TechSpot

Help With Virus

By SEM1
May 25, 2005
Topic Status:
Not open for further replies.
  1. Hi there

    You guys seem to be one of the few that can solve this for me

    I have 2 viruses I cannot remove

    1. Trojan-Downloader.BAT.Ftp.ab.

    2. something named eraseme

    I am attaching the Hijackthis log file as specified

    Thank you in advance

    Clint

    Attached Files:

  2. Nodsu

    Nodsu Newcomer, in training Posts: 9,431

    "Cannot remove" means what? How do you know you have them? What have you tried to do to remove them?
  3. Vigilante

    Vigilante TechSpot Paladin Posts: 2,120

    These are questionable to me:

    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\mgabg.exe
    C:\WINDOWS\System32\MsPMSPSv.exe

    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8022E3FE-4F73-4FB1-9B9A-8BF2F8DE4F9B}: NameServer = 151.197.0.68 151.197.0.38
    O18 - Filter hijack: text/xml - (no CLSID) - (no file)

    Not sure what your Browser Mouse is, but if you have such a thing, never mind that. I would remove the "017" nameserver and the 018 filter hijack. However, those might be related to your Kaspersky.

    Besides those two, it looks pretty clean.

    Since it looks like you ran a few online virus scanners, might I recommend running these as well:

    housecall.trendmicro.com

    and

    http://www.bitdefender.com/index.php?tab=0#

    They may have better luck.

    Otherwise, if you can identify the infected files (assuming they don't change their name). You may have to delete them in Safe Mode or even Recovery Console.

    I'd say run those two scanners first and see if you can identify names, then go from there.

    Otherwise, I'm sure someone may point you to RealBlackStuff's cleaner thread of which I don't have the URL handy.

    good luck
  4. SEM1

    SEM1 Newcomer, in training Topic Starter

    Virus Removal

    I have the following installed on my pc

    No Adware

    Adware SE Personal

    Ace Utilities

    Registry Mechanic

    Trojan Remover

    Kaperksy Antivirus

    Kapersky tells me I have the viruses and deletes them.

    I run all of the programs in regular Windoze XP Pro

    And in safe mode for Windoze XP pro

    Kapersky says it has deleted them and all of the other programs say they work but I always get the warnings again after restarting my computer that I am infected by both viruses,

    Please help I cannot afford to reformat this PC at this point

    Clint
  5. SEM1

    SEM1 Newcomer, in training Topic Starter

    Antivirus

    Hi

    I can also download and install CA Eztrust

    I've spent a wad of cash on these things and none can solve the problem

    Talk about being ripped off blind


    Clint
  6. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Boot in Safe Mode.
    Switch System restore OFF.
    Run a HJT scan and place a tick-mark in the little square before:


    O18 - Filter hijack: text/xml - (no CLSID) - (no file)

    Now click on the Fix Checked button in HJT.

    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Boot normal. When all OK, switch System Restore back on.
  7. SEM1

    SEM1 Newcomer, in training Topic Starter

    LocalSetting

    Hi there

    I did the first part running the HJT in safe mode.

    System Restore has been turned off prior to my trying to fix this.

    However when I navigate to C:/Documents&Settings/Username/LocalSettings

    there is no file folder with the name LocalSettings under any of the users on the PC including under administrator.

    What am I missing ??

    Also I clicked the tick mark by 18 and clicked fix this, rebooted to safe mode and deleted the HJT log.

    I then reran HJT and 018 was back again.

    Clint
  8. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.