TechSpot

this log is in the mobo page but i just putting it here...

By Jacal
Apr 28, 2007
  1. Sorry but i am asking for assistance in getting rid of a trojan called trojan.duntek.
    I suspected my system of having a virus yesterday, but when i checked for my internet security software it was not there. It is the one that came with the motherboard norton internet security 2005. i have recently installed it back and renewed it, downloaded all the updates. It found 2 main viruses one was something like w32.rontkbro or something like that and the trojan, it cleaned up the w32 one but it had already done its damage cause i can no longer see my folder options menu i know there is a way to enable it back using gpedit.msc but i do not remember how. the trojan however it cannot be delete :( it is located at c:\windows\system32\c_2r12.dll.
    Please i am asking for any assistance in solving the problem. Thank you.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of Jacal only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Jacal

    Jacal TS Rookie Topic Starter Posts: 83

    what does the p stand for?

    it does not tell me what the p stands for :suspicious:
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Follow the instructions and post the requested logfiles. I`ll then see what needs to be removed(if anything) and give you instructions on how to go about it.

    In the meantime, you can do the following.

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt, as well as the rest of the requested logfiles.

    Regards Howard :)

    This thread is for the use of Jacal only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Jacal

    Jacal TS Rookie Topic Starter Posts: 83

    Part of the previous instruction says to show all my hidden folders, but i still am not able to see the folder options. Please assist.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Double click my computer and click the tools menu. Select Folder options and click the view tab. Under Advanced settings, scroll down and click on the "Show Hidden files and folders" button, then scroll down and untick the box next to where it says "Hide Protected Operating System files (Recommended)". Click yes, followed by apply/ok and close my computer.

    Regards Howard :)

    This thread is for the use of Jacal only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Jacal

    Jacal TS Rookie Topic Starter Posts: 83

    sorry but what i mean is i litterally dont see the folder options in the tools menu after the w32.rontokbro(sp) virus infected my computer. it has been completely cleaned though. but as for the report from hijackthis, the character count exceds the limit so i am wondering if there is a way to attach the saved log so as to you can download it. i am wondering where in gpedit.msc to find the setting to make it so the option is visable.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, try this instead.

    Go to your control panel and double click the folder options icon. See if that helps.

    All log files must be posted as attachments, see HERE.

    Don`t forget, I need to see The Avenger log as well as Combofix, AVG Antispyware and fresh HJT logs.

    Regards Howard :)

    This thread is for the use of Jacal only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Jacal

    Jacal TS Rookie Topic Starter Posts: 83

    and i never got the attached script file, sorry if i am frustrating you in anyway but i am new these things >.<

    the folder options icon is not there >.<
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No worries mate.

    The Avenger script file is attached to my post#4.

    Follow the instructions without the hidden files and folders bit for now.

    Regards Howard :)

    This thread is for the use of Jacal only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. Jacal

    Jacal TS Rookie Topic Starter Posts: 83

    these two are the only ones that working properly.

    the file got deleted ... yay :D i love you howard would marry you but i am not gay XD and i have a girlfriend lol but now i going to have to re-install one of my files but thats no biggy, atleast no more window from norton saying that trojan.duntek cannot be deleted appairs :D:giddy:

    My folder options also came back :D :D :D :D :D Thank you guys so much, you are all life savers. Now lol i have one more problem i going to find the right forum to post it in. This website is helping me for when i actually do start a degree in computing, i will do good thanks to you guys :D For now i will just use my high school knowledge and help from you guys if you don't mind :p
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your have posted the Avenger script, instead of the Avenger log lol.

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as fresh HJT, Combofix and AVG Antispyware logs.

    Regards Howard :)

    This thread is for the use of Jacal only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. Jacal

    Jacal TS Rookie Topic Starter Posts: 83

    sorry my bad . here you go.

    that is the only avenger file apart from the folders.
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Unfortunately, that`s the Avenger log from the first time you ran the programme. What I need is the Avenger log from the secoind time you ran the programme as per the instructions in my post above. I also require you to post fresh Combofix, AVG Antispyware and HJT logs as well. Instructions can be found HERE.

    Regards Howard :)

    This thread is for the use of Jacal only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...