Another Setup.exe & Autorun.inf thread

[JimmiH]

You guys are my last hope to clean this extremely stubborn worm..

I have read all threads about this problem,and tried EVERYTHING,and i do mean everything.. The files keep coming back.. I never use system restore and is the first thing i disable when i re-install windows xp,i have tried alot of online scanners,i have tried kaspersky internet security,AVG free,Trendmicro internet security none of them find anything wrong,not even when i scan the 2 files in question..

I have delete ALL the system restore information directories several times,i have formatted my harddrives but nothing works,after a fresh install the files are back at random times.. The initial scan revealed a Trojan-Proxy.Win32.Horst.lf worm,and it was deleted,but something keeps loading the worm,any idea how i can remove it? I actually suspect Kaspersky for either letting it in,or distributing it,as my other pc on the network is uninfected and it is running Trendmicro IS

Any help will be very much appreciated,as i dare not use my homebanking or anything on the infected machine

 

[Rik]

Have a look at this - https://www.techspot.com/vb/topic50981.html - Read the instructions very carefully then post your HJT log as an ATTACHMENT!!!!

 

[JimmiH]

Well,i did most of it already,so i am doing a last scan in safe mode with kaspersky,after that i will do a hijackthis and post it if problem persists.. Why are these so hard to remove,and why are they not picked up by any antivirus scanner?

 

[Rik]

It's down to the people that write those things, they should all be locked up and the key should be "lost"!!!!!!!!

Some of the blame falls on Bill Gates for producing this flawed gem we call windows!!!!!

 

[JimmiH]

OK,I have now run ALOT of scans in safemode,AVG spyware,hijackthis,antivirus,Xoftspy,CCcleaner and I have now attached my log files from hijackthis and avg AFTER scans and reboot to normal.

Please take a look and see if my problem has gone away

 

[howard_hopkinso]

Hello and welcome to Techspot.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks

Click on the fix checked button.

Close HJT.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Other than the above, your HJT log is clean.

Are you still having problems with the trojan-Proxy.Win32.Horst.lf? I can find no reliable info on this file. Can you give me the exact path to the file?


Regards Howard :wave: :wave:

This thread is for the use of JimmiH only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[JimmiH]

Well,after my scans with AVG spyware,Xoftspy,CCleaner everything seems fine so far,but it might be also that i deleted Kaspersky and went back to Trendmicro..

thank you for all your help guys,x fingers for the annoying files will not reappear..

 

[howard_hopkinso]

That sounds sensible.

The fact that no other scanners find anything would suggest maybe it`s a false positive with Kaspersky.

It might be a good idea to contact the makers of Kaspersky and see what they say.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of JimmiH only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[JimmiH]

well,it wasn´t a false positiv,as the files kept re-appearing,also kaspersky initially found the worm and deleted it,but if you do a search for the worm, you will get a lot of hits with the name of the worm and kaspersky in the title,although alot of them are in french or russian..So i deleted everything about kaspersky,which is really weird as i have used every version before the latest version 6 without any errors whatsoever,and found it to be very reliable..

But so far no files has emerged that shouldn´t be there,and i think it was avg antispy who found 1 trojan,and the deletion of everything related to kaspersky.. Funny thing is,the kaspersky executable i used was downloaded directly from their own site