TechSpot

Trojan Horse

By TONY85
Jul 4, 2007
Topic Status:
Not open for further replies.
  1. I have a trojan horse on my pc.
    when I startup my computer AVG brings up a messave that says there is a trojan horse Proxy.OTX in sys32/tmwsock.dll.

    I have tried healing and sending to vault but this does not seem to fix the problem. when I restart windows it is back again.

    the effect it is having is that it wont allow me to connect to the internet.

    my pc is a laptop. the wirless recognises wirless networks but when it connects it says limited or no connectivity.
    I also tried connecting directly to the router by wire but it makes no diference the problem is the same. I know the connection is ok because other pcs connect with no problem.

    I have tryed connecting to the router using 192.168.1.1 through firfox but it wont connect.

    on the machine I have AVG and AD-Awear SE installed.

    does anyone have any ideas on how I could solve my problem?

    thanks for your help
     
  2. bobby123

    bobby123 TS Rookie Posts: 391

  3. TONY85

    TONY85 TS Rookie Topic Starter

    that is a super pice of advice however...
    this is where I wish I hadn't put things off. I delayed adressing my security and got caught out.
    the problem is that I cant connect to the internet using that PC so I cant do most of the stuff on the list.
    I could try to download the installers from somwhere else but the internet at work has restrictions on downloading so thats not an option. I will try to get hold of an other pc but its not looking good.
    even if I do I still wont be able to do online scaning.

    If I do manage to get some of those through an other pc considering mine currently doesnt connect to the internet do you think I have a chanse of saving it or is it likely to need reformating?

    thanks tor the quick responce btw
     
  4. bobby123

    bobby123 TS Rookie Posts: 391

    just ignore the online scanning, try to do as much as possible, not stuff you cant do. I think you could still save it personally.
     
  5. TONY85

    TONY85 TS Rookie Topic Starter

    ok I'll give it a go and keep you posted
     
  6. momok

    momok TS Rookie Posts: 2,272

    Hi TONY85 and welcome to techspot. =)

    I believe this question should be based on what you use your system for. Read the following thread (important part).

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of TONY85 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. TONY85

    TONY85 TS Rookie Topic Starter

    Thanks momok.
    Reading that I think i might be able to get away with cleaning.
    However it doesn’t look like i will have access to another pc, for downloading, for about 2 weeks.
    In the mean time I can get Norton 2007 from someone at work. is it worth installing this and trying a scan or is Norton more hassle than it is worth? I have heard that it is hard to uninstall Norton completely.

    No internet - this is my nightmare on elm street.
     
  8. momok

    momok TS Rookie Posts: 2,272

    Hi,

    It is true that uninstalling Norton is quite a hassle. If you are able to, simply download 4 programs (They are fairly small in size except for AVG Antispyware, but still very manageable). They are the 4 programs in the links in my signature.

    Run AVG Antirootkit first, and note any detected entries.

    Then run ComboFix. Be sure not to touch it during scanning.

    Next, boot into safe mode and run AVG Antispyware and quarantine all infections before saving a log.

    Finally reboot into normal mode and run a HijackThis scan and save a log.

    Post all the logs here when you are done and I'll provide you further instructions.


    Regards,
    Your friendly momok =)

    This thread is for the use of TONY85 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. bobby123

    bobby123 TS Rookie Posts: 391

    I wonder if tony could download them at work.
     
  10. momok

    momok TS Rookie Posts: 2,272

    I hope he can.

    Either that, or he can simply request a friend download them for him and lend him the thumbdrive.

    I'm sure he'll find a way.

    Regards,
    Your friendly momok =)

    This thread is for the use of TONY85 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. TONY85

    TONY85 TS Rookie Topic Starter

    ok guys
    I really apreciate the interest you have shown.

    I cant belive I'm still at work at 20:30.
    I have been renewing my car insurance (which i found out today runs out tomorrow) on the internet for two hours and then is said I had to call them as well.
    I was onlnly jocking when i called it a nightmare earlyer but now it's really turning into one.

    Anyway, I cant download anything from work it just blocks everything suing somthing like "Restricted access". The techie who thought that up obviously wasnt thinking of me.

    As for a mate to help me out with his pc all my housemates have either moved out or gone on holiday. I'll have to ask somwone at work but I a little worried that its going to be one of those things thats frowned upon.

    If that is the case I ll have to sit tight until I get back to my permanent home where I have 2 spare pc's that are protected quite well. I've got zone alarm on them and Ive never had any problems. (oh the Irony)

    I almost feel like I'm the one with the virus. It's the first time I have had a pc catch somthing and not have defences in place to deal with it.
    ...
    (by now your all thinking his lost it his lost it )
    ...

    I can't belive I'm saying this but do you think it would be woth taking it to a pc world health check place or will they just try to sell me some antivirus.

    also im not clear on If your suggesting I try norton 2007 or not before getting the other things that need internet access.

    ok now I really have to go home im still at work and its getting dark.
    again thanks for your help so far.
     
     
  12. momok

    momok TS Rookie Posts: 2,272

    Hi,

    I would actually not recommend getting norton, but that is upto your preference.

