1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Threat win32:tiny-adu(trj)

By bigvern4 ยท 7 replies
Jan 22, 2010
  1. hi new to the site, my name is stephen from sunny glasgow scotland.

    hoping i can get some help and guidence here..

    running xp home sp3 all up to date re updates from microsoft, completed the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions, below is the logs,

    this is what i found from the avast v5 scan

    C system volume information\_restore(b1c538c0-cba3-4434-a006-53a3.../_registry_machine_software high risk.... threat win32:tiny-adu(trj)

    C:docu and settings\adminstator\localsettings\application data\mozzila\firefox\profile\n770ir2g\default\cachez17f668d3d01 threat high

    then 3 more of the above(first one system volume) |

    Attached Files:

  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Hello bigvern4,
    take action by deleting the stuff in the mbam log

    then run Hitman Pro 3.5:
    Hitman Pro Download
  3. bigvern4

    bigvern4 TS Rookie Topic Starter


    tanx for ure reply, the problem is now all sorted

    once again thx for your help.

  4. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    You're welcome bigvern4... Happy computing!
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Bigvern, you came here for guidance- I'm sorry you didn't get it. You didn't come here to be sent to a site to download a program in the hope that it will fix the problem. It won't and while one of the problems you noted may have been resolved, the others remain and will again make themselves known.

    I'm leaving the follow so that you can be aware that virtually nothing was done for you:

    1. You are infected with the Fast Browser Search Toolbar variant - a Softomate Toolbar bundled with "Make the Web Better, LLC" applications such as My Web Tattoo, Mall Trash, My Face LOL, Search Guard Plus, Google Easy Money Kit, and so on.
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (file missing)

    From their Privacy Policy:

    2. You have 2 suspicious file executing from your documents & settings. This should be sent for identification in order that the proper removal can be done:
    O4 - HKCU\..\Run: [wkyeuh] C:\Documents and Settings\temp\wkyeuh.exe
    O4 - HKCU\..\Run: [joaam] C:\Documents and Settings\temp\joaam.exe.

    3. You have 3 Symantec entries and you are running Avast antivirus. This first Symantec entry appears to be also out of place in the log and has questionable content:
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    4. When you click on "Reset Web settings" on the Programs tab of Internet options, IE restores the default values for home page, search page and a few other items from the registry files stored in "iereset.int" file. You have an entry showing it's being reset to offline content:
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

    5. You have a highly irregular AppInit process:
    O20 - AppInit_DLLs: C:\WINDOWS\system32\

    6. This entry msohtml1 should be sent for identification, then removed:
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/temp/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    7. The malware is in the restore points (System Volume). If you do a System Restore that has an infected date, you will reinfect the system. This is why we have the old restore points dropped at the end of cleaning and create a new clean one.

    What is Hitman Pro?
    Anti-spyware program combines up to six popular engines to maximize removal effectiveness.

    What Hitman Pro is NOT:
    It is not an antivirus program. It does not remove Worms, Trojans and viruses.
    It does not read specific entries in the logs to know what program is appropriate to run.

    The member who picked up your thread did you a great injustice He does not know how to read the log entries and deal with them, so he sends the member off to a site to run a program, without giving instructions. While the program might resolve part of the problems from the malware, it does not remove all of the malware.
  6. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    don't let Bobbye scare you. He is a master of intimidation and scare tactics... Hitman Pro will remove Some Trojans, but like all other cleaners, it doesn't catch everything. Some other things he pointed out are harmless
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I didn't not give that information to either scar or intimidate. Nothing I pointed out is 'harmless'. It is either a bad entry or need to be identified.

    I spent a great deal of time last night going over the logs. If I had not found what I did I wouldn't have bothered posting. I have been cleaning malware longer than Tmagic has. He tends to think if he has a member run enough programs the system will run better.

    Yes, it probably will 'run better'. But that does not mean the malware has been removed and sooner or later the problems will come up again.

    Hitman has only anti-spyware programs in it's bundle. So it is limited to removing some-not all- spyware programs.

    I thought it was important for this member to understand that you actually didn't give any help here. you sent the member to run a program on another site. You did not review the logs.

    Bigvern, I did not do this to confuse you and most likely when you see that Tmagic has so many posts you assume he known what he's talking about. However, you didn't need him to tell you any of what he did which was basically nothing.

    It is also a fact that anyone stopping on a thread to say as little as 'hello how are you' will get credit for the post.
  8. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Bobbye I thought you were going to leave my threads alone. How does it feel to be insulted, just like you do to so many others here. I know you know your stuff, but I have begun to see evidence that your advice is becoming more complicated than it needs to be. Sure, there are more serious infections. Some infections are easier to get rid of than others. Let me handle those, and you can handle the hard ones
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...