TechSpot

Help With Downloader-acv

By Jaden
Nov 15, 2005
Topic Status:
Not open for further replies.
  1. Hello all,

    I have McAfee and it has told me that I have a downloader acv trojan on my computer. I followed the advice in a previous thread from someone named " kerenza" who had a similar probelm. But I'm still confused. I hope someone can help me and be able to explain it in dummy terms. I would greatly appreciate it.

    I posted the Hijiack log for someone to please review.

    Thank you in advance!
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    First Read: Only use these HJT-instructions when asked!
    /P/ Process needs to be stopped
    /S/ Service needs to be stopped
    /U/ UNinstall anything to do with this
    /R/ unRegister the xxx.DLL in that line
    Transfer the text from between these dotted lines underneath to between the dotted lines of that post.
    Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
    ...................................................................................................
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\System32\nsb42.dll (file missing)
    /R/ O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\awtsq.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    /R/ O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    /P/ O4 - HKLM\..\Run: [mnxhedj] C:\WINDOWS\mnxhedj.exe
    /P/ O4 - HKCU\..\Run: [CasStub] C:\Program Files\CasStub\casstub.exe -run
    /P/ O4 - HKCU\..\RunServices: [Windows IP Security Service] dgoud.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
    Fix ALL your O16 - DPF: entries
    Unless these IP-numbers are from your ISP, fix the O17
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0E175683-A931-4B32-BD75-B9CD57C0D291}: NameServer = 205.188.146.145
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0E175683-A931-4B32-BD75-B9CD57C0D291}: NameServer = 205.188.146.145
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: awtsq - C:\WINDOWS\System32\awtsq.dll
    /P/S/ O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\yrkodaf.exe
    ...................................................................................................

    STOP using that crappy IE (other than for Windows-updates) and install Firefox from www.getfirefox.com

    I would also advise you to get rid of that AOL junk!
  3. Jaden

    Jaden TS Rookie Topic Starter

    Thank you sooo much. I printed out the HJT intructions but the only part I am confused on is when you say to transfer the text (from between the dotted lines in your referred post to between these dottied lines.

    Can you please explain that to me. I'm really sorry I have been trying to figure it out and I know you don't like dumb questions.

    Your help has been greatly appreciated.

    Thank you
  4. Jaden

    Jaden TS Rookie Topic Starter

    Oh, one more question. When you say fix all your 016-DPF entries, how do I accomplish this? I know DPF stands for downloaded program files. I just don't know how to fix them. Thank you
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    My above post has several text-lines between dotted lines, as in:
    ........................................
    /R/ whatever...
    /P/ whatever...
    ........................................

    The post you need to Read: Only use... also has some dotted lines
    ...................................................................... .............................
    TRANSFER THE TEXT (from between the dotted lines in YOUR referred post) to BETWEEN THESE dotted LINES
    ...................................................................... .............................

    Now put your own lines, or as in this example:
    /R/ whatever...
    /P/ whatever...
    between the dotted lines of the Read: post so that it looks like:

    Next, run a HJT Scan and (if still there) place a Tick-mark in the little square before: (Tick every line from the transfer!)
    ...................................................................... .............................
    /R/ whatever...
    /P/ whatever...
    ...................................................................... .............................
    Now click on the Fix Checked button in HJT. Exit HJT.

    FIX means put a check-mark before that line, so that Fix Checked can fix the checked lines.

    And yes, it is a dumb question :unch:
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.