TechSpot

Few things to be removed

By KnightofBane
Sep 3, 2006
  1. I have quite a few things I'd like to be removed. I downloaded something two days ago and it came bundled with a bunch of junk so nowI have about 26 viruses weighing around 620kB in my AVG Virus Vault and they keep adding so by the end of today I wouldn't be surprised if I had about 1MB worth of viruses.

    Here is everything I've got and how many files it has infected next to it(note: I'm just scrolling down my virus vault looking at how many times the name appears):

    Trojan Horse.Generic.WUE(8 infections)
    Trojan horse.Pakes.U(5 infections)
    Trojan horse.Dialer.BZB(3 infections)
    Trojan horse Downloader.Generic2.GSS(3 infections)
    Trojan horse Dropper.Agent.BNS(2 infections)
    Trojan horse Downloader.Generic2.CVB(2 infections)
    Trojan horse Downloader.Small.FR(2 infections)
    Trojan horse Downloader.Generic2.JVQ(1 infections)

    I have ewido, killbox and HJT so I'll add my HJT and ewido report in an attachment.

    Thanks

    -KoB
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Make sure you have the latest definition files for Ewido and AVG.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    win125.tmp.exe and any other process that has the same .tmp.exe extension.

    Close task manager.

    Run a full Virus scan with AVG and delete whatever it finds.

    Run a full scan with Ewido and delete whatever it finds.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O1 - Hosts: 70.240.231.200 drempwn.no-ip.info

    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

    O11 - Options group: [INTERNATIONAL] International*

    Fix all 016-DPF entries, Except for any Microsoft/Windows entries.

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post fresh HJT and Ewido logs and let me know how your system is running.

    Regards Howard :wave: :wave:

    This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. KnightofBane

    KnightofBane TS Rookie Topic Starter Posts: 56

    Both logs are in attactchment.

    I'm still getting adware and it's ticking me off because it's porn :/

    Thanks

    -KoB
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    win1DF.tmp.exe
    win1DE.tmp.exe
    win1E0.tmp.exe
    win1E1.tmp.exe

    Close task manager.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    These are the filepaths you need to enter into killbox.

    C:\Documents and Settings\Michael Kelley\Cookies\michael_kelley@adopt.euroclick[2].txt
    C:\WINDOWS\Temp\win1DF.tmp.exe
    C:\WINDOWS\Temp\win1DE.tmp.exe
    C:\WINDOWS\Temp\win1E0.tmp.exe
    C:\WINDOWS\Temp\win1E1.tmp.exe

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post fresh HJT and Ewido logs and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. KnightofBane

    KnightofBane TS Rookie Topic Starter Posts: 56

    Bah got a pop up for WinAntiVirusPro 2006 again. Hopefully ZoneAlarm stopped it.

    Here's some new logs.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT and Ewido logs are clean.

    Download and install Spybot Search & Destroy and Ad-Aware Personal se from HERE and HERE Before running either programme, make sure you have the latest updates. In SS&D click the Imminize button and click Immunize.

    Run Adaware first and delete whatever it finds, then do the same with SS&D.

    Regards Howard :)

    This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. KnightofBane

    KnightofBane TS Rookie Topic Starter Posts: 56

    I have both programs already and I've run them at least like 4 times since yesterday. I have no Spyware, but I'm still getting pop ups.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download and run these four tools. Follow the instructions for using each tool.

    Tool1 Tool2 Tool3 Tool4

    Go to add remove programmes in your control panel and uninstall anything to do with(if there) Winantivirus

    Let me know the results.

    Regards Howard :)
     
  9. KnightofBane

    KnightofBane TS Rookie Topic Starter Posts: 56

    All of those links don't work. Keep getting the Internet Explorer cannot display this page error.

    EDIT: Nevermind had to open in Firefox. I'll let you know when I'm done.

    *double post*

    I'd like to know if I have to boot in safe mode and run these programs? It's quite annoying having to go into safe mode, run it, then go back to regular to get the instructions for the next program etc.
     
  10. tomrca

    tomrca TS Rookie Posts: 1,000

  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run each programme as per the instructions.

    If it says you need to run in safe mode, then that`s what you have to do.

    Regards Howard :)

    Edit: Have HJT fix these entries.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I don`t know to be honest. It wouldn`t hurt to fix them anyway though.

    Regards Howard :)
     
  13. KnightofBane

    KnightofBane TS Rookie Topic Starter Posts: 56

    My trojans are coming back again.

    Is there anyone to remove them from the virus vault? Because they're still infecting my PC even in the vault. And slowly they're dominating my PC. When I reboot they just completely eliminate my toolbar and desktop icons.

    Argh! :/ Forget the adware right now, it's the trojans.
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You can go to the AVG virus vault and delete all the entries there.

    Download and run the Autoruns programme from HERE.

    Post fresh HJT and Ewido logs as well as the Autoruns log.

    Regards Howard :(
     
  15. KnightofBane

    KnightofBane TS Rookie Topic Starter Posts: 56

    No way in hell I'm going to be able to reboot safely without the risk of my computer dying unless these trojans go. Here's all reports.
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run a full system scan with your antivirus programme and delete whatever it finds. This includes the virus vault.

    Run a full scan with ewido and delete whatever it finds. This includes all files in quarantine.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    This is the file path you need to enter into killbox.

    c:\windows\system32\jkkjj.dll

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Let me know the results please.

    Regards Howard :)

    This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. KnightofBane

    KnightofBane TS Rookie Topic Starter Posts: 56

    Alright well you'll get a response from me tomorrow after school because AVG takes over an hour and a half to scan(and in safe mode you can't connect to the internet) and ewido takes about an hour so tonight I'll scan and before I go to bed I'll ewido scan then in the morning before school I'll run killbox.
     
  18. tomrca

    tomrca TS Rookie Posts: 1,000

    hi KnightofBane.
    it seems that you are a regular user of im programmes. could this be where you are getting your problems from? or from p2p programmes? if you use them i think i can assure you, that using avg free version isn't enough., nor is the zone alarm free firewall. zone lab free firewall is pretty good but it is restricted in what services it offers, as is the free avg. you must scan all downloads with more than one AV programme before opening. don't assume that a friend sends you a file over an IM its safe.
    i would like to add this, avg is good, but it doesn't remove as much as the premium version.

    in the time i have been a member of techspot, i have not yet seen the man that is helping you fail to clean a pc, prviding that all the instructions given were followed.
    hang in there!!
     
  19. KnightofBane

    KnightofBane TS Rookie Topic Starter Posts: 56

    No I got it bundled from a silly mistake I made by downloading a harmful file. It was my stupidity so.
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT and Ewido logs are both clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  21. KnightofBane

    KnightofBane TS Rookie Topic Starter Posts: 56

    Still getting pop ups and occasionally getting virus pop ups on AVG asking to heal.
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download and run the Autoruns programme from HERE.

    Post fresh HJT, Ewido and the Autoruns log.

    Regards Howard :)

    This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. KnightofBane

    KnightofBane TS Rookie Topic Starter Posts: 56

    Here ya go.
     
  24. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    These are the filepaths you ned to enter into killbox.

    c:\windows\system32\winrpc32.dll
    c:\windows\system32\jkkjj.dll

    Once your system has rebooted, Let me know how your system is running and post a fresh Autoruns log.

    Regards Howard :)

    This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  25. KnightofBane

    KnightofBane TS Rookie Topic Starter Posts: 56

    Here's my new logs. No pop ups so far.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...