TechSpot

I got owned by trojans. Please help!

By Paranoiddd
Aug 29, 2006
  1. Well I unknowingly got a trojan and am having trouble deleting these! No matter how many times I delete them with Spyware Doctor, they keep coming back. I used Trojan Remover and it told me that ishost.exe could not be deleted. Can someone help me? I appreciate it if someone can help! Here's my log file:
     
  2. Vigilante

    Vigilante TechSpot Paladin Posts: 1,666

    What you want to do is run all your tools in Safe Mode so the "bad" files are not running in memory.
    So boot to Safe Mode and then run your McAfee and SpyDoc (not the best). I would also download, and update, Spybot Search and Destroy, and Ad-Aware SE Personal. Also grab Ewido.
    You can run an online virus scan from housecall.trendmicro.com or www.bitdefender.com.

    Refer to the "Sticky" threads in the Security forum for various techniques on removing malware.

    Good luck!
     
  3. Paranoiddd

    Paranoiddd TS Rookie Topic Starter

    I did what you said, ran all my tools in safe mode. I deleted everything, then did a scan with each tool and found nothing. So I restart Windows normally, and suddenly i have infected files again. What can I do?
     

    Attached Files:

    • new.txt
      File size:
      4.7 KB
      Views:
      6
  4. Vigilante

    Vigilante TechSpot Paladin Posts: 1,666

    Well you say "...scan with each tool and found nothing..." and then "suddenly I have infected files again."

    What program says you are infected if they say you're clean? And what does it say you're infected with? And does it give you the name of the file and where it's located?

    Whatever file it says is infected, delete it in Safe Mode.
     
  5. N3051M

    N3051M TS Evangelist Posts: 2,115

    Looking at your HJT file:
    Fix:
    R3 - Default URLSearchHook is missing

    Apart from that, you do not seem to have a firewall installed, unless the Mcafee has one? Get Keiro Personal Firewall or Zonealarm..

    If you still do experience problems, tell us what symptoms you're experiencing and then read this and follow all the instructions as much as you can, and tell us the ones you cant then move on:
    Follow these instructions BEFORE posting your HJT log.
     
  6. Paranoiddd

    Paranoiddd TS Rookie Topic Starter

    Hmmm.. it seems from the last reply I haven't been getting any more trojan infections. I guess those were the 'leftover' ones? Hope I don't jinx it, but for now i'm not finding any. Thanks for your help guys.
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Just to confirm what the guys have said.

    The only entry in your HJT log that needs fixing is this one.

    R3 - Default URLSearchHook is missing

    Other than that, your HJT log is clean.

    If you have any further virus/spyware problem, please post in this thread.

    Regards Howard :wave: :wave:

    This thread is for the use of Paranoiddd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. Paranoiddd

    Paranoiddd TS Rookie Topic Starter

    Oh no it's back! some of my programs are starting to crash too :(

    If i reinstall Windows (and not remove anything on my harddrive), will that fix my problem? Here's the log anyways:
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I can find nothing particularly nasty in your HJT log.

    Have HJT fix this entry.

    R3 - Default URLSearchHook is missing

    Then, go HERE and follow all the instructions exactly.

    Don`t forget to rename HijackThis.exe to HijackThis1991.exe.

    Post fresh HJT and Ewido logs into this thread, only after doing the above.

    Regards Howard :)

    This thread is for the use of Paranoiddd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. Paranoiddd

    Paranoiddd TS Rookie Topic Starter

    Yes I have fixed the URLSearchHook is missing part. How come I need to rename it ti HijackThis1991.exe?
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Renaming HijackThis.exe is due to the fact that some malware is able to hide from HijackThis.exe but not from HijackThis1991.exe.

    Regards Howard :)
     
  12. Paranoiddd

    Paranoiddd TS Rookie Topic Starter

    what is VundoFix? it found a couple of dlls.. should i remove them?
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Vundofix searches for and attempts to kill the Virtumundo infection. Let it do it`s stuff. Do not delete anything manually, unless directed to do so.

    Regards Howard :)
     
  14. Paranoiddd

    Paranoiddd TS Rookie Topic Starter

    But the search finished and it gave me 4 dll files. ddcdaxu, hggebbb, khfgfca and winxtx32. so i just leave them?
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That will just be telling you what it`s removed. As I said, do not manually delete anything unless specifically requested to do so. Read the instructions for using each tool fully.

    Regards Howard :)

    This thread is for the use of Paranoiddd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...