TechSpot

viruses or something

By darkwolfang
Jun 9, 2006
  1. i think i have viruses or somethin, i dont no much about hjt log but here mine is,i dont no if i did it right or not (im not that techincal) ive download ad aware se spybot search and destroy ewido and free virus scan things also zonealarm i used its virus scanner got one said it got it and it did and everything was working fine... but it came back, now the free online virus scanners say i have this >Trojan-Downloader.BAT.Ftp.ab and this < or somethin.. i dont no how to get rid of it or whatevers causing my internet to slow down..,.. telling me whats wrong and what i need to do would be much apreciated, ty in advance
     
  2. fastco

    fastco TS Booster Posts: 1,122

  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    IRC Client

    close the services window.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    updated.exe
    Scheduler.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

    O4 - HKLM\..\RunServices: [IRC Client] updated.exe

    O4 - HKCU\..\Run: [IRC Client] updated.exe

    O4 - Startup: PowerReg Scheduler.exe

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{01E6BFDA-8E19-441E-B9F7-7AB0D8959890}: NameServer = 205.171.3.65 205.171.2.65
    O17 - HKLM\System\CS1\Services\Tcpip\..\{01E6BFDA-8E19-441E-B9F7-7AB0D8959890}: NameServer = 205.171.3.65 205.171.2.65<Only fix these 017 entries, if they don`t belong to your ISP.

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    updated.exe

    Reboot into normal mode and turn system restore back on.


    Regards Howard :wave: :wave:

    Sorry fastco. Our posts have obviously crossed.
     
  4. darkwolfang

    darkwolfang TS Rookie Topic Starter

    ty ill try that and tell ya how it went
     
  5. darkwolfang

    darkwolfang TS Rookie Topic Starter

    virus check

    could u check if i got rid of all the nasties if not could u help... ty in advance
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    You are running a completely unpatched version of Windows.

    Now would be a good time to install one of the Windows service packs. At least sp1 and preferably sp2. Otherwise your security is likely to be compromised again, sooner rather than later.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...