Hi,
I seem to have a problem that bears some resemblance to the problems posted by MattJKR (https://www.techspot.com/vb/topic57865.html) and Fishy (https://www.techspot.com/vb/topic57911.html. I'd already taken steps to try to eradicate the problem before coming across these threads and so I'll try and describe the symptoms and already-tried solutions as succinctly as possible.
After scanning with AVG I found that some files I had were infected and used AVG to delete them. Shortly after AVG started reporting that it had found an infected file, which I moved to the vault and deleted. A second infection was then reported and I did the same thing. However, both these infections are continuing to appear in the same directory (as follows):
Trojan horse Pakes.U appears in C:\WINDOWS\Temp\win12.tmp (filename varies)
Trojan horse Dialer.28.A appears in C\Documents and Settings\simon\Local Settings\Temporary Internet Files\Content.IE5\Y9TU4M8H\srvqgg(1).exe (filename and immediate parent directory name both variable).
So I run Housecall and find ADW.Mytoolbar.A but I can't do anything about it with Housecall. Then I run Bitdefender and find Trojan.Spy.Agent.AB and Trojan.Starter.V. Bitdefender could handle Trojan.Spy.Agent.AB but was unable to deal with Trojan.Starter.V.
Then I run Spybot S&D and get a whole load more stuff including Smitfraud.C, Smitfraud.C-toolbar888 and Astakiller. In total there were 40 problems and S&D tok care of them.
McAfee Stinger reported nothing, while the online Ewido scanner reported a number of tracking cookies - they all appeared to be the usual suspects.
I've just done another bitdefender scan and it is still reporting the Trojan.Starter.V...
AVG is still popping up messages every half hour or so telling me about another Pakes.U or Dialer.28.A. Seems to me that it might be Trojan.Starter.V that is the root - but I don't know for sure and I don't know how to deal with Trojan.Starter.V.
I've run HJT and the log is attached:
Can anyone be so kind as to suggest what I can try next?
Cheers,
exiled
PS: Sorry I should have added that I've also run Adaware SE.
I seem to have a problem that bears some resemblance to the problems posted by MattJKR (https://www.techspot.com/vb/topic57865.html) and Fishy (https://www.techspot.com/vb/topic57911.html. I'd already taken steps to try to eradicate the problem before coming across these threads and so I'll try and describe the symptoms and already-tried solutions as succinctly as possible.
After scanning with AVG I found that some files I had were infected and used AVG to delete them. Shortly after AVG started reporting that it had found an infected file, which I moved to the vault and deleted. A second infection was then reported and I did the same thing. However, both these infections are continuing to appear in the same directory (as follows):
Trojan horse Pakes.U appears in C:\WINDOWS\Temp\win12.tmp (filename varies)
Trojan horse Dialer.28.A appears in C\Documents and Settings\simon\Local Settings\Temporary Internet Files\Content.IE5\Y9TU4M8H\srvqgg(1).exe (filename and immediate parent directory name both variable).
So I run Housecall and find ADW.Mytoolbar.A but I can't do anything about it with Housecall. Then I run Bitdefender and find Trojan.Spy.Agent.AB and Trojan.Starter.V. Bitdefender could handle Trojan.Spy.Agent.AB but was unable to deal with Trojan.Starter.V.
C:\Documents and Settings\simon\Local Settings\Temp\mst2B.tmp
Infected with: Trojan.Spy.Agent.AB
C:\Documents and Settings\simon\Local Settings\Temp\mst2B.tmp Disinfection failed
C:\Documents and Settings\simon\Local Settings\Temp\mst2B.tmp Deleted
C:\Documents and Settings\simon\Local Settings\Temp\win2F.tmp.exe=>(NSIS o)=>lzma_solid_nsis0003
Infected with: Trojan.Starter.V
C:\Documents and Settings\simon\Local Settings\Temp\win2F.tmp.exe=>(NSIS o)=>lzma_solid_nsis0003
Disinfection failed
C:\Documents and Settings\simon\Local Settings\Temp\win2F.tmp.exe=>(NSIS o)=>lzma_solid_nsis0003
Deleted
C:\Documents and Settings\simon\Local Settings\Temp\win2F.tmp.exe=>(NSIS o)
Update failed
Then I run Spybot S&D and get a whole load more stuff including Smitfraud.C, Smitfraud.C-toolbar888 and Astakiller. In total there were 40 problems and S&D tok care of them.
McAfee Stinger reported nothing, while the online Ewido scanner reported a number of tracking cookies - they all appeared to be the usual suspects.
I've just done another bitdefender scan and it is still reporting the Trojan.Starter.V...
Infected with: Trojan.Starter.V
C:\Documents and Settings\simon\Local Settings\Temp\win2F.tmp.exe=>(NSIS o)=>lzma_solid_nsis0003
Disinfection failed
C:\Documents and Settings\simon\Local Settings\Temp\win2F.tmp.exe=>(NSIS o)=>lzma_solid_nsis0003
Deleted
C:\Documents and Settings\simon\Local Settings\Temp\win2F.tmp.exe=>(NSIS o)
Update failed
AVG is still popping up messages every half hour or so telling me about another Pakes.U or Dialer.28.A. Seems to me that it might be Trojan.Starter.V that is the root - but I don't know for sure and I don't know how to deal with Trojan.Starter.V.
I've run HJT and the log is attached:
Can anyone be so kind as to suggest what I can try next?
Cheers,
exiled
PS: Sorry I should have added that I've also run Adaware SE.