TechSpot

Need help with winh32

By spark plugs.
Dec 3, 2007
  1. I hope someone can help me remove a virus from a computer. its running windows XP.

    anti-virus captures winh32.exe as a trojan (among other things). It keeps showing up. the desktop background is being changed to a screen which says "Warning! Spyware threat has been detected on your PC." it goes on to say that unauthorized access was gained by another computer. I cannot bring up the task manager because the option is greyed out (spybot found the reg key which is doing this, but it reappears after being removed) I am also getting pop ups and security warnings in the taskbar. one of the pop-ups is a suspicious looking window with poorly formatted graphics, it has links to some pay-ware anti-spyware stuff.

    I have run spybot and adaware, it has avg antivirus. I will post the hijack this and combofix logs below. I would greatly appreciate any help anyone could offer to clear this computer.
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi spark plugs and welcome to techspot. =)

    It appears your system is most likely infected with some rogue anti-spyware.
    I suggest you do the following before doing anything else

    Important: Please read this thread HERE before deciding if you should CLEAN or FORMAT your system

    Should you decide to that cleaning your system is the best option, please go to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given.
    Do follow all the instructions exactly.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Our experts here will tend to your queries thereafter.

    Also, please provide the results of the Antirootkit scan


    Regards,
    momok =)

    This thread is for the use of spark plugs only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. spark plugs.

    spark plugs. TS Rookie Topic Starter

    i am currently running an avg scan to get the log, please post when available.
     
  4. spark plugs.

    spark plugs. TS Rookie Topic Starter

    panda shows that there are no rootkits
     
  5. Jase123

    Jase123 Banned Posts: 1,012

    Good!

    Now just post the 3 requested logs. :)

    Regards Jason :)
     
  6. spark plugs.

    spark plugs. TS Rookie Topic Starter

    just waiting for avg to finish scanning. it is quite slow. ;)
     
  7. evilfantasy

    evilfantasy Banned Posts: 428

    The HijackThis scan needs to be ran after all other cleaning is done. Running it before will show entries that have been removed by other tools.
     
  8. spark plugs.

    spark plugs. TS Rookie Topic Starter

    new hijackthis file uploaded
     
  9. evilfantasy

    evilfantasy Banned Posts: 428

    Is the AVG done yet?

    The combofix log is bad, but we need to wait on AVG to finish and see the log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...