Hai friends,
I followed the 8 steps posted in the thread to remove the malware.I now feel that the trojan has been successfully removed.I have added the log files.do we have to perform these checks periodically in the same order ?please do reply .Thanks friends.Advanced happy new year wishes to all members
View attachment 40085

View attachment mbam-log-2008-12-27 (02-11-25).txt

View attachment 40087

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

DrvMonitor.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [WinUpdater AutoRun] C:\AutoProtect\DrvMonitor.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\AutoProtect<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

You need to rename HijackThis.exe to Crusty.exe. This is because some malware can hide from HijackThis.exe. Follow these instructions in order to do so.

Go to the C:\Program Files\Trend Micro\HijackThis\HijackThis.exe file and right click on HijackThis.exe. Choose rename. Click in the title box and hit the enter key to clear what`s there.

Now type Crusty.exe into the title box and hit the enter key. Right click on the Crusty.exe file and choose "Send to desktop Create Shortcut".

You can now close the HJT directory.

Please post a fresh HJT log.

Dear friend,

i thank u for the valuable instructions that u gave in the previous post. i followed Ur instructions and have also tagged my log file .please check and do reply if there is any problem......

Your HJT log is now clean.

Unless you're still having problems, you should be good to go.

If you're not having problems, please do the following.

Please download OTMoveIt by OldTimer OTMoveIt.exe, unzip it and place it on your desktop.

1. Double click OTMoveIt.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. You will be prompted to allow the clean up procedure, click Yes
5. When finished exit out of OTMoveIt