TechSpot

Please help me!Cant get rid of this!It keeps coming back!

By hunter1981
Oct 14, 2006
  1. HI,
    Please can anyone help me with this issue i am dealing? tryed for the past 36 hours to get rid of this bug and it keeps coming back!
    I have Norton Antivirus 2006 and it tells me that my pc is infested with Dialer.Generic , it scans the file and asks me if i wanna remove it , i click yes , tells me they removed it but whitin few mins the same pop up appears saying the same.
    Also there is a Spyware Removal Wizard flashing and asking me to install Ultimate Defender ( checked and saw it might be a possible scam so i pas ) .
    Anyways yesterday i noticed several things installed in my pc and without my knowledge ( safetybar , cool.exe and other stuffs like that , deleted most )
    AVG Anti-Spyware also shows me a warning mesage that my pc is infested with Trojan.Dialer.qs and the same way like Norton says it removed but in few mins appears again.
    Please tell me what should i do ?
    I also tryed to enter Safe Mode but my laptop refused to do so ....when i press F8 nothing happens , it reboots normally .
    Bytheway found cool.exe and tryed to delete it manually but i see that after reboot it keeps coming back as well...hum?
    Please any help will be higly appreciate!
    Thank u
    Here is the hijackthis scan result :
     
  2. TearsInHvn

    TearsInHvn TS Enthusiast Posts: 55

    Hey Hunter, I'm not a tech here @ techspot but I think you might want to try this http://www.techspot.com/vb/topic58138.html before you do anything else. Howard will need these items done first. Plus believe it or not, sometimes after you do these steps, the problem is gone!

    Tears
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as an attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of hunter1981 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. hunter1981

    hunter1981 TS Rookie Topic Starter

    OPSSSSS!!!! i am sorry Howard , i feel so silly now , i saw that u requested an attachement with those files but in hurry to give u the details wanted i copy pasted and been trying to attach them but my connection is very very slow due to this problems i am dealing with and i was geting all sort of errors , sorry again and hope this helps .
    Thank u
     
  5. hunter1981

    hunter1981 TS Rookie Topic Starter

    ah i hope now i am finally able to post them , my connection is a real mess now thank u
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket Killbox programme fro HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.225.194.49<Fix this if you haven`t set this proxy yourself, or you don`t know what it is.

    O2 - BHO: (no name) - {257EE862-5580-69C7-CFBD-05B45A52D7E1} - C:\WINDOWS\system32\bxykdvk.dll

    O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)

    O4 - HKLM\..\Run: [tsqmudi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tsqmudi.dll,qzksghc

    O20 - Winlogon Notify: winvyy32 - C:\WINDOWS\SYSTEM32\winvyy32.dll

    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    These are the filepaths you need to enter into killbox.

    C:\WINDOWS\SYSTEM32\winvyy32.dll
    C:\WINDOWS\system32\bxykdvk.dll
    C:\WINDOWS\system32\tsqmudi.dll,qzksghc

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of hunter1981 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. hunter1981

    hunter1981 TS Rookie Topic Starter

    Thank u so much Howard , i will post a new HijackThis log but it seems those pop ups finally disappeared ... the only problem now is my connection still slow Thanks for your time , u are awsome
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    I don`t know what`s causing your slow connection. However, are you absolutely certain, these proxy entries are legit?

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.225.194.49
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    I suggest you fix them and see what happens. You can always restore them if you don`t like the results.

    In order to restore an entry fixed by HJT do the following.

    Run HJT and click the config button, followed by the backups button. Place a tick in the little box next to whichever entries you want to restore and click the restore button/ok.

    Regards Howard :)

    This thread is for the use of hunter1981 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...