Inactive Help with trojan removal

[mortbert]

Novice at this stuff but tried to do the preliminary. Keep getting virus warnings but can't seem to get rid of it. I've attached the logs for
Malwarebytes
SuperAntiSpyware
Hijackthis

Also...I ran something called a-squared free that found something in the oracle area that I just can't remove.....any help would be appreciated.

 

[Bobbye]

Welcome to TechSpot, morbert. I'll help with the malware.

First, you need to get the antivirus programs down to one. Multiple AV programs make the system [b[more[/b] vulnerable and slow it down. Basic security should be one AV program, one firewall and multiple antimalware programs. Decide which you want to keep and remove the others:

• Microsoft Security Essentials
  Sophos
  a-Squared

Since they are all running and updating, I'd like you to do that while I finish checking the logs.
Reboot the computer after uninstalling and update the AV you keep.

Please don't run any other cleaning programs or scans while I'm helping you, unless I ask you to. Do not use a Registry cleaner or make any Registry changes.

EDIT: Can you tell me please what you use of the Altiris Client Management Suite (now Symantec) is? I ask because we offer free help for home computer users. Occasionally we have someone who is either using an office system or who is helping other with their computer problems- as clients. This presents a conflict with 'paid vs free' help.

 

[mortbert]

Sophos is the antivirus i run....but put the microsoft on recently..I'll pull it off...I don't use the a-squared for protection only run it occasionally....

Not sure why the Altrius is on there...used to run Symantec before switching to Sophos

 

[Bobbye]

Regardless, they are all loading and running./ Please remove all antivirus excerpt that related to Sophos. Sometimes people download a program to check something, but when through, forget it's still running and don't install it.

There are quite a few entries for the Altiris program. If you're not using that, please uninstall it. Uninstall anything you're either through with or no longer using. Otherwise, I have to go though all the files, then nag you about them!

It looks like you may have downloaded Spyhunter at some time. This is a rogue program known for long scans, false positives. Enigma is the only company I know of still recommending it and that is most likely because they sell it. Regarding that, here's a choice comment:
From Adware Report:

We recommend that you avoid this product at all costs. It failed to remove any spyware in our tests and the scan results were filled with false positives, a probable marketing ploy designed to separate fools and their money.

There is no English translation for smFilt.dll but from what I see, it looks like a part of a Vimax infection. Are you getting pop-ups ads for male anhancement products?

After you have worked out the multiple AV programs, please look for Spyhunter install. Uninstall the program and delete the program file using Windows Explorer path> My Computer> Local Drive (C)> Programs> right click on program folder> Delete.

If you are not using the Altiris Client Management Suite (now Symantec) please uninstall it and delete the program folder.

Reboot after all of the above has been done, then:

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
  Important! Save the renamed download to your desktop.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls.
  
• Double click on the setup file on the desktop to run
• If prompted to download and install the Recovery Console, please do so.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• If prompted to update, please allow.
• Click on Yes, to continue scanning for malware.
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.

.
Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Include Combofix report and Eset scan in next reply..

 

[mortbert]

Not getting pop-ups...but I am getting multiple messages from Sophos with items going into the quaranteed area....maybe that's what they are...

Can't find anything more in the system for Spyhunter....and I'm investigating the use of Altiris....

Will post soon the results.

 

[mortbert]

The Altirus is used for distributing patches and updates but not for antispyware

 

[mortbert]

Not sure I can disable Sophos...it's hosted at the corporate level....when I take the laptop off the internet connection.....

How "dangerous" is it to run Combofix with Saphos still running

 

[Bobbye]

Just download Combofix and go offline to run.

We can't rely on a scan as much when security programs are running. The 'danger' is 1. Missing malware and/or 2. causing a conflict that could further upset the system.

 

[mortbert]

logs

Okay...here are the logs for Combofix and Eset

 

[Bobbye]

but I am getting multiple messages from Sophos with items going into the quaranteed area.

Can you clarify this for me please. What do the messages say? Are they 'alerts' and do you get them from any site in particular? I'm not familiar with the Sophos warnings so you'll need to explain.

Regarding the Altiris program:

Altiris Client Management Suite from Symantec is a comprehensive systems management solution for IT professionals who are responsible for the complete management - deployment, ongoing upkeep, and retirement - of their organization's desktop and notebook computers. This fully-integrated suite of management tools automates management tasks and reduces desk-side visits, which can substantially lower the total cost of owning client computers and software

.

I'm having a bit f a problem assessing all of the entries for this program, including all passing through the firewall. If you are doing this, using this, why are you trying to get rid of your malware on a free, internet forum?

There is a lot going on in your system- quite a few entries that I can't identify. This does not appear of be a home PC. What is it?

Also, the Combofix report has a few entries that puzzle me:
On 4/14, you downloaded a-square 'HijackFree.'.. The description on the site says "Version 3.1.0.22 fixes minor bugs.". the HJT we use doesn't fix anything-unless you tell it to specifically and that's mostly removing an entry.
On 4/14, you also picked up these:
c:\temp\._msige52>> ??????
c:\temp\VBE
c:\temp\{985BE9FC-AD1E-47F4-AB8F-B38EC9DD5B96}>> ??????
c:\temp\MPInstrumentation>> This is MountPoint Instrumentation. Normally only the root user can mount a new file system usually using the mount utility, but there are often provisions to allow normal users to mount removable media, such as the pmount package.
On 4/14. you also downloaded from TrendMicro which is where we usually d/l HijackThis.

Is this the Registry Cleaner: 2010-04-13 12:29 ----c:\program files\Uniblue?

 

[Bobbye]

Due to inactivity, this thread is being closed. If the original member needs further help with this, please send a PM to the helper and the thread can be reopened.