trojan 28.a
- Thread starter Crpnobbs
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
You`re not running any antivirus or firewall software. This is a huge security risk. Follow all the instructions below exactly.
Download and install the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes. You can get them HERE, HERE, HERE and HERE.
Install whichever firewall you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times. Run the antivirus updates. Close the antivirus programme.
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Run a full system scan with your antivirus programme and delete whatever it finds. This includes any thing in the virus vault/quarantine. Close your antivirus programme.
Delete all files in the AVG Antispyware quarantine.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O9 - Extra button: (no name) - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.net:8080/java/cr.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = s26378.tjgo.com<Only fix this if you don`t recognise the domain or it doesn`t belong to your ISP.
O20 - Winlogon Notify: winhsq32 - C:\WINDOWS\SYSTEM32\winhsq32.dll
Click on the fix checked button.
Close HJT.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.
This is the file path you need to enter into killbox.
C:\WINDOWS\SYSTEM32\winhsq32.dll
Once your system has rebooted, turn system restore back on and rehide your protected OS files.
Post a fresh HJT log and let mm know how your system is running.
Regards Howard
This thread is for the use of Crpnobbs only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Download and install the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes. You can get them HERE, HERE, HERE and HERE.
Install whichever firewall you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times. Run the antivirus updates. Close the antivirus programme.
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Run a full system scan with your antivirus programme and delete whatever it finds. This includes any thing in the virus vault/quarantine. Close your antivirus programme.
Delete all files in the AVG Antispyware quarantine.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O9 - Extra button: (no name) - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.net:8080/java/cr.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = s26378.tjgo.com<Only fix this if you don`t recognise the domain or it doesn`t belong to your ISP.
O20 - Winlogon Notify: winhsq32 - C:\WINDOWS\SYSTEM32\winhsq32.dll
Click on the fix checked button.
Close HJT.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.
This is the file path you need to enter into killbox.
C:\WINDOWS\SYSTEM32\winhsq32.dll
Once your system has rebooted, turn system restore back on and rehide your protected OS files.
Post a fresh HJT log and let mm know how your system is running.
Regards Howard
This thread is for the use of Crpnobbs only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Uninstall pctools antivirus, it`s crap.
The windows Firewall is also crap.
The free Zonealarm or Kerio firewall programmes are much better.
Regards Howard
This thread is for the use of Crpnobbs only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
The windows Firewall is also crap.
The free Zonealarm or Kerio firewall programmes are much better.
Regards Howard
This thread is for the use of Crpnobbs only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Please stop installing new software until we have your problems sorted out. You`re just making this harder for yourself and for me too.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
PC Tools AntiVirus
BARBMU~1
Hercules\Video\Hercules 3DTweaker 3.0 LE (Build 25)
1-2-3 Spyware Free
ashampoo\Ashampoo AntiSpyWare
Jetico\Jetico Personal Firewall
ipwins
Close control panel.
Once you`ve uninstalled all that crap, reboot your computer and install either the free Zonealarm or the free Kerio firewall programmes.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Crpnobbs only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
PC Tools AntiVirus
BARBMU~1
Hercules\Video\Hercules 3DTweaker 3.0 LE (Build 25)
1-2-3 Spyware Free
ashampoo\Ashampoo AntiSpyWare
Jetico\Jetico Personal Firewall
ipwins
Close control panel.
Once you`ve uninstalled all that crap, reboot your computer and install either the free Zonealarm or the free Kerio firewall programmes.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Crpnobbs only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Strange, please post a fresh HJT log.
