TechSpot

HKLM Trojan

By Melissabill
Mar 16, 2007
  1. It appears I may have an HKLM Trojan that starts each time I start my computer. When I checked msconfig, it is listed on everything. How can I get rid of it?

    Melissa
     
  2. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    Hello, welcome to TechSpot! :wave:

    What exactly do you mean by "HKLM trojan"? HKLM stands for HKEY_LOCAL_MACHINE, a legitimate thing in the Windows registry. It will show up in msconfig because that's where a bunch of stuff is stored in the registry.

    What symptoms is your computer showing?
     
  3. Melissabill

    Melissabill TS Rookie Topic Starter

    Hklm

    Well, my computer says it has encountered an error, and automatically shuts down. I tried running adaware, but before finishing my computer encounters an error and gives me a timer as to when it will shut down.

    My Symantec virus protection which came standard with my pc says it will not allow me to send various emails, emails which I have not attempted to send, which are very vulgar as to the going to email address.

    Web sites automatically open up when I am on the internet, etc.
     
  4. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    Try updating your Symantec antivirus and running a full scan. You'll probably have to do it from safe mode. Then download Spybot - Search & Destroy, update it, and scan with it, again in safe mode. Update Ad-aware and scan with it in safe mode. See if that removes it.

    Then please post a HJT log as an attachment into this thread (as per these instructions).

    Regards :)
     
  5. Melissabill

    Melissabill TS Rookie Topic Starter

    Hklm

    I have already installed adaware, installed updates. My PC shuts down prior to the Adaware finishing its scan, every time.

    I have installed Spybot search and destroy, and its updates. Did nothing.

    Any other suggestions? I am at a total loss.
     
  6. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    Have you tried booting into safe mode and updating and scanning there? Instructions HERE.

    Regards :)
     
  7. Melissabill

    Melissabill TS Rookie Topic Starter

    Hklm

    Yes, I have tried booting in safe mode. Same thing happens, when running Adaware pc shuts down. I am at a total loss.
     
  8. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    OK, try posting a HJT log as an attachment into this thread (as per these instructions).
     
  9. Melissabill

    Melissabill TS Rookie Topic Starter

    Hklm

    Here is my log, per the instructions.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Your system is absolutely riddled with malware.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Download LSPFix from http://cexx.org/lspfix.htm
    1. Disconnect from the Internet, go to the LSPfix file and extract/unzip LSP-Fix into its own folder [C:\lspfix].
    2. Open the lspfix folder and double-click on LSPFix.exe to start the program.
    3. Check the "I know what I am doing" checkbox.
    4. Select (highlight) all instances of 'msnetax.dll' in the left column under "Keep".
    5. Click the arrow >> so it goes over to the right column under "Remove".
    6. Click "Finish" and LSPfix will remove references to the file and restore the chain numbers.
    7. Delete the bold file C:\windows\system32\msnetax.dll and Restart your computer

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of Melissabill only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. Melissabill

    Melissabill TS Rookie Topic Starter

    Hklm

    Howard,

    After reviewing my options, I will format and reinstall. I do not want to take any chances.

    Thanks so much for your help. I knew I had a problem, just didn't know exactly what or how to fix it.
     
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    That is possibly your best option. Thanks for letting us know.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Melissabill only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.