I got owned by trojans. Please help!

[Paranoiddd]

Well I unknowingly got a trojan and am having trouble deleting these! No matter how many times I delete them with Spyware Doctor, they keep coming back. I used Trojan Remover and it told me that ishost.exe could not be deleted. Can someone help me? I appreciate it if someone can help! Here's my log file:

 

[Vigilante]

What you want to do is run all your tools in Safe Mode so the "bad" files are not running in memory.
So boot to Safe Mode and then run your McAfee and SpyDoc (not the best). I would also download, and update, Spybot Search and Destroy, and Ad-Aware SE Personal. Also grab Ewido.
You can run an online virus scan from housecall.trendmicro.com or www.bitdefender.com.

Refer to the "Sticky" threads in the Security forum for various techniques on removing malware.

Good luck!

 

[Paranoiddd]

I did what you said, ran all my tools in safe mode. I deleted everything, then did a scan with each tool and found nothing. So I restart Windows normally, and suddenly I have infected files again. What can I do?

 

[Vigilante]

Well you say "...scan with each tool and found nothing..." and then "suddenly I have infected files again."

What program says you are infected if they say you're clean? And what does it say you're infected with? And does it give you the name of the file and where it's located?

Whatever file it says is infected, delete it in Safe Mode.

 

[N3051M]

Looking at your HJT file:
Fix:
R3 - Default URLSearchHook is missing

Apart from that, you do not seem to have a firewall installed, unless the Mcafee has one? Get Keiro Personal Firewall or Zonealarm..

If you still do experience problems, tell us what symptoms you're experiencing and then read this and follow all the instructions as much as you can, and tell us the ones you cant then move on:
Follow these instructions BEFORE posting your HJT log.

 

[Paranoiddd]

Hmmm.. it seems from the last reply I haven't been getting any more trojan infections. I guess those were the 'leftover' ones? Hope I don't jinx it, but for now i'm not finding any. Thanks for your help guys.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Just to confirm what the guys have said.

The only entry in your HJT log that needs fixing is this one.

R3 - Default URLSearchHook is missing

Other than that, your HJT log is clean.

If you have any further virus/spyware problem, please post in this thread.

Regards Howard :wave: :wave:

This thread is for the use of Paranoiddd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Paranoiddd]

Oh no it's back! some of my programs are starting to crash too

If i reinstall Windows (and not remove anything on my harddrive), will that fix my problem? Here's the log anyways:

 

[howard_hopkinso]

I can find nothing particularly nasty in your HJT log.

Have HJT fix this entry.

R3 - Default URLSearchHook is missing

Then, go HERE and follow all the instructions exactly.

Don`t forget to rename HijackThis.exe to HijackThis1991.exe.

Post fresh HJT and Ewido logs into this thread, only after doing the above.

Regards Howard

This thread is for the use of Paranoiddd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Paranoiddd]

Yes I have fixed the URLSearchHook is missing part. How come I need to rename it ti HijackThis1991.exe?

 

[howard_hopkinso]

Renaming HijackThis.exe is due to the fact that some malware is able to hide from HijackThis.exe but not from HijackThis1991.exe.

Regards Howard

 

[Paranoiddd]

what is VundoFix? it found a couple of dlls.. should i remove them?

 

[howard_hopkinso]

what is VundoFix? it found a couple of dlls.. should i remove them?

Vundofix searches for and attempts to kill the Virtumundo infection. Let it do it`s stuff. Do not delete anything manually, unless directed to do so.

Regards Howard

 

[Paranoiddd]

But the search finished and it gave me 4 dll files. ddcdaxu, hggebbb, khfgfca and winxtx32. so i just leave them?

 

[howard_hopkinso]

That will just be telling you what it`s removed. As I said, do not manually delete anything unless specifically requested to do so. Read the instructions for using each tool fully.

Regards Howard

This thread is for the use of Paranoiddd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.