TechSpot

Trojan horse Pakes.U

By marcske
Sep 5, 2006
  1. Hello there,
    I'm a new member searching and looking arround for some help in cleaning my system. I read allready the threads about this subject and was surprised to see that someone really get some help.
    I tried almost everything as up today,even the avg support guys couldn't help .
    So I hope someone here is willing to help me.
    thanks so far.
    You can reach me by mail or in this thread.
    I don't know exactly hos this system with the threads and posts works.........but I'm shure sombody will explain it to me............
    thanks

    marc schelstraete
    email:marcschelstraete@gmail.com
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I have moved your thread to the correct forum.

    Go HERE and follow all the instructions exactly.

    Post fresh HJT and Ewido logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of marcske only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. marcske

    marcske TS Rookie Topic Starter

    Back again...

    Hello Howard,
    here I am again..........I did all the steps I read in the post (vundofix,aboutbuster etc....).Did a AVG scan witch found no viruses and then I liked to make the HJT log and the ewidolog, and now when I was writing this message there it was again..........trojan Pakes.U spotted by the avg resident shield.So I healed it.........and now I send the logs made just 5 minutes ago.

    Hope I did everything ok and I post it in the wright place?????????

    I seem to have another problem here.........while trying to manage attachments I can NOT upload these txt.-files. I get the messages that the server has reinitialiced the connection?????????
    What can I do now??????
     
  4. marcske

    marcske TS Rookie Topic Starter

    again

    i'll try again if possible.....lets hope
    again it's not working.......i get the following message


    Bad Request

    Your browser sent a request that this server could not understand.
    Apache Server at techspot.com Port 80

    you can help me out here????????
     
  5. marcske

    marcske TS Rookie Topic Starter

    Solution for uploading...

    Hello I try again to upload the files as I think I know why it was not working
    so we'll see
    greetings
    marc
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Do the following.

    Make sure you have the latest definition updates for both AVG and Ewido.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run a full system scan with AVG, delete wahtever it finds, including the virus vault.

    Run a full scan with Ewido, delete whatever it finds, including files in quarantine.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Run a full system scan with both Ewido and AVG and see if anything is found.

    If it is, download the Autoruns programme from HERE.

    Attach a fresh HJT log as well as an Ewido log and the Autoruns log.


    Regards Howard :)

    This thread is for the use of marcske only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. marcske

    marcske TS Rookie Topic Starter

    hello again.....

    Howard,
    i followed your directions and did all as explained,in safe mode avg detected 6 virusinfections but i couldn't delete or quarantaine not one of them. With ewido i could do as normal.

    So now I send you the requested files. Hope I did alright.
    Thanks allready for your king help.........hope we get result.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Other than the above inactive entry, you HJT log is clean. Your Ewido log is also clean.

    How`s your system running?

    Regards Howard :)

    This thread is for the use of marcske only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. marcske

    marcske TS Rookie Topic Starter

    late answer....

    Hello Hoaward,
    you're a late bird I see..........almost like myself.....
    thanks again for your short & quick reply's
    I ran HJT with everything else closed and fixed the 020 etc.........
    For now my system is running smoothly........lets touch wood....
    The othher days the virusalert popped up few minutes after I was linked to the internet..........today I'm more than half an hour linked and so far nothing to see

    I'll let you know if something bad happens.........but nevertheless once again a big thanks 4 the help . By the way the problem I had uploading those files was due to my AVG-virus program. When I shut it off I can mail and upload what ever I wont but once activated there are some problems.........this starts only recently.........as a paying member from AVG I contacted them and they are looking in to this problem.........so for now thanks again
    speak you soon
    regards
    marc
     
  10. marcske

    marcske TS Rookie Topic Starter

    Thanks again

    Hello Howard,
    I just wont to inform you that my system,up until now, works just fine and this is thanks to your help.
    No trojan to see or whatever else..........
    so once again I want to express my gratitude.........this was great help.
    greetings
    marc
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s great news, thanks for letting me know.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of marcske only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. marcske

    marcske TS Rookie Topic Starter

    unbeleavable

    Hello Howard,
    you will not beleave this but ten minutes ago my resident shield reported an infection with thye trojan "Generic 2.ALS

    I could hel the file and it was put in the quarantaine section,where I deleted it a little later.
    I checht with ewido and with spybot and there was nothing to see. I will run now a avg scan and later a adaware check. If there is nothing there you wont here anything,in the other case I let you know.

    greetings
    marc
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Rename the HijackThis.exe to hijackThis9191.exe This is because new malware is hiding from Hijackthis.exe.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of marcske only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. MickeyD

    MickeyD TS Rookie

    I don't know if this is the correct area to post, but thanks a lot for your help on the "web browsers don't work." I spent 3 hours this morning with the error message telling me that my browsers had to close because of some problem and sorrry for the inconvenience. It took me a while to figure out that I could still navegate despite the error message when I came across your board. Stupid me. Thanks for everything. Your fix really worked.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...