Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Generic Trojan 17 and XP Security Extra...what a week!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Generic Trojan 17 and XP Security Extra...what a week!

Unread postby tisch28 » March 27th, 2010, 5:28 am

I'm not one for blaming the kids but having lent my laptop to my teenage son earlier this week, it seems to have been returned to me in a rather sorry state. Whilst browsing online on Wednesday night my adaware adwatch live went mad detecting evil things as I was hit with the xp security extra virus. Whatever it was raced through my laptop faster than any scans could catch it and soon I couldn't connect to the web, update any of my malware programmes, or open any exe files. My computer was well and truly trashed. However, I gradually got it up and running by reading these forums each day at work and then coming home and working on it. I used safe mode, managed to update my MBAM and then system scan with that and adaware and spybot S&D.

Upon removing the generic trojan that was found along with lots of other tracking cookies and the like my computer was working better again and seemed much improved. However, despite numerous clean scans, every time I restart the same viruses and trojans return so they're obviously stubbornly hanging on in there somewhere and I'll be blowed if I can track them down! Both IE and Firefox aren't working smoothly with regular redirects from Google and a stubborn refusal to take me to antispyware sites. It's a long struggle of constant retrying to get to this forum but has been worth it's weight in gol so far. On Wednesday I thought my laptop was a goner but I feel a bit more hopeful that I can beat this now! However, I've exhausted all of the things I can do by simply reading other threads so must fall on the mercy of you tech guys and gals out there. will post my HJT report in my next post and hope someone can help.

Currently I have AVG free for anti virus and use spybot S&D, MBAM and adaware for scans. I'm on XP on an Acer Aspire 5633WLMi laptop which is a bit rough around the edges (mostly due to my aforemention "darling" son regularly dropping it!) Cheers everyone in anticipation...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:24:11, on 27/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AC034D-14DF-4AF8-9D02-29E1F56A8235} (Virgin Digital Music Class) - http://www.virgindigital.co.uk/activeX/VirginWMA.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/defaul ... oader1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://games.bigfishgames.com/en_dinerd ... 0.0.48.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://www.shockwave.com/content/bigcit ... Player.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dine ... 0.0.32.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/la ... oader4.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/defaul ... uncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://games.bigfishgames.com/en_cinema ... tycoon.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/diner ... 0.0.93.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bookwo ... v10_en.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe

--
End of file - 9406 bytes





Acer eDataSecurity Management 1.00.26
Acer eLock Management
Acer Empowering Technology framework
Acer eNet Management
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Screensaver
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
Advertising Center
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Big Fish Games Client
Broadband Help
CCleaner (remove only)
Chocolatier (remove only)
Compatibility Pack for the 2007 Office system
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Escape From Paradise (remove only)
Fairy Godmother Tycoon (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iWin Games (remove only)
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Launch Manager
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
mCore
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Basic Edition 2003
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mMHouse
Mozilla Firefox (3.6.2pre)
mPfMgr
mProSafe
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
Nero 9 Essentials
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart OEM
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NTI Backup NOW! 4.5
NTI CD & DVD-Maker
Otto
PC Connectivity Solution
PCFriendly
PowerDVD
PowerProducer
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Roxio EasyWrite Reader
Sandlot Games Client Services
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Shockwave
Sonic Encoders
Spybot - Search & Destroy
Synaptics Pointing Device Driver
T-Mobile Mobile Broadband Manager
Tradewinds Legends (remove only)
Ultimate Mahjongg 5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
Virtual Villagers (remove only)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.4
Vodafone 804SS USB driver Software
Westward (remove only)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
ZENcast Organizer
tisch28
Regular Member
 
Posts: 20
Joined: March 27th, 2010, 5:23 am
Advertisement
Register to Remove

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby askey127 » March 30th, 2010, 8:16 am

Hi tisch,
You have posted for help at more than one forum.
These sites are manned by volunteers who give their time and expertise for free, and they are VERY busy.
Their time is not necessarily worth less than yours.
If you want help here, you need to post at other sites saying that your posts can be closed as you are receiving help here.
Then reply back here that you have done so.
If you do that we will help you here.
If that doesn't happen, this thread will be closed

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby tisch28 » March 30th, 2010, 12:18 pm

Hi askey127,

Thanks so much for replying, I thought I'd been forgotten but your reply explains why I had received nothing but silence here! I didn't realise I couldn't post elsewhere until I got a response at either site, but I understand the rule now and have asked for the thread and my account to be removed on the other site.