    Some advice I could possibly give is:
    - have you tried visiting a cybercafe/internet cafe with your thumb drive to download the required software?
    - I haven't personally tried the services of the place you mentioned so I cannot judge. In any case, your problem would most likely not be so easily solved by a simple scan by antivirus programs.
    - Have your tried booting into safe mode and scanning with your programs?

    If all else fails, I'm afraid if you wish to fix it, I'd recommend not touching that system until you get your hands on the programs for cleaning.


    Regards,
    Your friendly momok =)

    This thread is for the use of TONY85 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. TONY85

    TONY85 TS Rookie Topic Starter

    I got in contact with my housemate and they will be around at the weekend.
    so I will try to download the programs then.
    I will also try scanning in safe mode as you say with the programs I've got.

    Ill keep you posted.
     
  14. momok

    momok TS Rookie Posts: 2,272

    Yep. Do the scans at one go and post all the logs then.

    Regards,
    Your friendly momok =)

    This thread is for the use of TONY85 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. stephanonz

    stephanonz TS Rookie

    Solution

    Hi, If you have not yet solved the problem.. Here is a solution - it worked for me and I had the same virus and picked up by avg free...

    If you are running Windows XP.

    Just use the windback facility to an earlier date ..

    In "Run" type msconfig and then choose a date prior to getting the virus .. It worked for me anyway..
     
  16. momok

    momok TS Rookie Posts: 2,272

    Hi stephanonz and welcome to techspot. =)

    I would still recommend you read this thread HERE and at least post a hijackthis and combofix log in a new thread.

    This is because sometimes, an infection has its files residing very early on your system and the symptoms only take some time to appear, so your system may not be fully clean.


    Regards,
    Your friendly momok =)

    This thread is for the use of TONY85 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. TONY85

    TONY85 TS Rookie Topic Starter

    Ok guys
    Im up and working again.
    A massive thank you.
    I ran AVG antirookit but it didn't find anything
    then I ran ComboFIX and I have attach the log
    Then I ran AVG spyware in normal mode and it found stuff i have attached the log
    then I ran it again in safe mode and it didn't find anything.
    then I tried to connect to the Internet and it worked
    I also installed hijackthis should I run it?
    should I go through all the other steps as well?
     
  18. momok

    momok TS Rookie Posts: 2,272

    Hi,

    Yes please do complete the steps especially HijackThis. I'll provide the cleaning instructions at one go for you after you post the HijackThis log.

    I would recommend you do not use the internet just yet, as we do not know what still resides on your system and if it can send sensitive information out over the net.


    Regards,
    Your friendly momok =)

    This thread is for the use of TONY85 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. TONY85

    TONY85 TS Rookie Topic Starter

    Ok Here Is The Hijackthis Log

    How Does It Look
     
  20. TONY85

    TONY85 TS Rookie Topic Starter

    by the way avg antispyware did an update
    also I noticed that when i ran it in safe mode it took 2 hours where as when it was in normal it took 30mins
    is that normal?

    Also that wind back facility stephanonz mentioned didn't work.
     
  21. momok

    momok TS Rookie Posts: 2,272

    Hi,

    I'm not so sure why it takes much longer for you in safe mode, but I doubt this is attributed to the infection on your system though.

    Please download and run CCleaner via step 9 of the instructions HERE.

    It appears AVG Antispyware did the trick for you, because all your log files area looking clean now.

    I notice you do not have a firewall.

    Here are three firewalls I recommend. Please use one and only one. Using more than one is not recommended as it will hog your system resources and potentially cause system conflicts.
    Zonealarm
    Kerio
    Comodo

    1. Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

    2. Turn off system restore (XP/ME only). Learn how to do that HERE.
      This will remove all the remaining nasties from your old restore points.

    3. After that turn system restore back on.
      This would have created a new safe and clean restore point for your system.

    4. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
      May I recommend you to read this article.
      This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of TONY85 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  22. TONY85

    TONY85 TS Rookie Topic Starter

    ok I have installed ccleaner and run it
    I have installed zonealarm
    but now when i try ti type something or click something on the it takes a few seconds to appear or respond.
    is this because of of the firewall?
    should i start a new thread for this ?

    Edited by Moderator: No need for a double post if there are no replies between your current post and the last post, unless bumping the thread. In that case, please wait at least 24 hours before doing so. Otherwise, simply use the "Edit post" button instead.

    I'm going to try to uninstall and reinstall fierfox but i dont want to loose my bookmarks.
    I will start a new thead to ask about this.

    thanks for your help
     
  23. momok

    momok TS Rookie Posts: 2,272

    Hi,

    The slight lag can be attributed to anything from a slower computer, to the firewall or internet settings, or even to your internet connection speed. If you find your system generally operating too slow, you can try reading this thread here on how to speed up your system.


    Regards,
    Your friendly momok =)

    This thread is for the use of TONY85 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  24. TONY85

    TONY85 TS Rookie Topic Starter

    Thanks momok,
    I have fixed it now.
    I had a little troble unistalling it. I had to go into safe mode as an administrator to delete it completely from the documents and settings area but now its ok.
    I looks like it was an existing problem with my firefox that got worse for some reason after i dealt with the virus because wheni checked i could use opera just fine.

    here is the link to the thread I wrote about it incase anyone else has the same problem.
    http://www.techspot.com/vb/showthread.php?p=469513#post469513

    thanks for all your help
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.