1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan Horse Virus

Discussion in 'Virus & Other Malware Removal' started by SamIam, Feb 4, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. SamIam

    SamIam Thread Starter

    Joined:
    Nov 17, 2003
    Messages:
    33
    Okay, i used the avg program, and it detected the virus
    i had. I chose to put them in a vault. So now my question is
    should i just leave them in the vault, or should i completely
    delete them?

    Thanks,
    Sammie
     
  2. tom_the_guy

    tom_the_guy

    Joined:
    Jul 17, 2004
    Messages:
    78
    delete, erase, throw out, drown, kill, absolutely get rid of it.
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,781
    First Name:
    Frank
    Download and unzip HIJACKTHIS 1.99.0 to a folder of its own(not a temp folder), run a scan with it, save the log, then post the entire contents of the log here.
     
  4. SamIam

    SamIam Thread Starter

    Joined:
    Nov 17, 2003
    Messages:
    33
    Im feeling a little stupid here, but i cannot figure out how to save HJT into a permenant
    file, it keeps saying i have saved it in a temp file.
    Here is my log from a temp file, hope it will work.

    Thanks,
    Sammie




    Logfile of HijackThis v1.99.0
    Scan saved at 11:28:16 AM, on 2/5/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\WINRAR\WINRAR.EXE
    C:\WINDOWS\TEMP\RAR$EX05.593\HIJACKTHIS.EXE

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [PIOLET] C:\PROGRAM FILES\PIOLET\PIOLET.exe SILENT
    O4 - HKCU\..\Run: [Registry Cleaner] "C:\PROGRAM FILES\REGISTRY CLEANER\REGCLEAN.EXE"
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: PowerReg Scheduler V3.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...579ae9d9555d:520254c6ae31119456192437fc021adc
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
     
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,781
    First Name:
    Frank
    Open the C:\PROGRAM FILES folder and click File - New - Folder. Name it HijackThis. Move the "HijackThis.exe" file and all the other files from the C:\WINDOWS\TEMP\RAR$EX05.593 folder into the new folder.

    Once you've done that, open the C:\WINDOWS\TEMP folder. Highlight and delete everything in the TEMP folder.

    ---------------------------------------------------------------

    Click Start - Run, type in MSCONFIG, then click OK - Startup(tab). Uncheck the following:

    PIOLET.EXE

    REGCLEAN.EXE

    MSNMSGR.EXE

    WINRAR.EXE

    POWERREG SCHEDULER


    Once you've done that, click Apply - OK, then reboot when prompted to.

    Other than SCANREGISTRY and SYSTEMTRAY, very little else needs to run in the background.

    ----------------------------------------------------------------

    You're using PIOLET, which is a peer-to-peer file sharing client. You also have no antivirus program installed and running in the background. Between the two, you're asking for trouble.

    ----------------------------------------------------------------

    Open the C:\WINDOWS\DOWNLOADED PROGRAM FILES folder. If any of them are marked as "Damaged" or "Unknown", delete them.

    ----------------------------------------------------------------

    Once you've done the above, post a new log here.

    ----------------------------------------------------------------
     
  6. SamIam

    SamIam Thread Starter

    Joined:
    Nov 17, 2003
    Messages:
    33
    Okay, i think i did it right...........here it is.

    Thanks a bunch for the help!

    Logfile of HijackThis v1.99.0
    Scan saved at 6:54:54 PM, on 2/5/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\HIJACKTHIS\RAR$EX00.527\HIJACKTHIS.EXE

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...579ae9d9555d:520254c6ae31119456192437fc021adc
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
     
  7. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
    Now you can have hijack FIX the following by ticking each one and then fixing them

    O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...92 437fc021adc
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab

    Your log is not showing a Firewall or an anti-virus ....please confirm whether you have either of these ?
     
  8. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,781
    First Name:
    Frank
    Your list of running processes has been trimmed down and looks much better. (y)

    There is one more that you can uncheck and disable in the MSCONFIG "Startup" tab:

    MSTASK.EXE

    I would also recommend that you go into the Power Options icon in the Control Panel and set the power scheme to "Always On" and set everything else to "Never". This will prevent your computer from using the standby, suspend, hibernate, etc. options, but your computer will run better with these features turned off. Once you do that, go can also uncheck and disable both LoadPowerProfile entries in the MSCONFIG "Startup" tab. (y)

    ----------------------------------------------------------------

    You do really need to have a full-time antivirus program installed and running in the background. Stay away from McAfee and Norton. :mad: Grisoft AVG 7.0 is a good one, and it's free. ;)

    ----------------------------------------------------------------
     
  9. SamIam

    SamIam Thread Starter

    Joined:
    Nov 17, 2003
    Messages:
    33
    I dont have an anti virus or firewall. Can you recommend some good ones?


    Thanks for the help everyone, i did everything that was mentioned.
     
  10. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
  11. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,781
    First Name:
    Frank
    Grisoft AVG Free Edition 7.0

    Sygate Personal Firewall 5.6

    Both are free.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/326872

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice