Please please please help..

By maxiimus
Mar 26, 2008
  1. Heya,

    I have followed all the steps given in 'Viruses/Spyware/Malware, preliminary removal instructions' post and have attached the 3 log files that I got.

    O first noticed the problem, when my screen saver went blue and in the middle of the screen it said something along the lines of "spyware threat detected on your pc" this warning has now gone, but im still getting the windows balloon saying, my pc is infected with spyware,

    here are my logs:

    p.s. The Panda Antirootkit scan results wer:


    thanks in advance

  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Very very very brief look
    These two can be removed:
    C:\Documents and Settings\All Users\Application Data\fmhgbufa\zszmdcnu.exe
    Actually there's a few instances in HijackThis Log

    Also consider removing Norton and installing AVG Free
    Update 3 times (innitially only) then run a full scan
  3. kritius

    kritius TS Guru Posts: 2,084

    P2P Warning!

    IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.


    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
    Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    References for the risk of these programs can be found in these links:
    See Clean/Infected P2P Programs here

    I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    If you wish to keep it, please do not use it until your computer is cleaned.
  4. maxiimus

    maxiimus TS Rookie Topic Starter

    Thanks for the input so far peeps, much appreciated,

    so far i have removed norton, installed avg, ran the updates and am now scanning the pc

    thanks for taking the time out to help

    all advice welcome and very much appreciated
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    One alteration to AVG default install settings

    Confirm Scheduler is not set to run on every system restart
    • Open AVG Control Center
    • Click to highlight Scheduler
    • Click on Scheduled Tasks button
    • Double click on Test Plan in Basic Mode
    • Uncheck "Periodically start scheduled antivirus test"
    • Ok Close (X)
  6. maxiimus

    maxiimus TS Rookie Topic Starter

    thanks kimsland all set as per ur bellow instructions

    im still having probs with:


    and avg is reporting:

    Threat detected!
    while opening file: c:\windows\system32\hlp.dll
    torjan horse backdoor.agent.nrb

    it wont allow me to heal, or move to vault

    the warning from avg for the above only pops up once i carry out an action e.g. open my email, or open a browser, but everytime i carry out any action that warning pops up

    any ideas wot is going on???

  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Please Disable System Restore (howto)

    Then download Move On Boot from h e r e

    Once installed click on Start--> All Programs -->GiPo@Utilities-->MoveOnBoot
    Paste this exactly in the white area: c:\windows\system32\hlp.dll
    Click next, and then select Delete select Start

    Confirm c:\windows\system32\hlp.dll has in fact been deleted

    If it has gone, please re-enable System Restore

    Reply back with the result
  8. kritius

    kritius TS Guru Posts: 2,084

    Before doing that, try an online scan with Kaspersky,

    it will let us get a better idea of what is happening in there

    We can also use HJT to get rid of the nasty or the pocket killbox, HijackThis would be prefferable seeing as how you already have it installed.

    I would like you to do an online scan so that we can what else may be in your system,
    Run Kaspersky online scanner
    With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
    Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
    Do not go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

    Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
    • The program will launch and then start to download the latest definition files.
    • Once the scanner is installed and the definitions downloaded, click Next.
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      o Scan using the following Anti-Virus database:
      o Extended (If available, otherwise use standard)
      o Scan Options:
      o Scan Archives
      o Scan Mail Bases
    • Click OK
    • Under select a target to scan, select My Computer
    • The scan will take a while so be patient and let it run.
    • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
    • Click the Save Report As... button (see red arrow below)

    • In the Save as... prompt, select Desktop
    • In the File name box, name the file
    • In the Save as type prompt, select Text file (see below)

    • Include the report in your next post.

    Delete Files on Reboot
    • Start Hijackthis
    • Click on the Config button
    • Click on the Misc Tools button
    • Click on the button labeled Delete a file on reboot...
      A new window will open asking you to select the file that you would like to delete on reboot.
    • Navigate to each file and click on it once, and then click on the Open button.
    • You will now be asked if you would like to reboot your computer to delete the file.
    • Click on the Yes button if you would like to reboot now, otherwise click on the No button to reboot later.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...