Trouble removing Trojan horse Downloader.Generic6.AEPH

[mustopthetrojan]

It seems I'm experiencing pretty much the same thing others are in this forum with this trojan. However, all the threads I've found about fixing it involve HJT. I don't have HJT on this computer and something has locked me out of downloading just about anything. When I try to download something, I get the message: "Your current security settings do not allow this file to be downloaded." I assume that's a side effect of this or some other trojan that I haven't found.

So, how would I go about removing this trojan without HJT? I have Spybot-SD and AVG free. Do I need to find another computer and burn a CD with HJT on it?

I'm running XP Media Center, SP2

Thanks

 

[BillAllen55]

I would recommend going to this website from Microsoft Support http://support.microsoft.com/kb/899630 for an answer.
Regards.

 

[mustopthetrojan]

I checked out that link, which suggested lowering the security level for local intranet from high to medium. However, that security level was already set to medium-low. Nothing's changed.

Thanks

 

[SpiritWind]

Hi :

Sometimes people are able to download "HijackThis" from
www.filehippo.com/download_hijackthis .

AVG and Spybot are not the Best in their respective "fields" ; IF you are going to
find another computer to "burn" programs on to a CD, Best to burn the FREE
Version of "SUPERAntiSpyware" from www.superantispyware.com AND the
"Free" Version of Malwarebytes' Anti-Malware, best downloaded from
www.malwarebytes.org/mbam.php . Could include HJT IF my "Suggestion" does
not "work" .

 

[tw0rld]

This might resolve your download problem.

First I would try to reset IE to its default settings.

IE7

Open IE > Click Tools Menu > Select Internet Options > Select the Advance Tab > Click reset Button.

IE6

Tools > Internet Options > Programs tab > Click reset web Settings.

Download, install, configure and run Ccleaner. This will Clear your temp files, where some unwanted stuff could be hiding. Ccleaner link download the latest version : http://www.filehippo.com/download_ccleaner/

Also go here and follow these instructions; https://www.techspot.com/vb/topic109461.html

 

[mustopthetrojan]

That resolved the downloading problem. Now on to the rest of the steps.

Thanks!

 

[tw0rld]

Follow Malware removal instructions

That resolved the downloading problem. Now on to the rest of the steps.

Install HJT Get It here; http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Follow Malware removal instructions found here; https://www.techspot.com/vb/topic109461.html

Post results.

 

[mustopthetrojan]

I've attached the three logs to this thread. I've been having this Trojan Downloader being found by AVG everytime the computer starts up, even though AVG "heals" it every time. I've also started hearing weird "sci-fi-like" sounds when I press the shift key shortly after startup.

 

[tw0rld]

Run HJT again and remove the following:

O2 - BHO: (no name) - {F501C2AB-834A-4B9D-A86B-A1EADA760B00} - (no file)

O4 - HKCU\..\Run: [Qczkas] "C:\Program Files\Common Files\s?stem32\?hkdsk.exe"

O20 - Winlogon Notify: tuvtutu - tuvtutu.dll (file missing)

Also, look to see If these two items; "\s?stem32\?hkdsk.exe" are still located in this directory; "C:\Program Files\Common Files\s?stem32\?hkdsk.exe". If they are then delete the "s?stem32" folder from the said directory.

Post a new HJT Log.

1. Update AVG to the Latest version; http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?tag=contentBody;mostPopTwoColWrap&cdlPid=10880275

2. Update spybot S&D, and apply immunization.
3. Update to the latest version of adobe acrobat reader.
4. Install latest updates from microsoft update.
5. make sure that all security programs have the latest definitions installed.

 

[tw0rld]

Stickykeys?

I've also started hearing weird "sci-fi-like" sounds when I press the shift key shortly after startup.

Pressing the Shift 5 times enables windows stickykeys, that was probaly the sound you heard.

 

[mustopthetrojan]

Here's the latest HJT log. Also, the shift thing, it's not sticky keys. It makes like a ray gun sound the first time I hit shift after start up.

 

[tw0rld]

Run HJT again and Remove the following, as I missed it the first time

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v11.www.msn.com/defaulta.aspx

You need to update AVG to the latest Version 8.0
Are you still getting the AVG alerts?

 

[mustopthetrojan]

OK, Ran HJT again and removed that line. I have also updated to AVG 8 and the messages have disappeared. Interestingly, if I just went to free.avg.com, it was showing a 7.x version as the latest.

Thanks

 

[tw0rld]

Virus scan.....

I recommend that you do an Anti-virus scan with AVG.