need to get this trojan off my back

By LightningBoard
Aug 25, 2005
  1. Hi everyone,
    I need help getting rid off a trojan/spyware that causes my screen to go blank with a message prompting me to scan/buy their software, one of them being "PSGuard". I have tried spybot,spyware blaster but with no success. I downloaded hijackthis and this is the logfile it gave me, but i dont know what to "fix". any help would be greatly appreciated. thanks:
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  3. LightningBoard

    LightningBoard TS Rookie Topic Starter

    Here you go RealBlackStuff:

    I have attached my hijacklog as atext file. Could you please tell me which files to fix/delete. thanks.
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode.
    Switch System restore OFF, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
    Next, open Windows Task Manager.

    On Windows 95/98/ME, press CTRL+ALT+DELETE.
    On Windows NT/2000/XP, press CTRL+SHIFT+ESC.
    Click the Processes tab, select the process (if there), click End Process for:

    Next, click on Start/Run and type in (followed by press Enter):
    regsvr32 /u bhomod00.dll

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    O2 - BHO: (no name) - {2E246FAE-8420-11D9-870D-000C2917DE7F} - (no file)
    O2 - BHO: (no name) - {5D04BDC4-3DE5-4668-946C-2D87D0DDCE4A} - C:\WINDOWS\System32\nebp.dll (file missing)
    O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\SYSTEM32\h0wek9.dll (file missing)
    O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\bhomod00.dll
    O4 - HKLM\..\Run: [vmtuner] gglib.exe
    O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) -
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} -
    O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
    Now click on the Fix Checked button in HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    Boot normal. When all OK, switch System Restore back on.
  5. LightningBoard

    LightningBoard TS Rookie Topic Starter

    Thanks for you help
  6. LightningBoard

    LightningBoard TS Rookie Topic Starter

    I followed the steps you told me and it took care of the trojan problem,
    but now I have a new kind of problem:

    A windows installer dialogue keeps coming up and wont shut down. It first starts out saying its preparing to install PhotoGallery. Then it says please wait configuring PhotoGallery. Then it says feature can not be found insert CD ROM.

    When I try to cancel it, it pops up once again and the whole thing keeps repeating itself. When I use task manager to shut down msiexec.exe, it shuts down but then pops up again. This little pest wont let me install other hardware such as my hp printer. I'm worried that i may have some virus concealing itself as msiexec.exe. Please help.
  7. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Try booting in sage mode, then click Start/Run, type MSCONFIG and click OK and see if you can stop msiexec from the Startup tab or whatever tab it is under
  8. LightningBoard

    LightningBoard TS Rookie Topic Starter

    That helped. Thanks.
Topic Status:
Not open for further replies.

Similar Topics

Create an account or login to comment

You need to be a member in order to leave a comment
TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.