TechSpot

Virus/Spyware Help

By ryanb
Dec 6, 2006
  1. It appears I have contracted the "Trojan 32" virus/spyware. I was trying to view a profile on myspace.com when I was prompted to download a "myspace viewer." Once I did this I began getting multiple popups (porn and virus protection stuff), critical system errors, and the little yellow triangle in my taskbar telling me I had spyware.

    I have followed the instructions in the preliminary spyware removal thread and attached my hijackthis log below. When I ran the AVG scan it came back with no bad files.

    Can anyone tell me if I still have nasty stuff in my log file?

    Thanks for your help!!!
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Looks like you`ve done a very good job.

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r3.attbi.com:8000<Only fix this if you didn`t set this proxy yourself or you don`t know what it is.

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111. MmVrT/iTunesSetup.exe

    O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb028.cab

    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    Click on the fix checked button.

    Close HJT and reboot your system.

    Delete this bold file.

    C:\windows\system32\blank.htm

    Other than the above, your HJT log is clean.

    Regards Howard :wave: :wave:

    This thread is for the use of ryanb only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Rik

    Rik Banned Posts: 4,985

    You definitely still have some nasties but as i am still "in training" I'm not %100 sure in regards of removing it permanently!!


    I would however advise you to download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - http://www.techspot.com/vb/topic58138.html

    Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - http://www.techspot.com/vb/topic57112.html

    Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.


    Once you have done that, post a new HJT log and we will deal with the remaining malware!!!!



    This thread is for the use of Ryanb only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.


    EDIT!
    Ooops!!! I didn't see Howards post untill i had posted mine, sorry!!!!!
     
  4. ryanb

    ryanb TS Rookie Topic Starter

    Thank you guys so much for your help!!! I think my computer is cleaned up. It's nice to know that there are guys like you making up for all the knuckleheads who spend their time building viruses and crap like that.

    Thanks again - Ryan
     
  5. Rik

    Rik Banned Posts: 4,985

    If you would like you can post a fresh HJT log so that we can check to make sure it really is clean!!!!



    This thread is for the use of Ryanb only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.