I finally got around to fixing my laptop, got wow all installed on it, downloaded some stuff, and now my avg scans are showing all sorts of crazy stuff... and when I open wow, it says I have a "trojan.downloader.Win32.Agent varient. Please help!

I attached the results from hijack this, superantipsyware, etc.

Attached Files

	mbam-log-2008-11-19 (15-52-29).txt (4.4 KB, 2 views)
	SUPERAntiSpyware Scan Log - 11-19-2008 - 14-46-06.log (39.1 KB, 4 views)
	hijackthis.log (5.6 KB, 2 views)

in Mbam you did not do anything with the trojans
When scan is done look at the file list or report and then remove everything
did you remove everything in SAS?
tell me whats happening with your comp

I deleted the quarantined items in mbam and sas. It seems like it's better now, I'm not getting the WoW warning and nothings showing up in scans.

When I try to open either of my harddrives (E and C) from My Computer, I get a Windows Popup saying "E:\resycled\boot.com is not a valid Win32 Application." I know enough to know this is not good. I don't really want to reformat my laptop because I don't have all the disks where I'm living right now, I've moved around a lot the past year. Any help, again, is quite appreciated.

Ahh you need to delete Autorun.inf. Is Wow world of warcraft? i don't remember it giving pop ups

If you can fix your comp i hope you know how to delete files through CMD.
The autorun is just in the root of the drive.

i'm very sorry but i'm kinda bad at CMDS
Please post a new hijackthis log

hell kipperoo15

When any cleaner is ran, it is possible that after one run that removes certain powerful Malware, then it exposes more that were not even seen on the first run.

The goal is to get these to come up clean or find something it can not handle.

So run both MBAM and SAS again and post the logs.

I can tell from the quantity and the quality of what they did find that you in fact have much more.

Good job so far.

Mike

I ran both mbam and Sas, the mbam log is attached, but this time Sas didn't come up with anything.

Thanks for helping, this is a total life saver.

Attached Files

mbam-log-2008-11-20 (22-59-50).txt (2.3 KB, 4 views)

Hi kipperoo15

Good job!

Run MBAM again until it comes up clean or finds something it can not remove if clean let me know, post log if it does find something it can not handle.

Then do the below

Download SD Fix to Desktop among other things Catchme to look for RootKits.

http://downloads.andymanchesta.com/R...ools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-clickto RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.

Copy and paste the Report.txt file to your next post.

Mike

I ram mbam a few more times, logs are attached. It keeps coming up with 4 results.

Attached Files

	mbam-log-2008-11-21 (15-48-27).txt (1.6 KB, 1 views)
	mbam-log-2008-11-21 (16-56-25).txt (1.6 KB, 1 views)
	mbam-log-2008-11-21 (18-09-09).txt (1.6 KB, 2 views)

Ok Kipper

Sorry you took the time to run the third time. After these issues are fixed you should run these programs every 2 weeks or so, but if they come up twice with exactly the same thing no need to run it more.

OK now do the SDFix above to get these we may need to run another tool to finish up.

So do the SDFix it does not take nearly as long as the others.

Mike

Log Attached

Attached Files

report.txt (2.5 KB, 5 views)

OK good that was clear.

Again this one doesn't take long either it should find and fix DNSCHanger.

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall

Mike

Don't forget to Attach instead of pasting to the thread.

I'm going to run Combofix right now. Thanks for your help
-Katie

You are right sorry I must be tired!

Thanks
Mike

Hehe I'm just trying to follow directions as clearly as possible :P

Log attached.

Attached Files

log.txt (21.4 KB, 2 views)

And you are doing a fabulous job.

Run SAS it had much found and removed but we need to see it clean then MBAM should finish all the rest.

If they are clear then no need to post them but do get me a final HJT log.

I hope we are close to finished I think so!

Mike

sas log is attached, it had some stuff on it. I'm running mbam now.

Attached Files

SUPERAntiSpyware Scan Log - 11-21-2008 - 19-57-28.log (841 Bytes, 2 views)

OK Kipper

We found one that needs special handling.


Drag mouse copy each line one at a time
Then

Open MBAM click and update it (new update today)

Then More Tools-Run Tool

In the File name: paste it click ok chose delete on boot an the paste the second line same way.

Reboot to remove file run SAS again to confirm it gone!

Mike

I can't get the first line to work, it gives an error that says
%System%\drivers\winsys.sys
Path Does not exist
Please verify the correct path was given.

Thanks

That just means the file is not there that is good.

What about the 2nd?

Mike