1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

trojan spyware problem

By ramsey ยท 10 replies
May 21, 2006
  1. Dear Anybody Who can assist,
    I would appreciate any suggestions that could help me get rid of a trojan that comes up when I run the spywaredoctor scan.
    Adaware and Spybot dont pick it up however.
    It comes up as Trojan.Crypt E and the paths go to System 32\cmd.com
    I notice you always ask for a printout from Highjack this so I will add this as well

    I'm just feeling my way with your site so I hope you will excuse any errors I have accidently made Cheers,arthur
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Run the Spyware doctor scan again and delete whatever it finds.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O1 - Hosts: localhost

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx (file missing)

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/05cd06d...ip/RdxIE601.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...b?1146217504653
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{98477459-31CC-41AF-8C09-C19731EAEB56}: NameServer =<Only fix this, if it doesn`t belong to your ISP.

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode and turn system restore back on.

    Regards Howard :wave: :wave:
  3. ramsey

    ramsey TS Rookie Topic Starter

    Thanks HH

    Dear HH,Many thanks for your promp response.
    I will be back in touch,Cheers arthur
  4. ramsey

    ramsey TS Rookie Topic Starter

    Dear Howard,
    Once again thank you for responding to my question.
    I have battled my way through your response as well as other messages such as 'before posting your hjt read this"and am now fully aware how pc illiterate I am.
    However with a bit of patience and trial +error and the downloading of a multitude of anti-spyware programs I think I am now free of bugs thanks to you.
    I'm quite chuffed I managed it, though I didn't have 100% success with some programs;
    now I have a final query;Do I now restore the hidden files that you had me show up back to "hidden" again and can I now delete the swag of anti spyware in my pc
    eg:smitfraudfix,everest,vundo fix,look 2 me,HJT,spyware doctor,and keep only spybot+avg+ewido+adaware or do you recommend another option.
    One other thing,a device error box comes up when I restart the pc saying "windows could not load installer for Monitor"but everything seem fine. Do I ignore it?
    Many thanks for your help without which I would have been totally befuddled, yours is really worthwhile site and I wish you all success
    Thank You ,arthur
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes no problem.

    They are fine. Spyware Blaster may be a good addition and Ccleaner as well.

    No, please post a fresh HJT log.

    Regards Howard :)
  6. ramsey

    ramsey TS Rookie Topic Starter

    Dear Howard,It appears I may have been a tad premature with my self congrats as something keeps loading (in my docs and settings )cookies called arthur@tribalfusion+ arthur@112.2o7+arthur@serving-system,
    any ideas? cheers arthur

    Attached Files:

  7. ramsey

    ramsey TS Rookie Topic Starter

    no reply

    ok obviously something has been missed from my side, however thanks for your efforts,cheers arthur
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I take it your problem is solved?

    Your last HJT log was clean BTW.

    Regards Howard :)
  9. ramsey

    ramsey TS Rookie Topic Starter

    well not really ,,,however
    a chap at work suggested I try firefox as a browser and there seems to be no spys ,I am trying your recomms and they seem excellent
    cheers arthur
  10. Spike

    Spike TS Evangelist Posts: 2,168

    In what way are you still having problems?

    The tracking cookies you are seeing are perfectly normal behaviour. In an ideal world we wouldn't get them, but we do. They should be cleaned out occasionally, but on the grand scale of things, they're relatively harmless. :D
  11. ramsey

    ramsey TS Rookie Topic Starter

    Continuing alerts

    Hello Spike,ok,I can live with that;The reason I asked is, one of the afore- mentioned anti spyware programs= Ewido, sets of an alarm and tells me I have been infected with malware when these cookies are opened and efforts to block them are ineffectual.
    Also another site I have been suggested may help, Registry Mechanic,finds a multitude of "high priority value is invalid" warnings in locations such as HKEY_LOCAL_MACHINE SOFTWARE wherever that is
    cheers arthur
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...