TechSpot

Help - trojan horse removal

By jencck
Jun 28, 2007
  1. My problems popped up with liveupdate on Norton. It quit on me. Then I tried to go to Symantec.com and discovered I could not open their website. Eventually I discovered I couldn't open microsoft.com either. Most websites will open for me, but there are many that won't. I have done a manual update of my norton live update. I have downloaded and tried many of the spyware and antivirus software but the problem persists. Spydoctor, Spybot, AVG, Norton, Ad Aware, Ewido and now Hijack This. I have removed a lot of the registry keys and values which were identified as problems (new_drv.sys; inetdata). I confess to dumbly downloading a trojan horse a couple of weeks ago from a very deceptive email disguised as an american greetings card- but I wrongly assumed that Norton had caught it. Apparently not. :(
    The best clues to what is wrong I believe came from Spydr - trojan.pw.steal.bs and seekmo.

    Can anyone help me?? Please?? Hijackthis log attached.
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi jencck and welcome to techspot. =)

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

    Please remember to rename the HijackThis executable file to analyze.exe and save it in its own folder in C:\ not in a temporary folder.

    Then run HijackThis and fix these entries:

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://66.151.107.33/component/VZWDLManager.cab

    Next, navigate in windows explorer manually and delete this file.
    C:\WINDOWS\ALCMTR.EXE

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of jencck only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...