Help With Virus

[SEM1]

Hi there

You guys seem to be one of the few that can solve this for me

I have 2 viruses I cannot remove

1. Trojan-Downloader.BAT.Ftp.ab.

2. something named eraseme

I am attaching the Hijackthis log file as specified

Thank you in advance

Clint

 

[Nodsu]

"Cannot remove" means what? How do you know you have them? What have you tried to do to remove them?

 

[Vigilante]

These are questionable to me:

C:\Program Files\Browser MOUSE\mouse32a.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\MsPMSPSv.exe

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8022E3FE-4F73-4FB1-9B9A-8BF2F8DE4F9B}: NameServer = 151.197.0.68 151.197.0.38
O18 - Filter hijack: text/xml - (no CLSID) - (no file)

Not sure what your Browser Mouse is, but if you have such a thing, never mind that. I would remove the "017" nameserver and the 018 filter hijack. However, those might be related to your Kaspersky.

Besides those two, it looks pretty clean.

Since it looks like you ran a few online virus scanners, might I recommend running these as well:

housecall.trendmicro.com

and

http://www.bitdefender.com/index.php?tab=0#

They may have better luck.

Otherwise, if you can identify the infected files (assuming they don't change their name). You may have to delete them in Safe Mode or even Recovery Console.

I'd say run those two scanners first and see if you can identify names, then go from there.

Otherwise, I'm sure someone may point you to RealBlackStuff's cleaner thread of which I don't have the URL handy.

good luck

 

[SEM1]

Virus Removal

I have the following installed on my pc

No Adware

Adware SE Personal

Ace Utilities

Registry Mechanic

Trojan Remover

Kaperksy Antivirus

Kapersky tells me I have the viruses and deletes them.

I run all of the programs in regular Windoze XP Pro

And in safe mode for Windoze XP pro

Kapersky says it has deleted them and all of the other programs say they work but I always get the warnings again after restarting my computer that I am infected by both viruses,

Please help I cannot afford to reformat this PC at this point

Clint

 

[SEM1]

Antivirus

Hi

I can also download and install CA Eztrust

I've spent a wad of cash on these things and none can solve the problem

Talk about being ripped off blind


Clint

 

[RealBlackStuff]

Boot in Safe Mode.
Switch System restore OFF.
Run a HJT scan and place a tick-mark in the little square before:

O18 - Filter hijack: text/xml - (no CLSID) - (no file)

Now click on the Fix Checked button in HJT.

Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Boot normal. When all OK, switch System Restore back on.

 

[SEM1]

LocalSetting

Hi there

I did the first part running the HJT in safe mode.

System Restore has been turned off prior to my trying to fix this.

However when I navigate to C:/Documents&Settings/Username/LocalSettings

there is no file folder with the name LocalSettings under any of the users on the PC including under administrator.

What am I missing ??

Also I clicked the tick mark by 18 and clicked fix this, rebooted to safe mode and deleted the HJT log.

I then reran HJT and 018 was back again.

Clint

 

[RealBlackStuff]

Every installation from Windows ME onwards has that directory.

In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.

Go to my post here, and follow the instructions EXACTLY, especially about UPDATING and HJT-location.
How to remove Begin2Search/Coolwebsearch and Other Nasties

Then see How to post your Hijackthis log-files. and post a fresh log.