TechSpot

Trogan

By Manjit
Aug 4, 2008
  1. My computer has been running pretty sluggishly for the past few days. So I ran a few scans firstly with Trendmico's Housecall which found some Adware. I then used HijackThis and Malwarebytes and attached the logs. According to malwarebytes I had a FakeTrogan on my computer but I've deleated it, is that the end of the matter now? Or do I have to take further steps?

    Any help would be appreciated.

    Thanks in advance.
     

    Attached Files:

  2. SpiritWind

    SpiritWind TS Rookie Posts: 164

    Hi :

    To be on the "safe side", I recommend you run a "Full Scan" of the FREE Version
    of "SUPERAntiSpyware", available from www.superantispyware.com . This program
    & MalwareBytes Anti-Malware should be your antispyware/antitrojan programs,
    not "Windows Defender" and Spybot . Your Choice of Norton as your antivirus
    program is unwise; it ONLY had a 18% "Prevention Rate" based on the latest Tests done by the INDEPENDENT Researchers at www.av-comparatives.org ; even
    the FREE Avast Antivirus Home Edition ( www.avast.com ) had a 28% Rate in this
    category . Adobe Reader is prone to malware attacks; would be wise to consider
    the Alternative "Foxit Reader", with Info at www.foxitsoftware.com/pdf/rd_intro.php .
    And lastly, it is wise to check to see IF your programs have the latest, SECURE
    Version by running the FREE Online "Software Inspector", available at
    http://secunia.com/software_inspector .
     
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Yes remove this one at least:
    SpiritWind you are right with your support, but your layout is very poor.

    I'd also recommend that you follow this link in full:
    http://www.techspot.com/vb/topic109461.html
     
  4. Manjit

    Manjit TS Rookie Topic Starter Posts: 82

    Thanks for your reply Kimsland.

    You said to remove,

    Quote:
    O4 - HKLM\..\Policies\Explorer\Run: [vyVngYrKHE] C:\Documents and Settings\All Users\Application Data\behwdklo\tuvmtujm.exe

    I'm rather unsure how I do this, where would I do deleate it from? Might seem a bit silly but it does not appeak to be in Documents and Settings, or am I looking in totally the wrong place.

    I'll go through the steps you recommened, do I needed to turn off Norton and Windows Defender before I start? Or will be able to run the various scans with them still on?

    Thanks again for your help.
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Sorry, been a while
    Although I expect that you may have been through these steps by now

    Also that tuvmtujm.exe file; that may be hidden, but it was sited in your log
    You can actually tick it in the log, then remove it from there (in the HJT program that is, not the txt file)

    Anyway, let me know how it all goes
     
  6. Manjit

    Manjit TS Rookie Topic Starter Posts: 82

    I've followed the instructions as set out in the link that 'Kimsland' posted. I have posted the logs below. According to Malwarebytes I have a FakeTrogan. I'm not really sure what I'm supposed to be looking for in the various logs so any help would be appreciated.

    Thanks
     
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    This came back - same file as back in april

    Open notepad and copy and paste next bold in it:

    regedit /e peek.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify"
    type peek.txt >> look.txt
    del peek.txt
    start notepad look.txt


    Save this as look.bat , choose to save as *all files and place it on your desktop.

    It should look like this on your desktop: [​IMG]

    Doubleclick look.bat
    Notepad will open with some txt in it. Copy and paste the contents in your next reply.
     
  8. Manjit

    Manjit TS Rookie Topic Starter Posts: 82

    I've removed the tuvmtujm.exe file via HijackThis.
     
  9. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    that doesn't remove the bad folder from you computer - please show me the reg export and I will put up some detailed instructions
     
  10. Manjit

    Manjit TS Rookie Topic Starter Posts: 82

    I followed your instructions, thou seems to be an awful lot of text in the look.txt file so I've attached rather than copy an paste it.
     
  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Just letting you know, I'm not a Spyware/Malware specialist
    But I do know, when I see files/programs that shouldn't be in your log
    (ie there may be others too)

    I advise to remove this file sharing program for your security:

    KService.exe Peer To Peer (P2P) sharing application from Kontiki
    KHost.exe Kontiki Delivery Manager Client. VeriSign's Kontiki is peer-to-peer software (P2P)

    The following can be removed by placing a tick in HJT program, then fixing them.
    I would also like to comment on Symantec (Norton) Antivirus that has not protected you (what-so-ever) and suggest that you fully un-install it, and use Avast or Avira (free) Antivirus (which will protect you a whole lot better!
     
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    You still sticking with norton aye? I see the entry you just "fixed" is back

    Remove bad HijackThis entries
    • Run HijackThis
    • Click on the System Scan Only button
    • Put a check beside all of the items listed below (if present):

      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O4 - HKLM\..\Policies\Explorer\Run: [vyVngYrKHE] C:\Documents and Settings\All Users\Application Data\behwdklo\tuvmtujm.exe
      O9 - Extra button: Erotic - {8E65B894-C2E9-11D5-BCD3-00E018987519} - C:\LIVE_CAMgb\LIVE_CAMgb.exe (file missing)
      O20 - Winlogon Notify: fin42u - C:\WINDOWS\
      O20 - Winlogon Notify: tuvVPfeE - C:\WINDOWS\
    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.

    ---------------------------------------------------------------

    OTMoveit2 by OldTimer
    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      [b]HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\vyVngYrKHE
      C:\LIVE_CAMgb
      C:\Documents and Settings\All Users\Application Data\behwdklo[/b]
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    Attach both logs back here
     
  13. Manjit

    Manjit TS Rookie Topic Starter Posts: 82

    I was totally unware I even had the KService and KHost. Should I simply remove them by trying to find them in my program files. All use HijackThis to remove them?
     
  14. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well I was waiting for BD (and I may stand back now too)
    But it's usually found in Add/Remove Programs (in Control Panel)
    Along side Norton ;)
     
  15. Manjit

    Manjit TS Rookie Topic Starter Posts: 82

    Here are the log files requested.
     
  16. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    go ahead kimsland looks like those are gone for now, and off the logs
     
  17. Manjit

    Manjit TS Rookie Topic Starter Posts: 82

    I well get rid of Norton, it's been annoying alot with constant updates which slow down laptop and as this has shown have done nothing to actually protect me.

    I in the add/remove programs in Control Panel their is nothing in terms of KService or KHost. But their are a couple of things that look rather strange. Firstly their is a program called 'bhimpryoxz' as a non computer expert is this integral to my laptops working or should it not be their? Also under Mircrosoft.Net Framework 2.0 and the various updates their is one update called simply Dr Watson I presume that should not be their?
     
  18. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Still there

    As is Norton (have I said that multiple times :confused: )
     
  19. Manjit

    Manjit TS Rookie Topic Starter Posts: 82

    Ok, i'll give Avast a go after i've sorted this out.
     
  20. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I know, I felt like a bit of a nag, after my last post.

    Also Avast : http://www.avast.com/eng/avast_4_home.html
    Once downloaded and installed
    You now need to register (this free program) I know it's silly, but still worth it
    If you don't register it, it will only last a month

    Anyway, make sure it updates fully
    Then you might want to do a full scan with it (your choice)

    Also Norton, Symantec, Live Update, Live Reg, all to do with Norton Antivirus
    So there may be multiple uninstalls
    Actually I'd do your own personal scan with HJT and remove any leftovers (once it's uninstalled)
    There's also a removal tool (on their site) if you get stuck
     
  21. Manjit

    Manjit TS Rookie Topic Starter Posts: 82

    Thanks for your help, i'll give that a go now. I've got rid of that Kontiki rubbish now.

    Once again thanks for all your help much appreciated.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...