I hope this doesn't damage my place in queue for help, and I didn't for a second think my time was more important than anyone elses, I was simply asking for help in several places with the intention of pursuing the solution with whoever was able to help first before withdrawing the question elsewhere.

I hope I haven't offended anyone.

Thanks - Tisch28
tisch28
Regular Member
 
Posts: 20
Joined: March 27th, 2010, 5:23 am

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby askey127 » March 30th, 2010, 2:21 pm

tisch28,
There is quite a bit to do here, but each one should be straightforward. Just easy, one at a time.
First, I would like to clean up some installations on your machine.
Please don't install or remove anything unless I ask you to.
We will start the hunt for malware next post.
If anything fails here, just proceed to the next item, and tell me about the problem when you reply.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bookwo ... v10_en.cab
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/defaul ... oader1.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bookwo ... v10_en.cab

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Adobe Reader 7.0
Ad-Aware Email Scanner for Outlook
Ad-Aware
Spybot - Search & Destroy

Take extra care in answering questions posed by any Uninstaller.

You can re-install Spybot or Ad-Aware after we are done.
If the Spybot Uninstaller asks whether you would like to remove all settings, answer YES.
---------------------------------------------
Symantec did not remove everything as it should. This is a common problem.
To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
--------------------------------------------------------
You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE and click on AdbeRdr930_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

------------------------------------------------------------
Older versions of Java have been vulnerable to malware infections in the past. It is important to install the newest version and make sure all older ones have been removed.
Download the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
It is currently the 1st item on the page (the page changes often), called JDK 6 Update 18
The Item has two download buttons.
Click on the button labeled "Download JRE". Do NOT choose the button labeled "Download JDK"
.
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
----------------------------------------------
Run Temp File Cleaner
Download Temp File Cleaner and save it to your desktop.
Double click to run it.
If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.

Let me know how it goes. I will reply when you tell me you are done with this part.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby tisch28 » March 30th, 2010, 3:55 pm

Hi Askey,

Thanks so much for helping me, I am so grateful.

Okay, I have worked through the steps:

registry items removed ok
uninstalled programs - all ok except for Spybot S&D which said some elements couldn't be removed automatically and would need to be done by hand?
Norton removal tool done
adobe reader updated version done
java updated version done
temp cleaner done

these things happened during the process (they have been happening during the last few days intermitently since I had the Trojans etc)

The "Just-in-time Debugging" pop up asking me to use a script editor. I click to close this and it pops back up, sometimes this can go on 6 or 7 times before it stays away.

My AVG resident shield flashed up for 2 different tracking cookies it had detected. These were: yieldmanager and Atdmt. Both are located in c/docs and settings/network service/cookies/system

Thanks - Tisch28
tisch28
Regular Member
 
Posts: 20
Joined: March 27th, 2010, 5:23 am

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby askey127 » March 30th, 2010, 6:19 pm

tisch28,
Download and install Inernet Explorer 8 from here:
http://www.microsoft.com/windows/intern ... sites.aspx
Reboot your machine if it asks.
------------------------------------------------
Download and Run Rkill
Please download Rkill from one of the following links and save to your Desktop:
One, Two,Three or Four
  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue.
If you cannot get Rkill to run without being stopped, don't proceed further, and post back to tell me about it.
----------------------------------------------------------------------------------
Run MalwareBytes' Anti-Malware
  • Start Malwarebytes' Anti-Malware.
  • Click on The Update tab. Choose Check for Updates.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program is running, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2010-mm-dd(hour-min-sec).txt
-----------------------------------------------------
Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan. Go have lunch. It's not fast, but it is thorough.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.

So we are looking for the Malwarebytes log, and the Report from the Kaspersky scan. Use separate replies if you prefer.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby tisch28 » March 30th, 2010, 6:46 pm

Hi there,

Okay...

latest IE downloaded and installed - I usually use Firefox, do you recommend I stop and now use IE?

rkill downloaded and run fine

MBAM updated and scanning now

Kapersky running now but I will go to bed while this runs and post the results in the morning. I'll then be at work all day but can pick back up when I'm home again.

computer seems a bit faster already although browser still redirecting, particularly google links.


Thanks - Tisch28
tisch28
Regular Member
 
Posts: 20
Joined: March 27th, 2010, 5:23 am

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby tisch28 » March 30th, 2010, 6:52 pm

MBAM clean log below, Kapersky still running, will post in morning, browser still redirecting intermittently.

Thanks :)


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/03/2010 23:50:39
mbam-log-2010-03-30 (23-50-39).txt

Scan type: Quick scan
Objects scanned: 118130
Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
tisch28
Regular Member
 
Posts: 20
Joined: March 27th, 2010, 5:23 am

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby tisch28 » March 30th, 2010, 6:54 pm

Rkill poduced this

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Nicola on 30/03/2010 at 23:40:03.


Processes terminated by Rkill or while it was running:


C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Documents and Settings\Nicola\Desktop\rkill.exe


Rkill completed on 30/03/2010 at 23:40:18.
tisch28
Regular Member
 
Posts: 20
Joined: March 27th, 2010, 5:23 am

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby tisch28 » March 31st, 2010, 2:39 am

The Kapersky scan is completed and came back clean:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, March 31, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, March 30, 2010 14:57:50
Records in database: 3901472
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 78723
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 06:00:13

No threats found. Scanned area is clean.

Selected area has been scanned.
tisch28
Regular Member
 
Posts: 20
Joined: March 27th, 2010, 5:23 am

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby askey127 » March 31st, 2010, 7:34 am

Tisch28,
If your machine is running OK now, I have a TO DO list for you.
-----------------------------------------------------------
Note that if you use CCleaner's Options, Cookies, you can set it to remove all cookies except those from businesses you visit regularly.
-----------------------------------------------------------
Replace the Current HOSTS File with MVPs
Download HostsXpert and unzip (extract) it to your computer, somewhere where you can find it.
  • Double click on HostsXpert.exe to launch the program. Give whatever Permissions are required.
  • In the bottom half of the left pane, click on File Handling
  • If the first button at the top is labeled Make Writeable?, click on it so the label changes to Make Read Only
  • Click third button from the bottom, labeled Download. A couple new buttons will appear at the top.
  • Click on the top button labeled MVPs Hosts and choose Replace
  • When asked to verify if you want to Replace present Hosts file, click OK.
  • When it finishes , click on File Handling again.
  • Click the button at the top labeled Make Read Only, so the label changes to Make Writeable?
  • Hit the X in the upper right corner to exit HostsXpert
If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.
-----------------------------------------------------------
Where you have young, not-too-careful users of the machine, I would do the following:
Go to Control Panel, User Accounts and change the password on your own account so only you know it. Don't allow anyone else to use it.
Also from Control Panel, User Accounts, either activate the Guest account with a password or make a new account.
This new account should NOT be an administrator account, but a LIMITED account.
Tell your guests (kids) to use the new account when using the machine. They will have to arrange their own desktop, and/or e-mail
Use of the new account will prevent many disastrous system alterations from careless surfing.
-----------------------------------------------------------
If you can manage it, in your case I would use a paid antivirus. This is an example of how to do it.
There are other good paid antivirus programs. Kaspersky and ESET NOD32 are a couple.
Click Avira AntiVir Premium, version 10 (without internet connection) from here: http://www.avira.com/en/downloads/downl ... emium.html
(This version is a large file, but can install the program while the machine is offline).
Download the installer and save to your desktop.
The user manual can be downloaded from the same page.
When you pay, they will send a registration key by e-mail for use during installation. Print it out.
Then, unplug your internet cable (or shut off your wireless), and Uninstall AVG.
Double click the Avira AntiVir installer on your desktop and install the new AntiVirus.
After AVG is removed and the new AV installed, plug in your internet cable or turn on your wireless again.
(All of this is so you will not be connected to the internet during the brief time when no antivirus is present).
Let the new antivirus program update itself and run a full scan.
-----------------------------------------------------------
Reset System Restore Points This will prevent any re-infection from old restore points.
  • Click Start > Help and Support
  • Click on ->Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close Help and Support Center.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.
-----------------------------------------------------------
Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.
-----------------------------------------------------------
Check Control Panel, Security Center and be sure it shows Automatic Updates ON, AntiVirus ON, and Firewall ON.

You should be good to go.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby tisch28 » March 31st, 2010, 8:33 am

Hi Askey,

I've picked this up at work so will work through the list when I go home tonight, thanks. My browser was still redirecting this morning, google links going to wrong pages etc etc. Is this is a sign of something still in the system?

Couple of questions I have too:

1. I looked back at my AVG log for the day I got all the viruses and it was a long list, one of which was described as a "backdoor trojan". Having researched this type of trojan I understand it has particular issues with things like online banking etc. Do I need to worry/reset passwords etc?

2. I currently just use the windows standard firewall but have read on these forums about using something else/better. Would you recommend I use a different firewall? If so, which one, and would i need to disable the windows one or run both?

