stangpride
Posts: 36 +0
Good Evening,
This is the first time I've posted here since I've joined TechSpot. My sister requested I assist her with her computer, as she had a virus in it that kept reappearing after other people have supposedly "helped" her. She purchased this pc in April of 2005. As I am by-the-book in my attempts to do things correctly the first time and refuse to take "short-cuts" and she realizes this, she finally requested my help. I've now spent no less than 22 hours following the procedures in TechSpot's Viruses/Spyware/Malware Preliminary Removal Instructions, trying to be thorough in the fix, so she will not have to deal with this problem anymore. I am now ready for some assistance in getting rid of this trojan once and for all on my sister's desktop pc.
For starters, her desktop is a Dell Dimension 2400, Intel Celeron CPU 2.4GHz, with 256 MB RAM (yes, I know, utterly zero RAM compared to current standards), and has a 40GB HDD. She is running WinXP Home Ed., with SP2, version 2002. There is a CD-RW drive, but nothing else was installed. Basically, it's an OTS As-Is purchase for my sister, as she did not request any specific modifications (the tower is actually riveted onto the frame, so you cannot remove it to install anything without permanently damaging the metal). She is a "newbie" to the technical world. I am not such a newbie. I have a lot of experience in many different technical areas, but as far as fixing viruses of this malicious nature (not easily fixed with one or two simple removal tools), I want to be absolutely certain her computer is running up to spec and would appreciate a helping hand determining what the logs all mean, and if, as I might suspect, the virus(es) still exist after all the initial attempts to rid it/them off of her computer.
When I first got the pc, she had McCaffee AV sw installed, which kept telling her a specific error message anytime she opened IE (thought I had written down the exact error, but if so, I cannot locate it now, so I will attempt to recall the majority of what it said from memory): The error message said it blocked access to a particular file when opening IE and that file is C\Windows\System32\JKHHI.DLL, with a title of Trojan.Virtumonde, which was dedicated at the Elevated Risk level. Since first working with her pc, I ran a few of the tools I've located within TechSpot, and noticed those error messages quit appearing, but I knew the virus was still in tact, as her pc was still excruciatingly slow at doing any one thing. I kept open windows to a minimum of 3, but that still did not help matters much. I continued to scan through TechSpot, to see what everyone was discussing and ways to get rid of things, and also scanned through several other web forums, and did the easiest things first, then attempted to do the 15-step Preliminary Removal instructions. Throughout the process of each of the scans, I went from having 4 trojans (Trojan.AgentAOY, Trojan.Downloader.ConHook (both High Risk), Adware.Adsponsor (Low Risk), and lastly, Trojan.Virtumonde (Elevated Risk) down to just about nothing, but there are still some things leftover. As there were several different scans requested throughout this 15-step removal process, the items found decreased, and even went entirely away within a few of the software products, but the last two scanning items still found some minor items, which is the entire reason I would like someone who knows how to read the logs entirely to take a peek at them and tell me what they are seeing. I can gather a lot of information from these logs myself, but I do not know what might be good or bad and I am dead tired of working on this system now. I pray I can get this pc fixed this evening (good luck, right!) I do not want to keep my sister's pc too long, as she has school classes she attends online and will need this computer back ASAP. So please let me know your thoughts! Thanks much for your responses, in advance.
Panda Anti-Rootkit Scan Results: No Rootkits have been found. Items scanned: 3558.
I have attached the 3 requested logs, as instructed: HJT, Combofix, and AVG:
This is the first time I've posted here since I've joined TechSpot. My sister requested I assist her with her computer, as she had a virus in it that kept reappearing after other people have supposedly "helped" her. She purchased this pc in April of 2005. As I am by-the-book in my attempts to do things correctly the first time and refuse to take "short-cuts" and she realizes this, she finally requested my help. I've now spent no less than 22 hours following the procedures in TechSpot's Viruses/Spyware/Malware Preliminary Removal Instructions, trying to be thorough in the fix, so she will not have to deal with this problem anymore. I am now ready for some assistance in getting rid of this trojan once and for all on my sister's desktop pc.
For starters, her desktop is a Dell Dimension 2400, Intel Celeron CPU 2.4GHz, with 256 MB RAM (yes, I know, utterly zero RAM compared to current standards), and has a 40GB HDD. She is running WinXP Home Ed., with SP2, version 2002. There is a CD-RW drive, but nothing else was installed. Basically, it's an OTS As-Is purchase for my sister, as she did not request any specific modifications (the tower is actually riveted onto the frame, so you cannot remove it to install anything without permanently damaging the metal). She is a "newbie" to the technical world. I am not such a newbie. I have a lot of experience in many different technical areas, but as far as fixing viruses of this malicious nature (not easily fixed with one or two simple removal tools), I want to be absolutely certain her computer is running up to spec and would appreciate a helping hand determining what the logs all mean, and if, as I might suspect, the virus(es) still exist after all the initial attempts to rid it/them off of her computer.
When I first got the pc, she had McCaffee AV sw installed, which kept telling her a specific error message anytime she opened IE (thought I had written down the exact error, but if so, I cannot locate it now, so I will attempt to recall the majority of what it said from memory): The error message said it blocked access to a particular file when opening IE and that file is C\Windows\System32\JKHHI.DLL, with a title of Trojan.Virtumonde, which was dedicated at the Elevated Risk level. Since first working with her pc, I ran a few of the tools I've located within TechSpot, and noticed those error messages quit appearing, but I knew the virus was still in tact, as her pc was still excruciatingly slow at doing any one thing. I kept open windows to a minimum of 3, but that still did not help matters much. I continued to scan through TechSpot, to see what everyone was discussing and ways to get rid of things, and also scanned through several other web forums, and did the easiest things first, then attempted to do the 15-step Preliminary Removal instructions. Throughout the process of each of the scans, I went from having 4 trojans (Trojan.AgentAOY, Trojan.Downloader.ConHook (both High Risk), Adware.Adsponsor (Low Risk), and lastly, Trojan.Virtumonde (Elevated Risk) down to just about nothing, but there are still some things leftover. As there were several different scans requested throughout this 15-step removal process, the items found decreased, and even went entirely away within a few of the software products, but the last two scanning items still found some minor items, which is the entire reason I would like someone who knows how to read the logs entirely to take a peek at them and tell me what they are seeing. I can gather a lot of information from these logs myself, but I do not know what might be good or bad and I am dead tired of working on this system now. I pray I can get this pc fixed this evening (good luck, right!) I do not want to keep my sister's pc too long, as she has school classes she attends online and will need this computer back ASAP. So please let me know your thoughts! Thanks much for your responses, in advance.
Panda Anti-Rootkit Scan Results: No Rootkits have been found. Items scanned: 3558.
I have attached the 3 requested logs, as instructed: HJT, Combofix, and AVG: