TechSpot

trojan virus ?

By leslie wyld
Aug 31, 2007
  1. i got this web site of a friend. he said that if any one can get rid of your virus techspot can.first of all when loaded the destop background is all red with 3 pronged symbol in the middle of sreen.then a security box cmes up saying " windows has detected an internet attack attempt...somebodys trying to infect your pc with spyware or harmful viruses. it keeps trying to tell me to download "ultimate defender. done a full scan on norton and it does nothing . please help
    p.s iam very new to all this so please keep it simple as possible
     
  2. Daveskater

    Daveskater Banned Posts: 1,687

  3. Rik

    Rik Banned Posts: 3,814

    You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

    Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


    This thread is for the use of leslie wyld only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. leslie wyld

    leslie wyld TS Rookie Topic Starter

    i have tied all instuctions and hear are the logs
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    All items in your AVG Antispyware log say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

    You`re also running a completely unpatched version of Windows. Once we get you cleaned up, it is very important that you install at least sp1 and preferably sp2.

    Start by running this Symantec/Norton uninstaller tool.

    Then, do the following Exactly.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: MSVPS System - {208D7BCC-9857-4C9E-823B-D04E72490A67} - C:\WINDOWS\mxduo.dll

    O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B1D7B69C7F83} - C:\WINDOWS\duocore.dll (file missing)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll

    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll

    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\LucyQ\Images\stg_drm.ocx

    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Magic Academy\Images\armhelper.ocx

    O21 - SSODL: wmphost - {3BADCC26-E72B-49CC-B2EF-B68CFD452F63} - C:\WINDOWS\wmphost.dll

    O21 - SSODL: wmpdev - {71F52C3A-F52A-4748-A142-AE154CAFCA05} - C:\WINDOWS\wmpdev.dll

    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\privacy_danger<Delete the entire folder.
    C:\WINDOWS\wmpdev.dll
    C:\WINDOWS\wmphost.dll
    C:\WINDOWS\mxduo.dll

    Reboot into normal mode and rehide your protected OS files.

    Download and install this Service pack.

    Post fresh HJT, Combofix and AVG Antispyware logs.

    Also, let me know the results of the AVG Antirootkit scan. As per the instructions in step11 of this thread.

    Regards Howard :wave: :wave:

    This thread is for the use of leslie wyld only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. leslie wyld

    leslie wyld TS Rookie Topic Starter

    trojan virus

    i hope i have done this right this time . your help is much appreciated.
    done the hjt,combofixand avg antisptware logs. the antirootkit scan came back with no rootkits found.since doing these i have had no red screen or any security attack
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    All items in your AVG Antispyware log still say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

    Also, you haven`t install the service pack either. Unless you do these things, we can`t help you effectively. Also, if you don`t patch your Windows, the chances of being hit by malware is a lot more likely.

    Have HJT fix this entry.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

    Post fresh HJT and AVG Antispyware logs, only after doing the above.

    Regards Howard :)

    This thread is for the use of leslie wyld only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...