Virus problems.

[oter]

hi fast , I have the same problem and I did as what you said , and here is my report i have attached it ..
it gave me many medium risks and a high risk trojan downloader file, i wonder from where I got it ?
another problem is that I still have regscan.exe in system32 folder , is it a normal windows file? or not , if not then why it did not discover it ?
another problem is when I restarted my pc after the I scanned the system , I found that the program siteadv (site advisor) in my task manager is repeated more than 40 processes ?? I tried to end task some of them but it is restarted ..
sounds weird...can someone help

the report

 

[howard_hopkinso]

Hello and welcome to Techspot.

I have moved you post to it`s own thread. This will save any confusion.

Go HERE and follow the instructions exactly.

Post a fresh HJT log as an attachment into this thread, only after doing the above.

Regards Roward :wave: :wave:

This thread is for the use of oter only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[oter]

I apologize for any problem I caused..
I have scanned my system using online kav and bitdefender,and found nothing .. but this happened after I scanned my system with ewido and told me that i have a trojan downloader.the report of ewido is in the attachments in the first post .
I did a hijackthis scan and here is the report .
I just want to ask , how could I catch such a trojan like regscan.exe? and like that downloader that was fixed by ewido?
regscan.exe was in msconfig start but i disabled it .. and it was inmy task manager , but i ended it ,then when i did the scan by ewido using safe mode, it did not catch it..so is its till in my system ??
and I still have regscan in system32 and in the prefetch folder as a .pf file..
how can i know if some one had an access on my system using such a malware ..

 

[howard_hopkinso]

Your HJT log is clean.

However, can you tell me what this entry is?

O4 - Global Startup: MAYHILL_TROFISH.EXE

Also, does this belong to your ISP?

O17 - HKLM\System\CCS\Services\Tcpip\..\{DB5175DB-9770-4DEB-BACA-2D6447340258}: NameServer = 212.103.160.18,212.103.160.22

I can`t tell you how you got infected, but it seems you don`t have any firewall software installed. If this is the case then you`re system is open to attack. The free Zonealarm or free Kerio firewall programmes are very good. You can get them HERE and HERE.

Regards Howard

 

[oter]

those two ips are the dns servers I use..
and that program is something Ihave installed longtimeago..
no i do not use firewall ,i use kav5 and i think that is fine ,isnot it?
what should i do with that c:\win\system32\regscan.exe?

 

[howard_hopkinso]

You should delete the regscan.exe file if you can. If you have any problems doing so, please let me know.

Having a firewall is very important, I urge you to consider getting one.

Regards Howard

 

[oter]

thanks man
but i wonder why ewido could not detect it, also the other online scanners ?

i think i usethe default windows xp firewall., is notit enough ?? do you know any simple firewall? the ones you mentioned are always giving popups more than the adwares

 

[howard_hopkinso]

Ewido like any other programme can`t possibly detect and clean every infection out there. It`s a pity, but that`s just the way it is.

The Windows firewall is utter crap.

The popups received from Zonealarm/Kerio are there to allow you to control which applications etc have access to the net. You can choose to allow or deny access, you can also tick the little box that says to remember your answer for any particular application, that way it won`t ask you for that application again.

At the end of the day it`s upto you. All I can do is advise.

Regards Howard