1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan/ Rootkit infection

Discussion in 'Virus & Other Malware Removal' started by luser, Sep 25, 2008.

Thread Status:
Not open for further replies.
  1. luser

    luser Thread Starter

    Sep 25, 2008

    I have some sort of trojan/ rootkit installed...
    It happened about month ago, but I was away for holidays so I started fighting with this issue few days ago.
    First sign was "bad image" message when trying to run ZoneAlarm and Quicktime. I did a scan using another antivirus (I was using Avira Antivir as my main av) and it found some trojan.gen malware.
    I don't remember exact names, because I used multiple scanners and they used different names (I think one of it was trojan.agent something), anyway I was unable to find any detailed information about them. I run about 10 different AV and my system was clean... But after connecting to the Interned my AVG found psw.onlinegames.atno in C:\Documents and Settings\username\local settings\temp
    I made scans with Hijack This (http://www.wklej.org/hash/146b239353/ ), Silent Runners (http://www.wklej.org/hash/04425b0f18/ ), Rootkit Unhooker (http://www.wklej.org/hash/48df3f471e/) and Gmer (http://www.wklej.org/hash/848a26ebb6/ ).
    Two last ones found suspected files. Its name changes after reboots to spuv.sys, spnj.sys, spfg.sys, spby.sys and possibly others. It's impossible to locate this file in file system. I don't know how to get rid of it, I'm not even sure if it's rootkit or something else (I found some foreign sites with suggestions it may be Daemon Tools' file, but I uninstalled it and the file was still there).

    Thanks in advance for help!

    P.S. There is no Combofix log, because it freezes for me on "restarting your computer, please wait".
    P.S. 2 Sorry for my English
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/753334

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice