TechSpot

AVG scan detected trojan horses. I did another scan and no threats where found?

By s1ranger
Nov 5, 2008
  1. Hello everyone. Before I start going off about my problems I thought I should let you know that I am not very "informed" when it comes to computers and viruses etc. And I do not understand alot of the help I've been reading on the web so if you could put any answers as simply as possible that'd be great.

    Anyway, I did a virus scan with AVG Anti-Virus 8.0 and the scan detected a number of different Trojans. I am not able to tell you exacally how much and what kind because I have since then closed the scan results. But I do know there where at least 3 trojan downloaders, and then some. Anyway my problem is that I have done another scan with the same program and the results said that I have no threats and no warnings. (save a few cookies, which I am not worried about)
    So, my question is does this mean I have nothing to worry about? I am guessing no, because I do know that trojans don't just go away like that. So if someone could tell me how to find out where they have gone and give me and in-depth simplified walkthrough of how to get rid of them it would be greatly, greatly appreciated.

    Many thanks in advance.


    Okay, I went to the virus vault, (duh) I have one Trojan Horse Generic_c.YSE

    One Trojan Horse Downloader.WImad.E

    and two Trojan Horse SHeur.CHYN

    Please, I need to know how to get rid of them.
     
  2. s1ranger

    s1ranger TS Rookie Topic Starter

    logs

    Hey guys, these are my logs. I hope they are able to help you help me.
    took forever :haha:

    Anyway, please reply soon, time for bed, thanks.:grinthumb
     

    Attached Files:

  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The Mbam logs shows some Trojans removed.

    SuperAntisoyware shows a large number of Tracking Cookies. Have SAS remove them. See the images on this site for guidance on the SAS screens: http://superantispyware.en.softonic.com/images
    Reset Cookies:
    Update Java:
    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below
    The following - modifies the default IE SearchHook. Some Conduit toolbars are reputed to have a certain adware/trackware functionality. Check to remove.
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll [/QUOTE]

    The following indicate that Parental Controls have been set up on this system.- all Windows Vista - Windows Parental Control Related. Have Parental Controls been set up? Do not remove these entries, just verify:
    C:\Windows\System32\wpcumi.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    [/QUOTE]
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot.
    into Safe Mode


    Start> Run> type in 'msconfig' without quotes> enter> Selective Startup> Startup tab> UNCHECK all processes EXCEPT those for AVG> Apply> OK

    Control Panel> Add/Remove Programs> Remove the following if present:
    Reboot into Normal Mode. Scan with HijackThis again and attach new log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...