start | Run and type Cleanmgr
• Select (C: ) then click OK.
• Click the More Options tab.
• Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.

askey127

[askey127]

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.