TechSpot

Trojan, Downloader, etc.

By Jet9696
Nov 9, 2008
Topic Status:
Not open for further replies.
  1. Hi there. I was hoping someone could help me with this. I did the 8 steps and from AVG to Superantispyware, I have come up with four different issues that are supposedly removed:

    TROJAN HORSE AGENT.3.R

    JS/DOWNLOADER.AGENT

    ROGUE.XP ANTISPYWARE2009-TRACE

    TROJAN.DROPPER/FAKEALERT

    I am attaching the logs and would be grateful for any help.
  2. mflynn

    mflynn TS Rookie Posts: 2,793

    Hi Jet

    Boot to Safe Mode Networking (Safe Mode networking has Internet access regular Safe Mode does not). This is to allow posting of logs back while in Safe Mode.

    Run both MalwareBytes and SAS again multiple times until they come up clean or cannot clean something.

    Reboot to normal and post new HJT log.

    You have other issues I am not addressing at this time.

    Mainly you have 2 major online active Anti Virus programs, Norton and AVG. This is a no no and can actually lower your protection level as they compete with each other. And a couple of useless start ups.

    Mike
  3. Jet9696

    Jet9696 TS Rookie Topic Starter

    Hey Mike,
    Thanks for replying to this post so quickly. I did what you said to do. I ran both cleaners until it found nothing. I am attaching the latest Hijack This file.

    You said that Norton's was running on my PC. I removed that long ago using the removal tool. At least I thought it was removed. Thanks again for taking the time to help me on this.

    Jeff

    PS, I added another HJT file. This file was taken after I rebooted windows out of safe mode. I misread your post. Thanks.

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I will be glad to review the logs you have attached from the TechSpot malware cleaning. It is no so simple to say run programs until they're clean. Give me a few minutes, okay?
  5. mflynn

    mflynn TS Rookie Posts: 2,793

    Ok jet

    Simple are we supposed to do it the hard way, I did parse his logs.
    Good job jet.

    I see that was the leftovers of Norton/Symantec.

    Ok run HJT Scan only and select the following for removal.

    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Then go to Add/Remove programs and uninstall Viepoint.

    Run a full Virus scan after updating post the results and tell me how the computer is running.

    After this reboot and post new HJT Log.

    Mike
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Let's get some updating done:
    Update Java:
    Update Adobe:
    Have SAS remove Trojan.Dropper/FakeAlert, XP AntiSpyware2009-Trace. and the Tracking Cookies. The screen shots here can be enlarged with a click to see the settings to use:
    http://superantispyware.en.softonic.com/images.

    Reset Cookies:
    You are showing two antivirus programs installed: both are loading. If you previously used Norton, you will need to use their Removal tool to complete the uninstallation: Download and Save to your desktop. Don't run yet: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

    Note please that I am reviewing your original HijackThis log. You have some Real Time processes running that should have been stopped before the cleaning. We will see if this is an obstacle.

    NOTE: Your System Restore points are infected. DO NO use System Restore. Those files are protected and the cleaning programs will not remove them. When the system is clean, we will remove the old restore points and set a new one.

    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.
    Now close all
    iJackThis and reboot into Safe Mode:
    Start> Run> type in msconfig' without quotes> Enter> Selective startup> Startup tab> UNCHECK:
    Control Panel> Add/remove Programs> Uninstall the following if present:
    Start> Run> services.msc: On each of the following Services: Right click> Properties> Change Startup type to Disabled:
    Now run the Norton Removal Tool by a double-click on the Setup you save to the desktop.

    Reboot into Normal Mode. You will get a nag message that you can just close after checking 'don't show this message again'. Stay in Selective Startup.

    Run new HijackThis scan and attach log.

    A NOTE: If speed is an issue for you, you have many processes loading at Startup that do not to. We can work on that if you want, when through with the cleaning.
  7. Jet9696

    Jet9696 TS Rookie Topic Starter

    Bobbye,

    Thanks for taking the time to help me with this problem. Both you and Mike are awesome! I have done what the both of you have said to do. I am attaching the latest HJT file. At your convenience, please review this and let me know if there is anything further for me to do. Thanks again.
  8. mflynn

    mflynn TS Rookie Posts: 2,793

    Hi Jet

    You did a great job followed instructions and posted the logs.:grinthumb

    Looks good to me.

    Only a few wheel spinners in startup quicktime updater etc
    But your Malware is gone.

    I would do the below.

    Run CCleaner cleanup temps twice or until no more found and Registry twice or until no more found..

    ----------------------------------------------------------------------------------------------------------------------------------
    D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

    http://www.majorgeeks.com/ATF_Cleaner_d4949.html

    ----------------------------------------------------------------------------------------------------------------------------------
    The Malware is saved in your System Restore so we need to clean that

    Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs. Note: if you minimize now go to My Computer and note the free space and check this again after the run you will be able to see the likely large difference.

    This is if you have the Volume Shadow Copy running which is the default.

    Next:
    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Once the new Restore point is made run the Disk Cleanup again and it will then only leave the clean "After cleanup at TechSpot" point!
    ----------------------------------------------------------------------------------------------------------------------------------

    A Defrag is in order.

    Wait for Bobbye's comments also.

    Mike:wave:
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The log look good. Keep in mind what I said:
    Now let's remove the cleaning tools:
    Clear your existing System Restore points and establish a new clean restore point:
    You did a nice job. It was a pleasure working with you. Let us know if we can be of further help.
  10. Jet9696

    Jet9696 TS Rookie Topic Starter

    It is done!

    I just want to thank mflynn and Bobbye for being kind enough to help me out of a jam. The both of you are great!!! TechSpot is really a breath of fresh air. I am no computer genius by any stretch of the imagination but I think I'm going to hang around and read these boards on a regular basis. With people like you two here, I'm sure to pick up some valuable information.

    One last question though....how can I get my clock back to regular time? After all this happened, it went to a 24hr military format.

    Thanks again,
    Jeff
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Reset clock to regular time from military time:
    Step1> Open Control Panel
    Step2> Open "Regional and Language Options"
    Step3> Click "Customize"
    Step4> Click on the "Time" tab
    Step5> Change "Time Format" section to h:mm:ss tt
    Step6>Be sure ":" for the time separator and AM and PM are selected on the next couple of lines. They may be set here already.
    Step7> Click "Apply" and "Ok" on each open window.

    NOTE: The Control Panel needs to be set in Category View.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.