Regards Howard
Regards Howard
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Jetico
Jetico Personal Firewall
ashampoo
Ashampoo AntiSpyWare
1-2-3 Spyware Free
PC Tools AntiVirus
DAP
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
DAP.EXE
jpf.exe
AntiSpyWareGuard.exe
SpywareFreeMonitor.exe
PCTAV.exe
PowerReg Scheduler.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchexe.com/passthrough/index.html?http://about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: run=MSVXD.EXE,MSVXD.EXE,MSVXD.EXE,MSVXD.EXE,MSVXD.EXE,MSVXD.EXE÷¯DHCP÷]
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\jpf.exe"
O4 - HKLM\..\Run: [glrmxwe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\glrmxwe.dll,qnvaobf
O4 - HKLM\..\Run: [Ashampoo AntiSpyWare Guard] C:\Program Files\ashampoo\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe
O4 - HKLM\..\Run: [123Monitor] C:\Program Files\1-2-3 Spyware Free\SpywareFreeMonitor.exe
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O20 - Winlogon Notify: winhsq32 - winhsq32.dll (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\PROGRA~1\DAP
C:\Program Files\PC Tools AntiVirus
C:\Program Files\1-2-3 Spyware Free
C:\Program Files\ashampoo
C:\Program Files\Jetico
PowerReg Scheduler.exe Search your system for this file and delete all instances of it.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.
This is the filepath you need to enter into killbox.
C:\WINDOWS\system32\glrmxwe.dll,qnvaobf
Once your system has rebooted, turn system restore back on and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Crpnobbs only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Jetico
Jetico Personal Firewall
ashampoo
Ashampoo AntiSpyWare
1-2-3 Spyware Free
PC Tools AntiVirus
DAP
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
DAP.EXE
jpf.exe
AntiSpyWareGuard.exe
SpywareFreeMonitor.exe
PCTAV.exe
PowerReg Scheduler.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchexe.com/passthrough/index.html?http://about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: run=MSVXD.EXE,MSVXD.EXE,MSVXD.EXE,MSVXD.EXE,MSVXD.EXE,MSVXD.EXE÷¯DHCP÷]
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\jpf.exe"
O4 - HKLM\..\Run: [glrmxwe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\glrmxwe.dll,qnvaobf
O4 - HKLM\..\Run: [Ashampoo AntiSpyWare Guard] C:\Program Files\ashampoo\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe
O4 - HKLM\..\Run: [123Monitor] C:\Program Files\1-2-3 Spyware Free\SpywareFreeMonitor.exe
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O20 - Winlogon Notify: winhsq32 - winhsq32.dll (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\PROGRA~1\DAP
C:\Program Files\PC Tools AntiVirus
C:\Program Files\1-2-3 Spyware Free
C:\Program Files\ashampoo
C:\Program Files\Jetico
PowerReg Scheduler.exe Search your system for this file and delete all instances of it.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.
This is the filepath you need to enter into killbox.
C:\WINDOWS\system32\glrmxwe.dll,qnvaobf
Once your system has rebooted, turn system restore back on and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Crpnobbs only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Followed the insturctions and removed what files were there but still no joy with zone alarm.
Not wanting to persume but i did notice that 4 of the files turned up in the log (119 taken after rebooting into normal mode) but were not present in safe mode (118) would this have anything to do with it?
I'm just guessing.
thanks.
Not wanting to persume but i did notice that 4 of the files turned up in the log (119 taken after rebooting into normal mode) but were not present in safe mode (118) would this have anything to do with it?
I'm just guessing.
thanks.
howard_hopkinso
Posts: 21,238 +17
In that case, follow the instructions in normal mode.
Then, post a fresh HJT log.
Regards Howard
This thread is for the use of Crpnobbs only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Then, post a fresh HJT log.
Regards Howard
This thread is for the use of Crpnobbs only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Your HJT log is clean as a whistle.
I don`t know what the problem is with Zonealarm, maybe try the free KERIO firewall and see how that goes.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Crpnobbs only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I don`t know what the problem is with Zonealarm, maybe try the free KERIO firewall and see how that goes.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Crpnobbs only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
Latest posts
-
Repair shop reports receiving 200 melted RTX 4090s per month, up from last year- Bruno M. Villar replied
-
New Affordable AMD B650 Motherboard Roundup- Loadedaxe replied
