Help I got a trojan

[john simpson]

Hello,

last night during an AVG anti virus scanning it detected trojan dialer DIALER 28AV. Once it completed the full scan of my pc, it didn’t do anything with the virus (quarantined, deleted, heeling)

what is trojan dialer DIALER 28AV?

Since then I installed AVG anti spyware and it detected 60 malware and deleted them. Is this the same or separate from this case?

I have since scanned my pc and AVG it says no threats.

I have no clue whether the trojan is still on my pc, but I’m pretty sure it is.

How do i find out if its still on here? and if it is how can i get rid of it?

 

[Blind Dragon]

Hi John,

Please have a read here-> Is your system infected? Read this before Cleaning or Formatting

If you decide to clean your system please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

1)AVG log
2)Combofix log
3)Hijackthis log (Step 15)

This thread is for the use of john simpson only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[john simpson]

the 3 reports

panda anti root kit scan - no rootkits have been found.


please let me know of what i may need to do next to help you help me.

 

[Blind Dragon]

Has AVG reported anything since? Your logs look good. Here's a few points:

First of all, you have all the latest updates XP SP3, latest Java, and you have some great anti-virus/anti-spyware programs on there. But I didn't see a firewall?


Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:
Comodo
Kerio
Online Armor
Zonealarm


Remove HijackThis entries

• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
  
  O24 - Desktop Component 0: (no name) - (no file)

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

----------------------------------------------------------------------------------------------

For a 2nd opinion lets run another online scan.

:Run Kaspersky Online AV Scanner:

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply


Post the Kaspersky log and let me know if you are having any more issues

 

[john simpson]

hi dragon.

When you say AVG do you mean its Anti Virus or spyware? the AV reports a clean bill, but the Spyware always scans infected objects, which i then delete.

Ive installed comodo firewall. (i was using windows previously)

The Kaspersky scanned 2 viruses and 10 infected files.

looks bad!

Can you tell me what i need to do to solve this. Thanks so much for your help so far.

 

[Blind Dragon]

Good John, I hope you chose their Advanced Firewall with Defense+. The basic install option does not include Defense+ which expects you to have your own HIPS module.

How to tell which one you chose if you dont remember? When you do something new to it, a pop up will come above system tray and say Defense+ is learning.
-------------------------------------------------------------------------------------------------------------

The Kaspersky scan is not bad at all actually, there is only 1 thing on there it found of importance, and that is a small, low risk, piece of adware. Everything else has already been removed.

First go to Start -> Run -> Add/remove programs -> uninstall the following if there:
MyWebSearch

Then navigate to and delete the following folder:
C:\Documents and Settings\User\Desktop\Installed app\nero\Nero-8.3.2.1_eng_trial.exe/
---------------------------------------------------------------------------------------------------------------

Remove Smitfraudfix by dragging it to the recycling been and confirming delete.

:clear system restore points:

• 
  This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  This will remove all restore points except the new one you just created.

-----------------------------------------------------------------------------------------------------

After all that run another scan with Kaspersky and lets see what it has to say.

 

[john simpson]

i orginally installed the basic firewall. Tried change the settings, but after restarting my pc my screen went blank. So i reverted back to the basic version in safe mode.

Should i just uninstall it and start it again in advanced?

Also would i need to disable my AV first, or can it run while installing the firewall?

---

i couldnt find MyWebSearch to uninstall it. Tried a search for it, still nothing.