Few things to be removed

[KnightofBane]

I have quite a few things I'd like to be removed. I downloaded something two days ago and it came bundled with a bunch of junk so nowI have about 26 viruses weighing around 620kB in my AVG Virus Vault and they keep adding so by the end of today I wouldn't be surprised if I had about 1MB worth of viruses.

Here is everything I've got and how many files it has infected next to it(note: I'm just scrolling down my virus vault looking at how many times the name appears):

Trojan Horse.Generic.WUE(8 infections)
Trojan horse.Pakes.U(5 infections)
Trojan horse.Dialer.BZB(3 infections)
Trojan horse Downloader.Generic2.GSS(3 infections)
Trojan horse Dropper.Agent.BNS(2 infections)
Trojan horse Downloader.Generic2.CVB(2 infections)
Trojan horse Downloader.Small.FR(2 infections)
Trojan horse Downloader.Generic2.JVQ(1 infections)

I have ewido, killbox and HJT so I'll add my HJT and ewido report in an attachment.

Thanks

-KoB

 

[howard_hopkinso]

Hello and welcome to Techspot.

Make sure you have the latest definition files for Ewido and AVG.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

win125.tmp.exe and any other process that has the same .tmp.exe extension.

Close task manager.

Run a full Virus scan with AVG and delete whatever it finds.

Run a full scan with Ewido and delete whatever it finds.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O1 - Hosts: 70.240.231.200 drempwn.no-ip.info

O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O11 - Options group: [INTERNATIONAL] International*

Fix all 016-DPF entries, Except for any Microsoft/Windows entries.

Click on the fix checked button.

Close HJT.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post fresh HJT and Ewido logs and let me know how your system is running.

Regards Howard :wave: :wave:

This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[KnightofBane]

Both logs are in attactchment.

I'm still getting adware and it's ticking me off because it's porn :/

Thanks

-KoB

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

win1DF.tmp.exe
win1DE.tmp.exe
win1E0.tmp.exe
win1E1.tmp.exe

Close task manager.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

These are the filepaths you need to enter into killbox.

C:\Documents and Settings\Michael Kelley\Cookies\michael_kelley@adopt.euroclick[2].txt
C:\WINDOWS\Temp\win1DF.tmp.exe
C:\WINDOWS\Temp\win1DE.tmp.exe
C:\WINDOWS\Temp\win1E0.tmp.exe
C:\WINDOWS\Temp\win1E1.tmp.exe

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Post fresh HJT and Ewido logs and let me know how your system is running.

Regards Howard

This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[KnightofBane]

Bah got a pop up for WinAntiVirusPro 2006 again. Hopefully ZoneAlarm stopped it.

Here's some new logs.

 

[howard_hopkinso]

Your HJT and Ewido logs are clean.

Download and install Spybot Search & Destroy and Ad-Aware Personal se from HERE and HERE Before running either programme, make sure you have the latest updates. In SS&D click the Imminize button and click Immunize.

Run Adaware first and delete whatever it finds, then do the same with SS&D.

Regards Howard

This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[KnightofBane]

I have both programs already and I've run them at least like 4 times since yesterday. I have no Spyware, but I'm still getting pop ups.

 

[howard_hopkinso]

Download and run these four tools. Follow the instructions for using each tool.

Tool1 Tool2 Tool3 Tool4

Go to add remove programmes in your control panel and uninstall anything to do with(if there) Winantivirus

Let me know the results.

Regards Howard

 

[KnightofBane]

All of those links don't work. Keep getting the Internet Explorer cannot display this page error.

EDIT: Nevermind had to open in Firefox. I'll let you know when I'm done.

*double post*

I'd like to know if I have to boot in safe mode and run these programs? It's quite annoying having to go into safe mode, run it, then go back to regular to get the instructions for the next program etc.

 

[tomrca]

hi howard. could the log entries with this in be a problem ? http://go.microsoft.com/fwlink/?LinkId=54896
no need to be exact, simple y os n will do

 

[howard_hopkinso]

All of those links don't work. Keep getting the Internet Explorer cannot display this page error.

EDIT: Nevermind had to open in Firefox. I'll let you know when I'm done.

*double post*

I'd like to know if I have to boot in safe mode and run these programs? It's quite annoying having to go into safe mode, run it, then go back to regular to get the instructions for the next program etc.

Run each programme as per the instructions.

If it says you need to run in safe mode, then that`s what you have to do.

Regards Howard

Edit: Have HJT fix these entries.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}

 

[howard_hopkinso]

hi howard. could the log entries with this in be a problem ? http://go.microsoft.com/fwlink/?LinkId=54896
no need to be exact, simple y os n will do

I don`t know to be honest. It wouldn`t hurt to fix them anyway though.

Regards Howard

 

[KnightofBane]

My trojans are coming back again.

Is there anyone to remove them from the virus vault? Because they're still infecting my PC even in the vault. And slowly they're dominating my PC. When I reboot they just completely eliminate my toolbar and desktop icons.

Argh! :/ Forget the adware right now, it's the trojans.

 

[howard_hopkinso]

You can go to the AVG virus vault and delete all the entries there.

Download and run the Autoruns programme from HERE.

Post fresh HJT and Ewido logs as well as the Autoruns log.

Regards Howard

 

[KnightofBane]

No way in hell I'm going to be able to reboot safely without the risk of my computer dying unless these trojans go. Here's all reports.

 

[howard_hopkinso]

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run a full system scan with your antivirus programme and delete whatever it finds. This includes the virus vault.

Run a full scan with ewido and delete whatever it finds. This includes all files in quarantine.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

This is the file path you need to enter into killbox.

c:\windows\system32\jkkjj.dll

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Let me know the results please.

Regards Howard

This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[KnightofBane]

Alright well you'll get a response from me tomorrow after school because AVG takes over an hour and a half to scan(and in safe mode you can't connect to the internet) and ewido takes about an hour so tonight I'll scan and before I go to bed I'll ewido scan then in the morning before school I'll run killbox.

 

[tomrca]

hi KnightofBane.
it seems that you are a regular user of im programmes. could this be where you are getting your problems from? or from p2p programmes? if you use them i think i can assure you, that using avg free version isn't enough., nor is the zone alarm free firewall. zone lab free firewall is pretty good but it is restricted in what services it offers, as is the free avg. you must scan all downloads with more than one AV programme before opening. don't assume that a friend sends you a file over an IM its safe.
i would like to add this, avg is good, but it doesn't remove as much as the premium version.

in the time i have been a member of techspot, i have not yet seen the man that is helping you fail to clean a pc, prviding that all the instructions given were followed.
hang in there!!

 

[KnightofBane]

No I got it bundled from a silly mistake I made by downloading a harmful file. It was my stupidity so.

 

[howard_hopkinso]

Your HJT and Ewido logs are both clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[KnightofBane]

Still getting pop ups and occasionally getting virus pop ups on AVG asking to heal.

 

[howard_hopkinso]

Download and run the Autoruns programme from HERE.

Post fresh HJT, Ewido and the Autoruns log.

Regards Howard

This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[KnightofBane]

Here ya go.

 

[howard_hopkinso]

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

These are the filepaths you ned to enter into killbox.

c:\windows\system32\winrpc32.dll
c:\windows\system32\jkkjj.dll

Once your system has rebooted, Let me know how your system is running and post a fresh Autoruns log.

Regards Howard

This thread is for the use of KnightofBane only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[KnightofBane]

Here's my new logs. No pop ups so far.