TechSpot

Virus and Malware Help

By kastha1
Dec 11, 2009
  1. I had a Trojan detection by my Windows Defender and I removed it multiple times from it and my anti-virus but I keep having Internet Explorer keep popping up. I used Chrome.

    I have ran the cleaner and the Malwarebytes' Anti-Malware, log is attached.
     
  2. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    Hi kastha1,

    Please read 8-step Virus Removal and download the Programs requested in the thread, then post the logs after you have run scans. The 3 most important software's we would like you to download is Malwarebyte's, SUPERAntiSpyware, and HijackThis. If you do not have a current up to date Anti-Virus software, please download either Avast! or Avira. I recommend that you replace Windows Defender with Avast! free edition or Pro. I personally have Pro and like it but it's up to you on which version to get. It has already blocked numerous viruses and today, a virus tried to download unknown to me but Avast! blocked it.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You do not need to replace the antivirus program if it is updating and functioning.

    But please run the programs and attach the 3 logs for review.
     
  4. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    I use this as an auto-response when people do not read the 8-steps. I wasn't saying he had to change it, just recommended because I have had a good experience with Avast! so far.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    But you suggest he replace Windows Defender with Avast?
     
  6. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Windows Defender is not an antivirus program, although it used to remove programs like CCleaner and other useful programs in the past
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Tmagic, go back and read the post and work through it> replacing an anti-spyware program with an antivirus program doesn't make much sense! It appears that anonymous surfer doesn't know this."
     
  8. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    As I said, Windows Defender is anti spyware program, and it is not intended to replace an antivirus program. It is included in Vista as well as Windows 7. I get reminded to run a Windows Defender scan all the time in Vista, but not in Windows 7. So when you say "replacing an anti-spyware program with an antivirus program doesn't make much sense!"... I agree with you. I like Avast, and I still use the free version. I have purchased Advanced SystemCare Pro for $19.95 a year
     
  9. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    I didn't know what Windows Defender was -- Have XP. I now see why I sounded like I was on drugs. Sorry for the mis-conception.
     
  10. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    That's okay AnonymousSurfer,
    we are both comrades in arms around here. For XP, you can download Windows Defender from Microsoft. I'm not really sure how beneficial it is though
     
  11. kastha1

    kastha1 TS Rookie Topic Starter

    Ok a couple of things...

    1) It's a she not a he....
    2) Should I replace Windows defender with Avast?
    3) will any of these downloaded apps interfere with McAfee?
    4) Attached are the logs.
    5) What to do next???
     

    Attached Files:

  12. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Welcome Miss or Mrs kastha1,
    No don't replace Windows Defender with Avast. They will work together. You are an Iwin gamer. Iwin allows nasty things to infect your computer and it is infected... Avast and McAfee are both antivirus programs. Choose one or the other
     
  13. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Where's the Malwarebytes log?
    Did you do an updated scan with your Antivirus product?

    Edit:
    Oh it's up the top
    You might want to re-update it and run another quick (5 or 10 minute) scan
     
  14. kastha1

    kastha1 TS Rookie Topic Starter

    Here it is. It gave a message that nothing was detected.
     
  15. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    Open up HijackThis and run a System Scan Only.

    Check off the following to be removed: (Iwin)
    • O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRAM FILES (X86)\IWIN GAMES\IWINGAMESHOOKIE.DLL

    Reload HijackThis and run System Scan and Create Logfile. Then post the log and see if you still have the trojan.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    kastha1, It is better if only one person is helping you and giving you instructions. I would prefer it be just me. Occasionally, members do not fully understand what fully removing a bad entry can entail.


    Removing incorrect reference to additional antivitus program

    You may keep Windows Defender.

    Your version of Vista is the 64bit and HijackThis doesn't work with a 64 bit system. But 'd like you to run this:

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    When finished, run this:
    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    Please include report for Combofix and log for Eset scan in your next reply

    kimsland, I will make sure all the logs are given.
     
  17. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks :)

    But the Malwarebytes wasn't updated anyway
     
  18. kastha1

    kastha1 TS Rookie Topic Starter

    Ok couple of questions. I don't see Bitdefender on my programs list to uninstall.

    During this process I only downloaded the following 4 apps:

    1. CC Cleaner
    2. Hijack This
    3. Malwarebytes
    4. SuperAntiSpyware

    Which should I uninstall to not compete against McAfee? Also since Hijack This won't work with Vista, can I uninstall that as well?
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Your Post #11:
    1) It's a she not a he....
    2) Should I replace Windows defender with Avast? >> No
    3) will any of these downloaded apps interfere with McAfee?>> No
    4) Attached are the logs.>> Thank you
    5) What to do next???>> Follow my edited instructions in Post #16

    Post #18:
    1. CC Cleaner
    2. Hijack This
    3. Malwarebytes
    4. SuperAntiSpyware

    All above are a part of our malware cleaning. They have nothing to do with your security programs and will not interfere with any of them.

    Which should I uninstall to not compete against McAfee?>> Nothing
    "don't see Bitdefender on my programs list to uninstall.">>>>
    My apology- I got mixed up with all the chatter and grabbed on name BitDefender. Your Windows Defender is fine and will not cause a conflict with McAfee.

    Also since Hijack This won't work with Vista>> HijackThis works with Vista, but does not give am appropriate reading with the 64 bit version, can I uninstall that as well?>> leave it for now.

    When we have completed the cleaning, we will have you remove all of the cleaning tools. You should not be installing or uninstalling anything except what we tell you to.

    I have removed the incorrect reference to BitDefender in Post #16. Please follow the instructions for Combofix and the Eset scan. Leave report and log on next reply.
     
  20. kastha1

    kastha1 TS Rookie Topic Starter

    I tried downloading from the first link and it gave the following message:

    "ComboFix is not available for download until an issue with the program has been resolved. Please be patient while the developer fixes the program and makes it available once again. As more information becomes available, we will update this page.

    DO NOT attempt to download ComboFix from sites other than BleepingComputer.com and Forospyware.com!

    Other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix that contain a bug that may render some machines unbootable. Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again. Please wait for the official version to be fixed and released again."​

    I was able to download the file from the second link but when I disable everything and run..the following message prop up in a notepad.

    "ComboFix is Offline.
    Please visit http://download.bleepingcomputer.com/sUBs/ComboFix.html
    "​
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry- Combofix is off-line temporarily.

    Please run the Eset scan in the meantime- I'll have to get back to you later.
     
  22. kastha1

    kastha1 TS Rookie Topic Starter

    Combofix is still offline...what is the recommendation. Do I still need to have the cleaner and the hijack stuff on my comp?

    Also I have another issue, for no apparent reason my mouse keeps jumping all over...any reason why?
     
  23. kastha1

    kastha1 TS Rookie Topic Starter

    Combofix is still offline...what is the recommendation. Do I still need to have the cleaner and the hijack stuff on my comp?

    Also I have another issue, for no apparent reason my mouse keeps jumping all over...any reason why?
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Combofix has been back online for a while. My apology for not getting back to you.

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Follow with online scan:
    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    Then rescan with HijackThis.

    Attach Combofix Report and Eset log to next reply.

    Paste new HijackThis log in next reply.

    We help clean malware in this forum. If you mouse problem is found to be not related, it can be discussed in the Windows OS forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...