Hello experts of the forum,

I found this site after discovering I have a trojan virus called twink64 or WIN32.delt.trojan.b or something like that. When I press control + alt + delete, I only see "comm" and "winamp" and "twink64" in the window, not the usual applications at all.

Anyway, I followed the instructions on the site, made a HJT root folder on my C drive and ran the program. I saved the log in the same HJT folder.

Here's my log in the txt attachment. What should I delete??

THANKS!
PJ

Attached Files

hijackthis.log.txt (4.9 KB, 10 views)

Go to this post here first, and follow the instructions EXACTLY, especially about UPDATING and HJT-location.
How to remove Begin2Search/Coolwebsearch and Other Nasties

While in HJT, mark the twink-program as well to be fixed.

Then see How to post your Hijackthis log-files as an attachment.

Hi realblackstuff,

I followed all the instructions and ran Adaware and Spybot. Then Hijackthis again and deleted a lot of files, I think I got the twink64 file and some others too.

Can you please check my HJT this? I think there is still something because when I press control+alt+delete I don't see any applications listed at all, as I normally would in the dialog box. I had one error message pop called "explorer" up with the message "this program has performed an illegal operation and will be shut down...". That was strange.

Also, the "Running Processes" you see in my log don't show up in the HJT this where you could check them for fixing.

Anyway, please check my log, it's realy short!!
Thanks so much
PJ

Attached Files

hijackthis5june29.log.txt (1.7 KB, 9 views)

Tick & fix the following

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.194.90.249/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 140.99.106.182 auto.search.msn.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Post a fresh log.

I'm not sure about your new log, it has a funny smell...
No Antivirus, way too many things gone after your first log...
Clean format/install, before any other programs? You're wasting my time, if so.

Sorry, but I really don't understand what you mean by "Clean format/install, before any other programs?". I ran Adaware and Spybot and HJT and "fixed" all the files that seemed dangerous according to the instructions. I also uninstalled (correctly from the control panel) a few programs like Adobe Reader that I can easily download from the net once this is all over, just to clean things up and make more sense of my log. I DO have an Antivirus installed on my computer.

Anyway, I'll delete the files that IronDuke said and repost my log. I'm a little worried because if I delete all those files there really won't be much left!!

Thanks
PJ

You removed Norton-Symantec/Zonealarm/Real Player/your printer/FTP-stuff/StarOffice and some other stuff.
Your log LOOKS like a fresh install without any other programs added (yet), which made me suspicious.
For all your efforts, it would probably have been easier to really do a fresh install.

Anyway, after IronDuke's advised changes have been made, your PC is clean.

OK, I fixed all the entries in my HJT log that IronDuke said to. I also re-installed my Antivirus and Acrobat Reader and set my homepage in MS Explorer to yahoo.com. Strangely, I still don't see any entries listed when I press Control+Alt+Delete. Let's hope there are no more problems.

I'm reposting my log for a final check, as IronDuke suggested. There are a lot more Running Processes than before.

Thanks so much to IronDuke & realblack stuff for the help!!!!

PJ

Attached Files

hijackthisjuly02.log.txt (1.7 KB, 5 views)

There's nothing there that shouldn't be. Once again it seems uncharacteristicly brief.
You need to put a firewall back.
Try also Ewido

IronDuke, don't forget that W98se never showed much in HJT to start with.

PJPJ, the log is clean indeed.
Stop using IE, except for Windows-updates.
Get Firefox instead! from www.getfirefox.com