TechSpot

Please help--hacktool/ trojan

By t13nif
Oct 19, 2005
  1. I am not meaning to be difficult but i desperately need help.I have hacktool and trojan infections. I have read all the sticky notes on how to remove these but i am having problems.

    ZoneAlarm has locked down my PC from internet access. I have uninstalled ZA multiple times (successfully apparently) which allows me to periodically access the net, however ZA soon shuts it down (even though the program was uninstalled). Nevertheless, i was able to get to the trendmicro site to attempt a scan--it failed due to "network problems". No further information available and ZA then shut me down.

    The only thing i have been able to do successfully is run HijackThis. I would appreciate it someone could take a look at my log. I am having surgery on Friday and and really need my PC to be up and running by then :(.
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    First Read: Only use these HJT-instructions when asked!
    /P/ Process needs to be stopped
    /U/ UNinstall anything to do with this
    /R/ unRegister the xxx.DLL in that line
    The text between the dotted lines underneath goes between the dotted lines of that post.
    Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
    ...................................................................................................
    /R/U/ O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
    /R/U/ O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
    /R/ O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINNT\system32\bho.dll
    /R/ O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINNT\system32\italskti.dll
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    /R/U/ O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    /P/ O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    Fix ALL your O16 - DPF: entries
    /P/ O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll
    ...................................................................................................

    Stop using IE. Go to www.getfirefox.com
    With Firefox you won't need crappy popup-stopper programs.
    Instead of DAP get the free Stardownloader from www.stardownloader.com
     
  3. t13nif

    t13nif TS Rookie Topic Starter

    I followed all the steps above, however i ran into difficulty trying to Unregister the required items. The only item i was successfully able to unregister was italskti.dll. For every other one i attempted i received a "load error, requested module not located" (i'm sorry that's not verbatim). I still proceeded with the other steps successfully. Attached is my latest log file. I am still virus laden and in Zone Alarm Lockdown (with no net access).
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    First Read: Only use these HJT-instructions when asked!
    /P/ Process needs to be stopped
    /R/ unRegister the xxx.DLL in that line
    The text between the dotted lines underneath goes between the dotted lines of that post.
    Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
    ...................................................................................................
    /R/ O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINNT\system32\pkshvtvz.dll
    /P/ O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    /P/ O4 - HKCU\..\Run: [ichckupd] C:\WINNT\system32\ichckupd.exe
    /P/ O4 - HKCU\..\Run: [pshower] C:\WINNT\system32\pshwr.exe
    ...................................................................................................
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...