trojan virus ?

[leslie wyld]

i got this web site of a friend. he said that if any one can get rid of your virus techspot can.first of all when loaded the destop background is all red with 3 pronged symbol in the middle of sreen.then a security box cmes up saying " windows has detected an internet attack attempt...somebodys trying to infect your pc with spyware or harmful viruses. it keeps trying to tell me to download "ultimate defender. done a full scan on norton and it does nothing . please help
p.s iam very new to all this so please keep it simple as possible

 

[Daveskater]

download these 3 programs:

• hijack this

• avg free

• spybot

run scans with each of them and post logs as attachments on here

 

[Rik]

You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


This thread is for the use of leslie wyld only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[leslie wyld]

i have tied all instuctions and hear are the logs

 

[howard_hopkinso]

Hello and welcome to Techspot.

All items in your AVG Antispyware log say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

You`re also running a completely unpatched version of Windows. Once we get you cleaned up, it is very important that you install at least sp1 and preferably sp2.

Start by running this Symantec/Norton uninstaller tool.

Then, do the following Exactly.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: MSVPS System - {208D7BCC-9857-4C9E-823B-D04E72490A67} - C:\WINDOWS\mxduo.dll

O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B1D7B69C7F83} - C:\WINDOWS\duocore.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\LucyQ\Images\stg_drm.ocx

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Magic Academy\Images\armhelper.ocx

O21 - SSODL: wmphost - {3BADCC26-E72B-49CC-B2EF-B68CFD452F63} - C:\WINDOWS\wmphost.dll

O21 - SSODL: wmpdev - {71F52C3A-F52A-4748-A142-AE154CAFCA05} - C:\WINDOWS\wmpdev.dll

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\privacy_danger<Delete the entire folder.
C:\WINDOWS\wmpdev.dll
C:\WINDOWS\wmphost.dll
C:\WINDOWS\mxduo.dll

Reboot into normal mode and rehide your protected OS files.

Download and install this Service pack.

Post fresh HJT, Combofix and AVG Antispyware logs.

Also, let me know the results of the AVG Antirootkit scan. As per the instructions in step11 of this thread.

Regards Howard :wave: :wave:

This thread is for the use of leslie wyld only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[leslie wyld]

trojan virus

i hope i have done this right this time . your help is much appreciated.
done the hjt,combofixand avg antisptware logs. the antirootkit scan came back with no rootkits found.since doing these i have had no red screen or any security attack

 

[howard_hopkinso]

All items in your AVG Antispyware log still say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

Also, you haven`t install the service pack either. Unless you do these things, we can`t help you effectively. Also, if you don`t patch your Windows, the chances of being hit by malware is a lot more likely.

Have HJT fix this entry.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

Post fresh HJT and AVG Antispyware logs, only after doing the above.

Regards Howard

This thread is for the use of leslie wyld only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.