Trojan Virus on my comp.: Win32:Small-EPJ [Trj]

[bullet167]

Dear Techspot,

Avast! keeps beeping every time, I tried to abort the connection, but doesn't work. I runned a full system scan for 2 times, and still nothing. Than I found a detailed description on these forums about the removal of this nasty virus, so I'm attaching my HijackThis log to you.

Regards,
Hoffmann József

I runned Combofix and it seems it solved the problem, and I'm attaching the Combofix log too.

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.

 

[Daveskater]

Hello, bullet167, and welcome to Techspot :wave:

Please take a moment to read the following threads to make your experience here as enjoyable as possible

Message for all newcomers

SNGX1275's Guide to making a good post/thread

The Techspot FAQ

If you could take a minute to fill in some of your profile information that would be helpful to all members of the forum
Knowing someone's location in the world can be extremely helpful, even if you just put a country.

Also remember to post any problems or questions that you have in the appropriate forums

With regards to your problem, please read this thread If your system is infected, read this before deciding whether to Clean or Format.

If you decide to clean your system, follow these instructions Virus/Spyware/Malware, preliminary removal instructions and post fresh HJT, Combofix, and AVG Antispyware logs as attachments to this thread as well as the result of the Panda Antirootkit scan.


This thread is for the use of bullet167 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[evilfantasy]

Delete these files/folders, as follows:

* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

File::
C:\WINDOWS\system32\xmjsmvaa.exe
C:\WINDOWS\system32\midgiqjk.exe
C:\WINDOWS\system32\koswhecy.ini
C:\WINDOWS\system32\mixjniqq.exe
C:\WINDOWS\system32\sxvadpfe.ini
C:\WINDOWS\system32\awecrcdd.exe
C:\WINDOWS\system32\vxrhqwbf.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pajfjlch.ini
C:\WINDOWS\system32\ojivblbf.ini
C:\WINDOWS\system32\ujsfvfhn.ini
C:\WINDOWS\system32\sibdbjlr.ini
C:\WINDOWS\system32\hjlwloon.ini
C:\WINDOWS\system32\wyhfqgjn.ini
C:\WINDOWS\system32\yaotctiy.ini
C:\WINDOWS\system32\lorwstwm.ini
C:\WINDOWS\system32\hdjiktbv.ini

Folder::
C:\WINDOWS\System32\wbem\scrcons32.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"WMI Standard Event Consumer - Scripting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
WMI Standard Event Consumer - Scripting

* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

--------------------

Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Make sure that all browser windows are closed.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All and UNCHECK Cookies.
* Click the Empty Selected button.

If you use Firefox browser
* Click Firefox at the top and choose: Select All and UNCHECK Cookies.
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
* Click Opera at the top and choose: Select All and UNCHECK Cookies.
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

--------------------

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard).
* Finally add the contents of the Report.txt in your next post as an Attachment

----------

Run a new HijackThis scan and save the log.

----------
Next post please attach
combofix.txt log
Report.txt
New HijackThis log