Trojan Horse Downloader & Fake Alert

[giget2000]

I have the free trial of AVG and on 11/4 it showed that I had two infections
1. Trojanhorsedownloader.generic8.BCQ
2. Virus found Fake Alert

I moved them to the vault and didn't really think anything would hapen but I was wrong. In the past few days my computer:

will just shut off randomly,

when typing on gmail chat there is a lag and some letters just don't type,

today my wireless internet connection vanished (i am using a local connection)

What can I do to fix this problem?

 

[mflynn]

Hi giget2000

Go here:

The TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

After loading but before clicking Scan do the below config changes

SuperAntispyware config

UPDATE!

Then

Click the Preferences button.

Then Scanning Control.

In Scanner Options make sure the following are checked:
1. Close browsers before scanning
2. Scan for tracking cookies
3. Terminate memory threats before quarantining.
4. Leave the others as they are.

In MalwareBytes after update but before running
Click settings and confirm all are Checked.

I repeat Update these 2 programs.

Run them and post their logs then a new HJT log HJT always last.

After attaching logs from above run both programs again to confirm they find nothing else and attach new logs for this run!

If the programs will not update or run then you must do the below

You need to rename SuperAntiSpyware to say SAS.exe and mbam.exe to mwbam.exe.

So My Computer to \Program Files\SuperAntiSpyware find and rename as above and run from there by dbl clicking. Then do the same for MalwareBytes.

Do this correctly and we will make a short job of this!

Mike

 

[giget2000]

this is what happened

This is what the results of my malware bytes program:

 

[giget2000]

hijack results

deleted message

 

[mflynn]

OK repeat the run with mbam until it cleans all or finds something it can not clean.

Attach the logs on each run (not post in thread) .

Then do the same with SAS!

Mike

 

[giget2000]

deleted message

 

[mflynn]

The last was a partial HJT.

Do not post in thread! ATTACH ATTACH ATTACH!

Now attach the full HJT log and continue with my last post.

Mike

 

[giget2000]

sorry

I was having trouble attaching but I figured it out


what do I do next?

 

[giget2000]

more log results

here are the malware log results

 

[mflynn]

OK good now!

Run mbam again until it comes up clean. Attach log each run.

Then do same for SAS.

Mike

 

[giget2000]

getting better

the latest malware run says 0 problems,

the SAS is still running and it says that there are 3 adware, tracing cookies thus far.

I check my bank account regularly on this compter, is it a good idea to have all my accounts changed because of this or am I overreacting?

 

[mflynn]

To be honest! Yes!

But after this cleaning if you will run these programs update them once every 2 weeks or at first sign of trouble or slowdown.

It should be OK!

After you finish the above we may do another different step.

Mike

 

[giget2000]

Results of SAS

SAS said I had 7 adware tracing cookies the second time I ran it

 

[giget2000]

SAS

I ran SAS yet again and this time I got 9 adware tracing cookies. Are these dangerous? I can't seem to get rid of them

 

[mflynn]

Hi giget

No not so dangerous.

But attach the log, then move on to HJT please. Attache the log for HJT after running it.

Mike

 

[Villon]

Download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.

Create a new folder on the desktop and name it HiJackThis
Then download HiJackThis v.2.0.2 to this new folder.
Run a Full System Scan with HiJackThis and save the log.
Post back here with both the MBA-M log and the HiJackThis log.

 

[mflynn]

Mbam has already been run 3 times and SAS twice, HJT more than once????

Mike

 

[giget2000]

Tests

this it the latest hijack run

 

[giget2000]

I only ran mbam twice because it came up with 0 problems.

SAS was done three times the first time had alot of tracing cookies, the second time had 7 and the third time said I had 9 tracing cookies.

 

[mflynn]

Hi giget

HJT Scan onlySelect for remove all the below

Note most of these are are pointing to legit windows files as missing which is a concern, I will have to address this before we finish.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

OK what abuot Norton/Symantec you had it, and uninstalled? Now use AVG!
I will address this after your answer.

Then Reboot open no Apps post another HJT I need to see if these clear.

Mike

 

[giget2000]

sorry I am not that computer literate. I had Norton antivirus on my computer when i baught it (came with a 30 day trial) then I unistalled it because I wasn't going to renew the license. I use AVG but it dosen't "fix" anything it just seems to tell me I have problems.

Do you want me to click the items you listed above and deleted them through hijack?

 

[mflynn]

Yes clear them all, then reboot and without running anything else run HJT clear them post a new HJT log.

So as usual Norton did not completely uninstall but we will handle that before we close the thread.

Please don't drop out on me until we are through and I tell you we are finished.

You are doing fantastical.

Mike

 

[mike171271]

Superantispywarekiller (Free ed) Spybot , malwarebytes (free), combofix and avg free.
Run in this order I do it 6 time a day on customers machines and never fails. hijackthis never hurts. Combofix is a monster that program has saved me so many times..

 

[giget2000]

latest hijack

i fixed the ones you posted and here is the latest hijack run.

 

[mflynn]

Are you sure you did it right?

All are still there! These are not related to Malware itself but may be from damage caused by them. As soon as I am sure we are clean we will fix thes issues.

Run HJT Scan only select by checking boxes of these items and then below Fix Checked and ok to remove the items.

Reboot before continuing below and run nothing but HJT and post another log.

It looks like we have most of the Malware but do the below.

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html

Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall

Mike