Trogan

[Manjit]

My computer has been running pretty sluggishly for the past few days. So I ran a few scans firstly with Trendmico's Housecall which found some Adware. I then used HijackThis and Malwarebytes and attached the logs. According to malwarebytes I had a FakeTrogan on my computer but I've deleated it, is that the end of the matter now? Or do I have to take further steps?

Any help would be appreciated.

Thanks in advance.

 

[SpiritWind]

Hi :

To be on the "safe side", I recommend you run a "Full Scan" of the FREE Version
of "SUPERAntiSpyware", available from www.superantispyware.com . This program
& MalwareBytes Anti-Malware should be your antispyware/antitrojan programs,
not "Windows Defender" and Spybot . Your Choice of Norton as your antivirus
program is unwise; it ONLY had a 18% "Prevention Rate" based on the latest Tests done by the INDEPENDENT Researchers at www.av-comparatives.org ; even
the FREE Avast Antivirus Home Edition ( www.avast.com ) had a 28% Rate in this
category . Adobe Reader is prone to malware attacks; would be wise to consider
the Alternative "Foxit Reader", with Info at www.foxitsoftware.com/pdf/rd_intro.php .
And lastly, it is wise to check to see IF your programs have the latest, SECURE
Version by running the FREE Online "Software Inspector", available at
http://secunia.com/software_inspector .

 

[kimsland]

Yes remove this one at least:

O4 - HKLM\..\Policies\Explorer\Run: [vyVngYrKHE] C:\Documents and Settings\All Users\Application Data\behwdklo\tuvmtujm.exe

SpiritWind you are right with your support, but your layout is very poor.

I'd also recommend that you follow this link in full:
https://www.techspot.com/vb/topic109461.html

 

[Manjit]

Thanks for your reply Kimsland.

You said to remove,

Quote:
O4 - HKLM\..\Policies\Explorer\Run: [vyVngYrKHE] C:\Documents and Settings\All Users\Application Data\behwdklo\tuvmtujm.exe

I'm rather unsure how I do this, where would I do deleate it from? Might seem a bit silly but it does not appeak to be in Documents and Settings, or am I looking in totally the wrong place.

I'll go through the steps you recommened, do I needed to turn off Norton and Windows Defender before I start? Or will be able to run the various scans with them still on?

Thanks again for your help.

 

[kimsland]

Sorry, been a while
Although I expect that you may have been through these steps by now

Step 1

Temporarily Disable Real Time Monitoring Programs

This is because some real time protection programs can interfere with any fixes we are trying to run.

Also that tuvmtujm.exe file; that may be hidden, but it was sited in your log
You can actually tick it in the log, then remove it from there (in the HJT program that is, not the txt file)

Anyway, let me know how it all goes

 

[Manjit]

I've followed the instructions as set out in the link that 'Kimsland' posted. I have posted the logs below. According to Malwarebytes I have a FakeTrogan. I'm not really sure what I'm supposed to be looking for in the various logs so any help would be appreciated.

Thanks

 

[Blind Dragon]

This came back - same file as back in april

Open notepad and copy and paste next bold in it:

regedit /e peek.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify"
type peek.txt >> look.txt
del peek.txt
start notepad look.txt

Save this as look.bat , choose to save as *all files and place it on your desktop.

It should look like this on your desktop:

Doubleclick look.bat
Notepad will open with some txt in it. Copy and paste the contents in your next reply.

 

[Manjit]

I've removed the tuvmtujm.exe file via HijackThis.

 

[Blind Dragon]

that doesn't remove the bad folder from you computer - please show me the reg export and I will put up some detailed instructions

 

[Manjit]

I followed your instructions, thou seems to be an awful lot of text in the look.txt file so I've attached rather than copy an paste it.

 

[kimsland]

Just letting you know, I'm not a Spyware/Malware specialist
But I do know, when I see files/programs that shouldn't be in your log
(ie there may be others too)

I advise to remove this file sharing program for your security:

KService.exe Peer To Peer (P2P) sharing application from Kontiki
KHost.exe Kontiki Delivery Manager Client. VeriSign's Kontiki is peer-to-peer software (P2P)

The following can be removed by placing a tick in HJT program, then fixing them.

O4 - HKLM\..\Policies\Explorer\Run: [vyVngYrKHE] C:\Documents and Settings\All Users\Application Data\behwdklo\tuvmtujm.exe
O9 - Extra button: Erotic - {8E65B894-C2E9-11D5-BCD3-00E018987519} - C:\LIVE_CAMgb\LIVE_CAMgb.exe (file missing)

I would also like to comment on Symantec (Norton) Antivirus that has not protected you (what-so-ever) and suggest that you fully un-install it, and use Avast or Avira (free) Antivirus (which will protect you a whole lot better!

 

[Blind Dragon]

You still sticking with norton aye? I see the entry you just "fixed" is back

Remove bad HijackThis entries

• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
  
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Policies\Explorer\Run: [vyVngYrKHE] C:\Documents and Settings\All Users\Application Data\behwdklo\tuvmtujm.exe
  O9 - Extra button: Erotic - {8E65B894-C2E9-11D5-BCD3-00E018987519} - C:\LIVE_CAMgb\LIVE_CAMgb.exe (file missing)
  O20 - Winlogon Notify: fin42u - C:\WINDOWS\
  O20 - Winlogon Notify: tuvVPfeE - C:\WINDOWS\

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

---------------------------------------------------------------

OTMoveit2 by OldTimer
Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [b]HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\vyVngYrKHE
  C:\LIVE_CAMgb
  C:\Documents and Settings\All Users\Application Data\behwdklo[/b]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Attach both logs back here

 

[Manjit]

I was totally unware I even had the KService and KHost. Should I simply remove them by trying to find them in my program files. All use HijackThis to remove them?

 

[kimsland]

Well I was waiting for BD (and I may stand back now too)
But it's usually found in Add/Remove Programs (in Control Panel)
Along side Norton

 

[Manjit]

Here are the log files requested.

 

[Blind Dragon]

go ahead kimsland looks like those are gone for now, and off the logs

 

[Manjit]

I well get rid of Norton, it's been annoying alot with constant updates which slow down laptop and as this has shown have done nothing to actually protect me.

I in the add/remove programs in Control Panel their is nothing in terms of KService or KHost. But their are a couple of things that look rather strange. Firstly their is a program called 'bhimpryoxz' as a non computer expert is this integral to my laptops working or should it not be their? Also under Mircrosoft.Net Framework 2.0 and the various updates their is one update called simply Dr Watson I presume that should not be their?

 

[kimsland]

O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all

Still there

As is Norton (have I said that multiple times )

 

[Manjit]

Ok, i'll give Avast a go after i've sorted this out.

 

[kimsland]

I know, I felt like a bit of a nag, after my last post.

Also Avast : http://www.avast.com/eng/avast_4_home.html
Once downloaded and installed
You now need to register (this free program) I know it's silly, but still worth it
If you don't register it, it will only last a month

Anyway, make sure it updates fully
Then you might want to do a full scan with it (your choice)

Also Norton, Symantec, Live Update, Live Reg, all to do with Norton Antivirus
So there may be multiple uninstalls
Actually I'd do your own personal scan with HJT and remove any leftovers (once it's uninstalled)
There's also a removal tool (on their site) if you get stuck

 

[Manjit]

Thanks for your help, i'll give that a go now. I've got rid of that Kontiki rubbish now.

Once again thanks for all your help much appreciated.