Slightly different problem

[DonJapan]

Hi, my name is Don and I have a reoccurring virus that comes up whenever I do a cold boot. At the end you will find some of the file names for four days.

I tried something different to issolate the problem.

I always run AVG antivirus daily (free version) and the infected files are put into the vault.

I did not turn off the computer yesterday, it was in stand-by mode. I did a “restart” the next day (today) after updating my virus file. This was not a cold boot. Later I got on the internet as normal. My virus scan started about 2:00 PM. There were no viruses found. I also did a malware scan, all okay. I run the edido.net on line scan.

So I believe that there is a file in the cold start program that adds the Trojan horse to activate iwhen I go online.

I have tried to do a system restore to Dec 25, 28, 17 and Jan 1. This was unsuccessful. I am using Windows XP

I am pretty certain (95%) that my system was clean at the end of the year.


Filename - Partial Path - Discovery

jbhook.dll - Windows\system32 - Trojan horsePSW.Generic2.TLV
A0053194.exe – System Volume Information\_restore{7… - Trojan horse Back Door.Agent.DEO
A0053251.exe – System Volume Information\_restore{7… - Trojan horse PSW.Generic2.TLV
A0053204.exe – System Volume Information\_restore{7… - Trojan horse PSW.Generic2.ACBM
A0053236.exe – System Volume Information\_restore{7… - Trojan horse PSW.Generic2ACBM
A0053238.exe – System Volume Information\_restore{7… - Trojan horse PSW.Generic2ACBM
A0053245.exe – System Volume Information\_restore{7… - Trojan horse PSW.Generic2ACBM
wwww.exe - Windows\system32 - Trojan horsePSW. Generic2ACBM
A0053391.exe – System Volume Information\_restore{7… - Trojan horse PSW.Generic2ACBM


What files should I delete in the registry if any?
I would need complete detailed instructions.

Please help.

 

[cybertech]

Hi Welcome to TSG!!

I've moved you to a thread of your own so please reply here.


Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

[DonJapan]

Dear cybertech,

Okay, I am in a loop when I try to click "here" to download HJTsetup.exe

It always returns to the same screen.

I registered, tried it and a loop.
I restarted, and still a loop.
I went to the botom of the screen and loged in, still a loop.

I think I need a little more detail to download HJTsetup.exe

Is there a prompt for me to save it to the desktop? Or do I have to do a special function?

Thank you for your advice.

donjapan

 

[cybertech]

Try this one: http://www.majorgeeks.com/HijackThis_d3155.html