Help needed trojan problems

M

michoz

Hi everyone, this is my first time on this forum so please be gentle!! You guys were recommended to me by a friend (who thinks your all great) you have helped him sort out a problem and I was hoping you could help me too plzzzzzzz.. I have the following Trojan's that are causing me trouble and I have absolutely no idea how to get rid of them. I run AVG free and advast Free on my system but it appears that all these trojan's keep appearing in my AVG. I have generic9.AYHW in my win32 system file, downloader zlob SNV, Download Zlob.Ll, Downloader. Zlob.GDC, Downloader.zlob.SOD, downloader.Zlob.CPH and Exploit.Dowloader some of these keep appearing in my program files....I'm not brill around the computer but know the basics can anyone help me as these Trojan's are causing absolute mayhem....and I don't know what to do....I know it's a lot to ask but any help would be grateful appriecated. Thanks
 
Hi michoz :wave:

Download Smitfraud Fix
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Clean:

Reboot your computer in Safe Mode
(before the Windows icon appears, tap the F8 key continually)

Double-click SmitfraudFix.exe

Select 2 and hit Enter to delete infected files.

You will be prompted: Do you want to clean the registry ? answer Y (yes)
and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Optional:

To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
----------------------------------------------------

Additional Steps:

(Start -Run)
sc stop Messenger
sc config Messenger start= disabled

Restart
 
" I run AVG free and advast Free on my system but it appears that all these trojan's keep appearing"

Please advise this user that she is running two anti-virus programs, AVG free and Advast Free. This is most likely contributing to the fact of the repeated Trojan infections.
 
Thanks you kimsland. It always puzzles me why this isn't caught when looking at the logs.
 
No I've missed it :(
This is because when viewing HJT logs, I look for Virus/Trojans and strange programs, I tend to skim past known OK programs.

Thankfully one of you guys come back (usually) and say hey the revision is out, or where's your antivirus? or something like that.
I suppose the lesson here is to check all files, not just the suspicious ones.
 
The best way to go through a Hijackthis log is to take each line at a time and eliminate them one by one, check every single process and if its good get rid of the line, if its bad keep it in, what you have left are the ones that most likely need fixed, by doing this then you can spot antivirus, firewall etc.

Everybody misses things though, and Kimsland usually gets it right on when he does it.
 
trojan problem

kritius said:
Post the results back along with a Hijackhis log
Click to expand...

Hi Kritius having a problem downloading hijackthis could you please direct me to the right link/website address as i think i may be in the wrong place....the one i keep coming up with is version 2.0 but when i click on download nothing happens. Thanks
 
right done that! rebooted into safe mode after screen appears with windows advanced options and click launch to go to the desktop it list some of the win32 system files. I cant get passed this to the desktop to launch hijackthis. Am i doing anything wrong!! (sorry but i think i'm totally a computer dunce!)
 
kritius is better at checking HJT logs than me, so I would follow his advice fully.
But I cannot see any Malware present, just invalid entries and cleaning up.

Looks as though you have Avast AntiVirus and AVG AntiVirus installed together.
Please un-install Avast AntiVirus fully from Add/Remove Programs.

You have many missing file entries of files picked up through scanning, good the files have gone, but those missing file entries can be removed.

You have many startups going on, including HP (your system) and Dell (your Printer) and others (Webcam etc)

I would recommend downloading Startup and unticking everything on all tabs except AVG7_CC.
This will stop all those printer popups and you will need to run your Webcam manually from Start -->All Programs; but your system will be better for it.

Once all Startups have been deselected, you will then need to Restart your computer (to see the difference)

If you decide to do this, then you will need to post another HJT log
 
Sure wish these users who throw out the hijack logs would also pay attention when we tell them about excess startups! For a while, I was listing then, defining them and telling the user what to remove, but must didn't reply back, so for the most part, I've stopped

But printers don't need to be on startup- m....., you have two printers running- HP and Dell- why is that? Can't you just call one up when you need it? Real Player and Java should NOT be set to automatically check for updates, neither should Google, which what the Google Notifier is for. The can be a security risk., DVD launchers don't need to be on startup, and you also have a USB diagnostic tray tool running instead of calling it up when needed:

Speedtouch USB Diagnostics: external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required.

And this is puzzling: USB Disk Win98 Driver\Res.EXE

Ah well, I wasn't asked but it makes me nuts when I see all this 'stuff' running!
 
These are just a few of the problems in that log,

O2 - BHO: (no name) - {6430CCA7-032A-4EB0-BCFF-838998E73EF5} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O9 - Extra button: (no name) - {16930DCA-0910-4C00-86FF-0C73872D4ABA} - javascript:window.location.href="http://www.justmoresex.com" (file missing)
O9 - Extra 'Tools' menuitem: adult - {16930DCA-0910-4C00-86FF-0C73872D4ABA} - javascript:window.location.href="http://www.justmoresex.com" (file missing)
O9 - Extra button: (no name) - {A2199168-22AC-44A3-BA5F-8A83E693FEBF} - javascript:window.location.href="http://www.morecelebrities.com/default.asp?id=" (file missing)
O9 - Extra 'Tools' menuitem: celebrities - {A2199168-22AC-44A3-BA5F-8A83E693FEBF} - javascript:window.location.href="http://www.morecelebrities.com/default.asp?id=" (file missing)
O9 - Extra button: (no name) - {FF55FC7B-F2EB-4F50-9409-2F726DD0E112} - javascript:window.location.href="http://www.usearchufind.com" (file missing)
O9 - Extra 'Tools' menuitem: search - {FF55FC7B-F2EB-4F50-9409-2F726DD0E112} - javascript:window.location.href="http://www.usearchufind.com" (file missing)
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

The first thing that you need to do is follow all the instructions HERE eactly as they are described and post back in this thread with the three requested logs,
  • ComboFix
  • HJT and
  • AVG antispware
 

Similar threads

midian182
Avast Free Antivirus: Testing its features and learning about the six layers of protection
Replies
0
Views
772
midian182
midian182
midian182
Brain implants powered by AI help paralyzed man feel and move again
Replies
2
Views
648
RudyBob
RudyBob
Cal Jeffrey
Valve banned The Verge from its secret Deadlock playtest for leaking information on the game
2
Replies
36
Views
1K
ZedRM
ZedRM

Latest posts

Back