Trojan downloader still back - 8 steps done

By andy85 ยท 9 replies
Mar 1, 2009
  1. i tried to use avg, malwarebytes to scan and superantispyware to clear off it off in safe mode but once i reboot my com or after i deleted the infected files and a few minutes later its back in the temp folder and temporary internet folder...
  2. Squiggly1

    Squiggly1 TS Rookie Posts: 44

    Do you know the name of this virus? When did it first appear? I'd look for a manual removal method by searching Google or Yahoo.
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    @Squiggly1 please read here: Special governing rules for the Virus & Malware removal board
    If you are not going to read the logs then, don't try supporting on Virus\Malware removal

    @andy85 We need 3 logs!
    By the way, uninstall your AVG Antivirus
    Then run the removal tool
    Here is the 32Bit version (most users):
    Here is the 64Bit version:

    Install Avira free AntiVirus
  4. andy85

    andy85 TS Rookie Topic Starter

    C:\DOCU~1\ANDY\LOCALS!1\Temp\91c0.dl\Trojan horse Downloader
    C:\Documents and Settings\andy\local settings\temp\184741 -trojan horse PSW.onlineGames.BPPQ

    some others names that i copied down

    trojan horse PSW.onlineGames.small.fbw
    trojan horse PSw.onlineGames.BQMI
    trojan horse PSw.onlineGames.BPSW
    trojan horse PSw.generic6.BCHR

    C:\Documents and Settings\andy\local settings\temporary internet files\content.IE5\HS6989NG\new20[1].exe -trojan horse psw.Ldpinch.11.BQ

    new1[1].exe - new30[1].exe

    There's a jusched.log which is 1kb but actual size is 500+ kb keep showing up in my temp folder as well....

    ok i unistalled AVG, use remover and install Avira and attached 1 more log ...

    After i installed Avira i got a c:\WINDOWS\system32\ctfmon.exe which no matter i qurrantine/delete/deny access it will keep poping up indicating it as a trojan...
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    The version of HijackThis you are using is years old
    I or anyone, cannot work from this old version, as HijackThis made many changes that can affect the support given

    Uninstall HJT (this is a must)
    Updated Avira (just in case, it updates manually)
    Startup Malwarebytes again
    Update Malwarebytes
    Run another full scan (With Avira enabled in the background)
    Remove all found Viruses and Malware

    Uninstall SUPERAntiSpyware

    Download HJT (it's in the 8-step guide, you hopefully were working off)
    Run a scan only
    Tick every (or any) entry that has "file missing" on
    Select Fix to all "file missing" entries only
    Close HJT

    Download and run Startup Control Panel, and check all tabs
    Remove (un-tick) any not not required shortcut startups, not including Avira
    (as a guide I have 1 startup only)


    Run HJT scan and log, and attach the log to a new reply
  6. andy85

    andy85 TS Rookie Topic Starter

    ok done .... got a new hijackthis and unistall superantispyware

    from my logfile is there any harm/any use for them if i delete something like

    O1 - Hosts:
    O1 - Hosts:
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Actually it's preferred to tick and fix those two in HJT
    Make sure that your Internet browser is closed before selecting Fix though

    Anyway, I'll check the new HJT log now and reply again... ;)

    Um remove all the 01 entries actually ! I didn't realize there were so many

    You need to uninstall BitComet and AVG Antispyware
    These programs may hinder any cleaning process

    Note BitComet is most likely your Malware infest problem of Malware, will you still be using this again?
  8. andy85

    andy85 TS Rookie Topic Starter

    yea.. i am using bitcomet to dl files :D i'll get rid of those 01's ...
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Sadly I can't help you further as you'll just be straight back here again in a day or two
    Note: File Sharing programs do just that, they share your files, even if you disable sharing (how bad is that!)
    Not only that, but these downloaded files usually (and obviously confirmed here) carry Malware

    Instead of doing this on Windows, try using the free Ubuntu CD for downloading things, at least Windows won't be infected all the time doing it this way.

    Anyway, I'll give you the last fix to do, good luck from there
    If any other support members wish to continue helping you, good luck to them too.

    Including the above, please tick and fix all these in HJT scan
  10. andy85

    andy85 TS Rookie Topic Starter

    really thanks a lot for all ur help buddy :p i delete all those as listed :D

    Should be more or less clean and i reattached a new log as well :D
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...