1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojans are evil...

Discussion in 'Virus & Other Malware Removal' started by cattouf, Jan 21, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. cattouf

    cattouf Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    27
    I had no idea where to post this because i didn't find a forum for it specifically...but i need help with my computer. The problem is a Trojan...it infiltrated my computer and is now really annoying me...i don't know whats the name of this Trojan but i know what it does. It took me a couple of hours to realize what it does and its REALLY REALLY Annoying.

    This Trojan resets my computer to the way it was before i Shutdown my pc meaning i can change anything on my pc without it being changed back asa i restart my computer. For those who know what Deep Freeze is it does exactly what deep freeze does when i restart my computer

    So can anyone help me? to search and destroy this problem before i go crazy...I've already backed up most of the files on my HardDrive so I'm taking into consideration that i might have to format my computer, but that is my last resort.

    I will try anything to take this off but if someone could help me find its name...and how to remove it, I would really really appreciate any kind of help on this
    Thank you for taking your time to help me with this.

    ps: i had no antivirus when i got the trojan...is it hopeless? and i cant even install one now that ive got the trojan...
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Please do this, it's the first step to clean it up:

    Click here to download HJTsetup.exe
    • Save Hijackthis.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • At the top of the Notepad HJT log screen, hit EDIT then SELECT ALL then click EDIT and then click COPY, doing that copies the text to the clipboard, you won't see it yet....
    • Open a TechSupportGuy forum Reply window for this thread, to have ready to paste the Hijackthis log into. Click once to place the typing cursor in the reply window.
    • At the top of your TSG/browser window, hit EDIT then PASTE
    • You should see your copied Hijackthis log appear in the reply space....then, submit the reply
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    There is no rush at least on our end, fixing these things sometimes takes a good space of time so plan on your end what would be convenient for you.
     
  3. cattouf

    cattouf Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    27
    Ok i did what u told me to do here it is :

    Logfile of HijackThis v1.99.1
    Scan saved at 1:40:12 PM, on 22/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.myconcordia.ca/
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130950952031
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    Thank you for your help much appreciated XD
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi,

    Download ATFCleaner

    by Atribune & save it to your desktop. DO NOT use it yet. We will use it in Safe Mode, later

    * Restart your computer into safe mode now.To get into the Windows 2000 / XP Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu"
    Use your arrow keys to move to "Safe Mode" and press your Enter key.

    Next, start up ATFCleaner:

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    Restart

    You didn't post whether you could run online scans, so try>


    Run Panda ActiveScan here

    Once you are on the Panda site click the "Scan your PC" button.
    A new window will open... click the "Check Now" button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address.
    Select either Home User or Company.
    Click the big "Scan Now" button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
    When download is complete, click on "Local Disks" to start the scan.
    When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.

    Post a new HiJack This log along with the results from ActiveScan.

    Also, this log may help>

    On the first window of Hijackthis, find the Misc Tools button (might be Config first> then Misc Tools) then find in Misc Tools "Open Uninstall Manager" and hit Save List> copy and paste the entire list into a reply.
     
  5. cattouf

    cattouf Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    27
    The thing is if i restart my pc all the things ATF removed will come back, right now im in safe mode with networking so im wondering if i run panda scans this way will be a huge difference?

    At the moment i am scanning my computer with panda software but in safe with networking it seems to be working fine & as soon as its done ill post the report of the scan and the Hijack This report just as you asked.
    The only problem there is doing all this in safe mode is that all the windows are incomplete especially that Panda Scan one there are some things i cant even see because the window is small.
     
  6. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, That should be fine, as long as it is scanning and you save the results and post them.
     
  7. cattouf

    cattouf Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    27
    That was one long scan at least it found everything here is the Panda Scan Report :

    Incident Status Location

    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt[.hitbox.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt[.247realmedia.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt[.go.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt[.ehg-dig.hitbox.com/]
    Adware:adware/secure32 Not disinfected C:\WINDOWS\country.exe
    Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\kl.exe
    Virus:Trj/Agent.CPC Disinfected C:\WINDOWS\system32\Ferra.exe
    Adware:adware/cws Not disinfected C:\WINDOWS\tool2.exe
    Adware:adware/webattaker Not disinfected C:\WINDOWS\uniq Here is the most recent Hijack This report:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:55:24 PM, on 22/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gmail.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\Turkey\LOCALS~1\Temp\isDel.bat"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130950952031
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    Here is the uninstall manager log:

    Ad-Aware SE Personal
    Adobe Reader 7.0.8
    Half-Life(R) 2
    Hijackthis 1.99.1
    HijackThis 1.99.1
    iPodRip
    J2SE Runtime Environment 5.0 Update 4
    LimeWire 4.10.9
    LiveAdvisor (Symantec Corporation)
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    Microsoft .NET Framework 1.1
    Microsoft Office FrontPage 2003
    Microsoft Office XP Web Components
    Microsoft Project 2000
    Mozilla Firefox (2.0.0.1)
    MSN Messenger 7.5
    Nero 6 Ultra Edition
    NOD32 antivirus system
    NOD32 FiX v1.9
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    NVIDIA Drivers
    Panda ActiveScan
    QuickTime
    SAMSUNG CDMA Modem Driver Set
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB929969)
    Steam(TM)
    SweetIM For Internet Explorer 1.0a
    TeamSpeak 2 RC2
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Ventrilo Client
    VideoLAN VLC media player 0.8.2
    Vodafone 804SS USB driver Software
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893086
    WinRAR archiver

    Should i keep my pc in safe mode? or can i restart it? Remember when i restart i loose all my files and logs i saved to my computers so...idk what to do
     
  8. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Stay just as you are, I am looking up some things, may take a bit
     
  9. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, You will need to save these directions that cover the work to do in Safe Mode, just in case you get to work in that mode that is...

    In Safe Mode with networking you do have access...save the steps or don;t your choice...

    Download AVG Anti-Spyware from HERE and save that file to your desktop.

    When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
    4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
    • Launch AVG Anti-Spyware by double clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • AVG will now begin the scanning process. Please be patient as this may take a little time.
      Once the scan is complete, do the following:
    • If you have any infections you will be prompted. Then select "Apply all actions."
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
    • Close AVG Anti-Spyware and reboot your system back into Normal Mode.

    Then sorry but we need a new Panda scan> save the activescan.txt file as you did before and post it.


    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Post all 3 logs and use two replies if you need to.
     
  10. cattouf

    cattouf Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    27
    Hi, but rebooting this pc back into normal mode will make me loose all info gained this far, before i do that are u sure theres nothing else i can do in Safe mode? or something else u need? Before i reboot?
    I believe that the AVG is almost done, after the log can't i just run the panda scan directly? Instead of rebooting or it will be the same exact log as the one i posted earlier !
     
  11. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, I was hoping we would accomplish something by running AVG...but, if you disagree, do it your way....

    Run a Panda scan and save the results and post them along with the newest AVG results, and new Hijackthis log.

    Eventually, you are going to have to come out of Safe Mode, but for now I guess you can stay there.

    If my directions contain restart just ignore them.
     
  12. cattouf

    cattouf Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    27
    Well i trust you ! You seem to know your thing.
    I think if i disagree with someone with a lot more knowledge on a subject i hardly know anything about would be a stupid choice, so ill do as you say and go back in normal mode then run Panda Scan !
     
  13. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Whoaaaa post the AVG log at least !!!!

    You could also try simply deleting these files

    C:\WINDOWS\country.exe
    C:\WINDOWS\kl.exe
    C:\WINDOWS\system32\Ferra.exe
    C:\WINDOWS\tool2.exe
    C:\WINDOWS\uniq

    Then go scan at Panda


    Have you just uninstalled any Norton programs?
     
  14. cattouf

    cattouf Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    27
    I uninstalled all the norton...but since it keeps coming back i stopped deleting it heres the log u wanted finally:
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 8:47:06 PM 22/01/2007

    + Scan result:



    C:\System Volume Information\_restore{8B4E9763-A2E1-4694-AB4C-079E7835AED9}\RP399\A0192896.dll -> Adware.BHO : No action taken.
    C:\WINDOWS\secure32.html -> Adware.Generic : No action taken.
    E:\Thierry\NOD32 Antivirus System v2.56.7 and Crack\NOD32 Antivirus System v2.56.7 Final.exe -> Dropper.FC.i : No action taken.
    :mozilla.34:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.35:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.36:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.66:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.21:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
    :mozilla.56:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
    :mozilla.67:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.68:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.22:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.23:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.70:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.71:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.72:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.73:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.40:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
    :mozilla.29:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.41:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\c4ivm6t4.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    C:\System Volume Information\_restore{8B4E9763-A2E1-4694-AB4C-079E7835AED9}\RP399\A0193328.exe -> Trojan.Small.js : No action taken.


    ::Report end

    Now im going to restart my pc back into normal mode

    Ps: I tried deleting those files you told me to delete i was capable of deleting all except the Ferra.exe which is the trojan & the uniq file

    I forgot to add that the trojan came with this file that i downloaded:
    E:\Thierry\NOD32 Antivirus System v2.56.7 and Crack\NOD32 Antivirus System v2.56.7 Final.exe -> Dropper.FC.i : No action taken.
     
  15. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, It still is not taking any action, it is supposed to quarantine what it does not clean, are you sure you have these settings correct in AVG Antispyware???

    Or it could be you are not clicking the right things when the scan finishes, you need to tell it what to do

    """Select....."Apply all actions"""


    You will have to rescan!

    Pay attention to this>> You were posting here during the scan. It's already difficult enough with you having to use Safe Modw with networking, but try to not do anything else,at all, while the AVG program is scanning!!!
    I cannot help you if you will not listen!

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:





    Scanning isnt going to do any good at all unless the program does something with what it finds.....

    Now, I see this file it found on your E:/ drive, is that a flash USB drive, or just what is it?

    E:\Thierry\NOD32 Antivirus System v2.56.7 and Crack\NOD32 Antivirus System v2.56.7 Final.exe -> Dropper.FC.i : No action taken

    Someone downloaded a fake program, or crack, and it is infected. Please tell me what E:/ drive is.

    The file found before, C:\windows\system32\ferra.exe was Disinfected, so it does not matter if you could not delete it we
    will get it later.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/537223

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice