Lots of Trojans

By marygg
Feb 28, 2008
Topic Status:
Not open for further replies.
  1. This computer has been partially cleaned. I suspect there are more problems than I can see. Attached are 2 logs. AVG anti spyware log is huge. I will send it later. Sorry I can't do it right now. Panda didn't find anything.
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Look a tad strange (well actually bad)

    Have you followed the Viruses/Spyware/Malware, preliminary removal instructions?
    If not, I believe it to be your best option.
  3. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Mary please tell me this is a different computer from:

    I'm guessing it is, but just wanted to be sure.
  4. marygg

    marygg TechSpot Enthusiast Topic Starter Posts: 135

    Oh, Yes. A different computer.
  5. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    First I want you to go to Start -> Control Panel -> Add/remove Programs -> remove:
    *All versions of Java or JRE
    *ShoppingReport <-If there

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Run Hijackthis and Select Do A System Scan Only
    Put a check mark next to the following entries if there:
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: BndBlock5 BHO Class - {82EA1A55-9CBC-404b-9D0C-E8BFB7EAAE9B} - C:\Program Files\QdrDrive\QdrDrive10.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O8 - Extra context menu item: &Search - ?p=ZCfox000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - (no file)
    O23 - Service: SystemSuite Task Manager - Unknown owner - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe (file missing)


    Reboot into Normal Mode


    Update your Java Runtime Environment
    • Click the following link
      Java Runtime Environment 6 Update 4
    • The 4th option down is the one you want
    • After the download locate and double click the installer jre-6u4-windows-i586-p-iftw.exe
    • Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions

    Run Hijackthis one last time and post the log along with combofix.txt
  6. marygg

    marygg TechSpot Enthusiast Topic Starter Posts: 135

    I still can't uninstall
    J2SE Runtime Environment 5.0 Update 9 and
    JAVA (TM) SE Runtime Environment 6 Update 1
    from add/remove prgrams.

    The combofix and hjt logs are included.

    I really appreciate your help.
  7. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Run System Scan only with Hijackthis and fix this entry:

    O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - (no file)


    I don't see the combofix log, and we will work on Java after I see the combofix log, it should be gone, just have to remove it from add/remove list. Did you already install java 6 update 4
  8. marygg

    marygg TechSpot Enthusiast Topic Starter Posts: 135

    The 023 has been cleaned. I'm going to try again to send combofix from yesterday.
  9. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    We removed Java already, so you can take it off of add/remove list by clicking remove, a box should pop that says the program no longer exist, would you like to remove it from add/remove list, click YES. If it doesn't give you that option let me know and we can remove them with Hijackthis

    But first
    CFScript

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post a fresh HJT log.

    Update your Java Runtime Environment
    • Click the following link
      Java Runtime Environment 6 Update 4
    • The 4th option down is the one you want
    • After the download locate and double click the installer jre-6u4-windows-i586-p-iftw.exe
    • Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions in your case Java 6 Update 3
  10. marygg

    marygg TechSpot Enthusiast Topic Starter Posts: 135

    These two files won't uninstall: Java SE Runtime Environment 6 update 1 and J2SE Runtime Environment 5.0 Update 9. When I try to uninstall I get and error message "Fatal error duing instalation."

    Sorry, I accidently deleted the combofixlog. Is there any way to retrieve it? It's not in recycle. Here's the hijackthis. Sorry I screwed it up.
  11. nayeem39

    nayeem39 Newcomer, in training

    helo
    fake virus protector alwys pop up
     
  12. nayeem39

    nayeem39 Newcomer, in training

    helo
    helo
  13. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    marygg,

    Launch Hijackthis

    Open the misc Tools section

    Open Uninstall manager

    Select those versions of Java then click Delete this entry

    We deleted the uninstallers with the programs.

    check add/remove to verify they are gone.

    Disable Teatimer
    • Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
    • Open Spybot S&D
    • Click on Mode at the top and make sure that Advanced is checked
    • Expand the Tools tab in the left pane
    • Single click on the Resident Icon also in the left pane
    • Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
    • Close spybot

    Run Hijackthis and check these entries
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - (no file)


    Select Fix Checked

    Now to enable teatimer
    • Expand the Tools tab in the left pane
    • Single click on the Resident Icon also in the left pane
    • check Resident "TeaTimer" (Protection of over-all system settings) Active
    • Close spybot

    Nayeem39,

    If you are having problems can you please start your own thread in our security forums found http://www.techspot.com/vb/menu28.html. These instructions are specifically for Marygg
  14. marygg

    marygg TechSpot Enthusiast Topic Starter Posts: 135

    I think this answers all my problems. Can't thank you enough.
  15. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Anytime, glad your problem is fixed.

    Use this thread if you have any more issues with this computer
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.