Trojan Horse Generic 13.BWN

[LKS]

Hi hi, my computer recently being attacked by Trojan Horse Generic 13.BWN.
I had done the 8 Steps Viruses Preliminary Removal Instructions.
Here are the required log file. Can help me to check whether my pc is Clean.
Thank you very much

 

[kimsland]

Run the Norton Removal Tool: ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
(Seeming Norton Internet Security is still running!)

Uninstall your AVG Antivirus
Then run the removal tool
Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe

Restart

Install Avira free AntiVirus

Combofix Instructions

• Download Combofix to your desktop.
• Double click Combofix & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt
Also attach a fresh HiJackThis scan ran afterwards

 

[LKS]

I Tried to run the Norton Removal, but a prompt up said that the file is corrupted. so what should i do now?

 

[kimsland]

I just downloaded it and ran it.
It ran fine

Do this:

Delete the current "Norton_Removal_Tool.exe" (whereever you downloaded it to)
Run CCleaner
Then re-download: the Norton Removal Tool: ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Run it

Restart

continue above

 

[LKS]

Hi hi, i had done all instructions, here are the combofix and hijack file

 

[kimsland]

Actually a difficult one as there are many startups to sort through

Please open HJT Scan only, and place a tick in the checkboxes along side the following entries:
Close all Internet browsers then select FIX

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: ?¨¬3¦Ì(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra 'Tools' menuitem: ?¨¬3¦Ì(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs:

Also go to Add\Remove Programs and remove:
Ad-Aware (some wasted startups happening)
FlashGet (this is a must, as I have asked you to remove two entries above)
BitComet (seeming this is where the infections have come from)

Then run IE Reset. INFO HERE

You may want to turn off some not needed Windows Startups too. INFO HERE

Run the Norton Removal tool (as you have Symantec starting too, trying to update!)

Then Restart

Then run ComboFix again (pretty sure all aint gone yet
Also submit the log again, plus a new HJT scan log

 

[LKS]

I had done all the instructions ,here are new log files

 

[kimsland]

Hmm

Did IE Reset get done?
Also Norton Removal Tool?

Also BitComet is still listed in ComboFix log, if you uninstalled it already, please go to:
Start-> Run-> %programfiles% ->ok
Locate BitComet, and right click on it and delete it.

 

[LKS]

I had done all now. What should i do now?

 

[kimsland]

I really need the logs to confirm BitComet is gone. As there is no use continuing with File Sharing programs installed. ie re-infection is imminent.

Anyway, just do this: (as long as all what I said above is completed, ie I don't like long threads, and intend not to make this one drag out either)

Please download and run SDFix (I'm sorry, but I must refer you to t h i s tutorial on its use, scroll down to "SDFix Instructions")

Download, and run the "RunThis.bat" in Safe Mode, as advised
Then attach the log and (after the SDFix scan) a new HJT log
Oh by the way, it says that it may take 20mins to scan! (Mine took over an hour to complete!)

 

[LKS]

Hi hi, here are the files.
Thanks a lot.

 

[LKS]

May i know is it my pc is alright?

 

[kimsland]

Due to time restraints I have stopped my support on Virus & Malware removal
I apologize for the inconvenience, basically TechSpot has become busier and Virus & Malware takes a large amount of my time to support.

If you do not receive any further replies on this thread by other support members, please create a New Thread