1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan.zlob

Discussion in 'Virus & Other Malware Removal' started by DINAMO788, Feb 5, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. DINAMO788

    DINAMO788 Thread Starter

    Joined:
    Feb 5, 2007
    Messages:
    34
    hey guys. i just got this problem too and followed MFDs steps and i followed everything in your first set of instructions but with the killbot stuff i didn't see some of the things you said should pop up or didn't understand it or w/e.

    im not super techy but i know basics. i got really scared because first my windows security center kept saying i have a bunch of spyware, then one time it mentioned a virus, after that it mentioned a worm with a high risk level. the only antivirusi have is symantec which i got for free and its not picking up any problems however i DL'd the free version of webdoctor for just a scan and it found almost 400 things.


    so i dont know if i should delete ixt0.dll because its in my system32 folder and i dont want to mess up windows....but spybot is the only thing thats detecting it so far but cant delete it. yea i just scanned it again its SmitFraud-C. in my C:\windows\system32\ixt0.dll

    so yea its still there any other advice? is it safe to just delete ixt0.dll?
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi Welcome to TSG!!

    I've moved you to a thread of your own so please reply here.


    Click here to download HJTsetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. DINAMO788

    DINAMO788 Thread Starter

    Joined:
    Feb 5, 2007
    Messages:
    34
    ah thanks but please delete my last post in the other thread. i didn't want to needlessly create a new thread. i was afraid i broke a rule and had my post deleted :p.


    ok i'll try this when i get back home.

    quick question though, when this first arised it continuously said i have a bunch of spyware then windows securty center said i have a virus, then they called it a trojan and then they said it was a worm. i ran some basic scans with spybotS&D. i have symantec but thats didn't find anything! so after a spybot sweep i just did a system restore and aside form ixt0.dll my computer seemed ok but im having a hard time believeing a system restore would get rid of my virus/trojan/worm
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I deleted the post in the other thread.

    It is impossible to help two people in the same thread, that's why we split you off to a thread of your own.

    :)


    Do this too:

    Please download (save) SmitfraudFix (by S!Ri) to your desktop.
    Extract the content (a folder named SmitfraudFix) to your Desktop. Select all of the contents and Extract them
    to a new folder called SmitfraudFix.
    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    Post both the HJT log and the results from this scan.
     
  5. DINAMO788

    DINAMO788 Thread Starter

    Joined:
    Feb 5, 2007
    Messages:
    34
    is that spykiller site down?


    also the smitfruadfix said:
    SmitFraudFix v2.138

    Scan done at 0:28:28.73, Tue 02/06/2007
    Run from C:\Documents and Settings\Compaq_Administrator\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\ismini.exe FOUND !
    C:\WINDOWS\system32\ixt?.dll FOUND !
    C:\WINDOWS\system32\ixt??.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Administrator


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Administrator\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    also if i get rid of this my computer will be safe?
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.



    Please post the C:\rapport.txt and a new HJT log in your next reply.
     
  7. DINAMO788

    DINAMO788 Thread Starter

    Joined:
    Feb 5, 2007
    Messages:
    34
    lol did you copy and paste that from that MFD guy because i already did this and i dont think i saw anything about wininet.dll.

    i posted my reply in the other thread when i did this but if you want i can try again.


    and again is that hijack site that you wanted me to download JHTsetup still down?
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Yes, I would like you to download the program again and run option 2. Post the C:\rapport.txt and a new HJT log in your next reply.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/541464

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice