Help with trojan removal

Inactive
By mortbert
Apr 14, 2010
Topic Status:
Not open for further replies.
  1. Novice at this stuff but tried to do the preliminary. Keep getting virus warnings but can't seem to get rid of it. I've attached the logs for
    Malwarebytes
    SuperAntiSpyware
    Hijackthis

    Also...I ran something called a-squared free that found something in the oracle area that I just can't remove.....any help would be appreciated.

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot, morbert. I'll help with the malware.

    First, you need to get the antivirus programs down to one. Multiple AV programs make the system [b[more[/b] vulnerable and slow it down. Basic security should be one AV program, one firewall and multiple antimalware programs. Decide which you want to keep and remove the others:
    • Microsoft Security Essentials
      Sophos
      a-Squared

    Since they are all running and updating, I'd like you to do that while I finish checking the logs.
    Reboot the computer after uninstalling and update the AV you keep.

    Please don't run any other cleaning programs or scans while I'm helping you, unless I ask you to. Do not use a Registry cleaner or make any Registry changes.

    EDIT: Can you tell me please what you use of the Altiris Client Management Suite (now Symantec) is? I ask because we offer free help for home computer users. Occasionally we have someone who is either using an office system or who is helping other with their computer problems- as clients. This presents a conflict with 'paid vs free' help.
  3. mortbert

    mortbert Newcomer, in training Topic Starter

    Sophos is the antivirus i run....but put the microsoft on recently..I'll pull it off...I don't use the a-squared for protection only run it occasionally....

    Not sure why the Altrius is on there...used to run Symantec before switching to Sophos
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Regardless, they are all loading and running./ Please remove all antivirus excerpt that related to Sophos. Sometimes people download a program to check something, but when through, forget it's still running and don't install it.

    There are quite a few entries for the Altiris program. If you're not using that, please uninstall it. Uninstall anything you're either through with or no longer using. Otherwise, I have to go though all the files, then nag you about them!

    It looks like you may have downloaded Spyhunter at some time. This is a rogue program known for long scans, false positives. Enigma is the only company I know of still recommending it and that is most likely because they sell it. Regarding that, here's a choice comment:
    From Adware Report:
    There is no English translation for smFilt.dll but from what I see, it looks like a part of a Vimax infection. Are you getting pop-ups ads for male anhancement products?

    After you have worked out the multiple AV programs, please look for Spyhunter install. Uninstall the program and delete the program file using Windows Explorer path> My Computer> Local Drive (C)> Programs> right click on program folder> Delete.

    If you are not using the Altiris Client Management Suite (now Symantec) please uninstall it and delete the program folder.

    Reboot after all of the above has been done, then:

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

      Important! Save the renamed download to your desktop.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls.
    • Double click on the setup file on the desktop to run
    • If prompted to download and install the Recovery Console, please do so.
      (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
    • If prompted to update, please allow.
    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.
    .
    Run Eset NOD32 Online AntiVirus Scanner HERE
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    Include Combofix report and Eset scan in next reply..
  5. mortbert

    mortbert Newcomer, in training Topic Starter

    Not getting pop-ups...but I am getting multiple messages from Sophos with items going into the quaranteed area....maybe that's what they are...

    Can't find anything more in the system for Spyhunter....and I'm investigating the use of Altiris....

    Will post soon the results.
  6. mortbert

    mortbert Newcomer, in training Topic Starter

    The Altirus is used for distributing patches and updates but not for antispyware
  7. mortbert

    mortbert Newcomer, in training Topic Starter

    Not sure I can disable Sophos...it's hosted at the corporate level....when I take the laptop off the internet connection.....

    How "dangerous" is it to run Combofix with Saphos still running
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Just download Combofix and go offline to run.

    We can't rely on a scan as much when security programs are running. The 'danger' is 1. Missing malware and/or 2. causing a conflict that could further upset the system.
  9. mortbert

    mortbert Newcomer, in training Topic Starter

    logs

    Okay...here are the logs for Combofix and Eset

    Attached Files:

  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Can you clarify this for me please. What do the messages say? Are they 'alerts' and do you get them from any site in particular? I'm not familiar with the Sophos warnings so you'll need to explain.

    Regarding the Altiris program:
    .

    I'm having a bit f a problem assessing all of the entries for this program, including all passing through the firewall. If you are doing this, using this, why are you trying to get rid of your malware on a free, internet forum?

    There is a lot going on in your system- quite a few entries that I can't identify. This does not appear of be a home PC. What is it?

    Also, the Combofix report has a few entries that puzzle me:
    On 4/14, you downloaded a-square 'HijackFree.'.. The description on the site says "Version 3.1.0.22 fixes minor bugs.". the HJT we use doesn't fix anything-unless you tell it to specifically and that's mostly removing an entry.
    On 4/14, you also picked up these:
    c:\temp\._msige52>> ??????
    c:\temp\VBE
    c:\temp\{985BE9FC-AD1E-47F4-AB8F-B38EC9DD5B96}>> ??????
    c:\temp\MPInstrumentation>> This is MountPoint Instrumentation. Normally only the root user can mount a new file system usually using the mount utility, but there are often provisions to allow normal users to mount removable media, such as the pmount package.
    On 4/14. you also downloaded from TrendMicro which is where we usually d/l HijackThis.

    Is this the Registry Cleaner: 2010-04-13 12:29 ----c:\program files\Uniblue?
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Due to inactivity, this thread is being closed. If the original member needs further help with this, please send a PM to the helper and the thread can be reopened.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.