Thanks for all the help, as I say I will run the steps tonight after work and post to let you know how I got on - any advice on the browser redirect would be great :)
tisch28
Regular Member
 
Posts: 20
Joined: March 27th, 2010, 5:23 am

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby askey127 » March 31st, 2010, 9:31 am

tisch28,
We can fix the browser redirect before you do the "TO DO" list.
----------------------------------------------
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

I have not seen any evidence that you had a backdoor on the system. The AVG identification is not conclusive.
If you had a backdoor trojan on the system, there ARE issues that any passwords and account numbers may have been stolen.
My standard response to a verified "backdoor trojan" is this:
Unfortunately, you have a very dangerous infection, with "backdoor" capabilities.
This allows intruders to remotely control your computer, log keystrokes, steal critical system information, and download and execute files.

  • I would counsel you to disconnect this PC from the Internet immediately.
  • If you do any banking or other financial transactions on the PC, or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. This would include contacts like your Internet Provider, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups to which you belong.
  • It would be wise to contact any of the financial institutions directly and apprise them of your situation.
  • Do NOT change passwords or do any transactions while using the infected computer because the intruder may get the new passwords and transaction information.
Once infected with this type of Trojan, the best course of action is to reformat the hard drive and reinstall the Windows Operating System. That is my best advice to you.

Although an attempt can be made to clean this machine, we could not be certain afterward that it was truly clean, secure, and trustworthy.
In some cases, removal of these malware files can result in a system which does not work properly, and a reformat/re-install of Windows would become mandatory.
Because of the infection's backdoor functionality(i.e., remote control capability), the basic security of your PC is likely compromised, and there is no way to be sure it can ever again be trusted.

The following articles may be of assistance in your decision: Should you have any questions, please feel free to ask.

Please let me know what you would like to do in your next post.
This is not an attempt to alarm you, just the facts you asked about concerning "backdoors".

If you would like to install a firewall, click on our downloads page ("Downloads" button at the top of the page here) and look at the free firewalls.
They do a better job than the Windows firewall against any infection "phoning home".
If you decide to install one, do it last, after everything else is done, or you will have to answer a lot of questions while you change your system with downloads and and installations.

Let's see if the Gooredfix.txt log shows the redirects. We have other tools to reveal the issue, if necessary.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby tisch28 » March 31st, 2010, 2:17 pm

Hi there Askey, my wonderful helper!

Okay, I'm home and have run the Gooredfix, result below. I haven't started the "to do" list yet, but will do once you give the ok. Hopefully AVG was wrong about the backdoor trojan, I checked in the log and this was where it thought it was:

"Object name";"C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP697\A0164366.exe"
"Detection name";"Trojan horse BackDoor.Generic12.AUKH"
"Object type";"file"
"SDK Type";"Core"
"Result";"Moved to Virus Vault"
"Action history";"Moved to Virus vault"


Here is the gooredfix result:

GooredFix by jpshortstuff (08.01.10.1)
Log created at 19:12 on 31/03/2010 (Nicola)
Firefox version 3.6.2pre (en-GB)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [12:04 08/02/2007]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [20:25 18/12/2008]
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [19:46 30/03/2010]

C:\Documents and Settings\Nicola\Application Data\Mozilla\Firefox\Profiles\t9nj58ll.default\extensions\
staged-xpis [08:05 20/02/2010]
{20a82645-c095-46ed-80e3-08825760534b} [07:18 03/09/2009]
firefox@ghostery.com [08:08 20/02/2010]
{73a6fe31-595d-460b-a920-fcc0f8843232} [21:22 22/03/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [08:08 20/02/2010]
{1AF3FC34-0725-4485-A939-6B40EB7CA96A} [20:30 25/03/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [11:04 27/02/2010]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:44 09/08/2009]
"ff-bmboc@bytemobile.com"="C:\Program Files\T-Mobile Mobile Broadband Manager\addon" [10:56 26/12/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:46 30/03/2010]

-=E.O.F=-
tisch28
Regular Member
 
Posts: 20
Joined: March 27th, 2010, 5:23 am

Re: Generic Trojan 17 and XP Security Extra...what a week!

Unread postby askey127 » March 31st, 2010, 3:36 pm

tisch28,
Any trojan identified as a heuristic means it is identified, not positively, but as having a similar pattern of some kind. This carries lots of mis-identifications, and is not itself a reason to reformat.

Don't run your TO DO list yet.
-----------------------------------------------
Run the RSIT Scanner
Please download the scanner from here and save it to your desktop. The icon will be named RSIT.exe
Doubleclick the RSIT icon.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Both files will be saved here -> C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.
They are fairly big. That's normal.
Thanks,
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 304 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware