viruses

Status
Not open for further replies.
D

dwazzy

Posts: 13   +0
i am having problems getting rid of these 3 viruses. An avg warning keeps popping up and i can't get rid of them. Everything i have tried that i have come across on line hasn't worked.

I keep getting Trojan Horse Dialer.bzb, Trojan Horse Dialer.AXJ., and trojan horse generic.wue.






can you please look and see if there is anything here that i can get rid of.

Thank You
 
Hello and welcome to Techspot.

Go HERE and follow all the instructions exactly.

Post a fresh HJT log as a .txt attachment, only after doing the above.

Regards Howard :wave: :wave:
 
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

dbe4434789b25_13.exe

Close task manager.

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.jcash.biz/l/158c3a63d263a50c387dbe4434789b25_13.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

158c3a63d263a50c387dbe4434789b25_13.exe You will need to search your system for this file. It may or maynot be there.

Reboot into normal mode and turn system restore back on.

Other than the above entry, your HJT log is clean.


Regards Howard :)
 
still having a problem

I think that process worked for the trojan files. I havn't seen a pop-up for one of them yet. However ewido keeps popping-up with a malware
name- adware.Virtumonde and its location is C:\windows\system32\awtqr.dll this pops up what seems like every 5 seconds. I click on the clean and move to quarantine but it still resurfaces.

Thanks for the help with the other problem.
 
I tried VundoFix and followed the directions. The search results came up negative.

AVG has popped up with all the previously entered Trojans as well.
 
Have you tried running AVG from safe mode, with system restore turned off?

Could you please give me the exact file paths that AVG is finding?

Regards Howard :)
 
These are all the files i found during my last AVG check this earlier today.
I will try your suggestion now.


C:\documents and setting\owner\local Settings\Temporary Internet Files\Content.IE5\1261QXGH\srvpks[1].exe
C:\documents and setting\owner\local Settings\Temporary Internet Files\Content.IE5\89MZCP23\srvnex[1].exe
C:\documents and setting\owner\local Settings\Temporary Internet Files\Content.IE5\89MZCP23\srvyxt[1].exe
C:\documents and setting\owner\local Settings\Temporary Internet Files\Content.IE5\F7T6P2C7\srvkrm[1].exe
C:\documents and setting\owner\local Settings\Temporary Internet Files\Content.IE5\F7T6P2C7\bgates[2].exe
C:\WINDOWS\Temp\win105.tmp.exe (as well as win112, win13B, win102, win 103, and win10B)
C:\WINDOWS\system32\ismon.exe
 
That helps an awful lot.

Go HERE and follow the instructions.

Then, download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

srvpks[1].exe
srvnex[1].exe
srvyxt[1].exe
srvkrm[1].exe
bgates[2].exe
win105.tmp.exe
win112.tmp.exe
win13B.tmp.exe
win102.tmp.exe
win103.tmp.exe
win10B.tmp.exe
ismon.exe

Close task manager.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

Input all these filepaths into killbox.

C:\documents and setting\owner\local Settings\Temporary Internet Files\Content.IE5\1261QXGH\srvpks[1].exe
C:\documents and setting\owner\local Settings\Temporary Internet Files\Content.IE5\89MZCP23\srvnex[1].exe
C:\documents and setting\owner\local Settings\Temporary Internet Files\Content.IE5\89MZCP23\srvyxt[1].exe
C:\documents and setting\owner\local Settings\Temporary Internet Files\Content.IE5\F7T6P2C7\srvkrm[1].exe
C:\documents and setting\owner\local Settings\Temporary Internet Files\Content.IE5\F7T6P2C7\bgates[2].exe
C:\WINDOWS\Temp\win105.tmp.exe (as well as win112.tmp.exe win13B.tmp.exe win102.tmp.exe win103.tmp.exe and win10B.tmp.exe)
C:\WINDOWS\system32\ismon.exe

Once your system has rebooted, turn system restore back on.

Let us know if that helps.

Regards Howard :)
 
ok i think that worked for the trojan viruses. however ewido is still going crazy with the alert for malware in C:\windows\system\32\awtqr.dll
 
i can find the file and everytime i try to do anything with it it tells me it is being used by another person or program.
 
awtqr.dll is part of the Virtumundo infection. There seems to be a new variant about at the moment.

Try this VirtumundoBeGone tool HERE. This is a differnt tool to the last one you tried.

Regards Howard :)
 
Thank you for all your help. It appears that all of my problems have gone away. AVG ran a clean check and the ewido alert seems to have gone away. You have been very helpful.
 
I do have one more small problem and i was wondering if you could point me in the right direction on where to go since this is not a virus problem. My homepage constantly goes back to the emachine home page. no matter how many times i change it in the internet settings it will still default to emachine.com.

Thanks again for the help earlier.
 
Home page

I've tried changing my home page for internet explorer several times and each time it defaults back to the emachines home page. I ran HJT and checked off RO but it keeps returning every time i run a new HJT.
 
Have HJT fix these entries.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)

Click on the fix checked button and close HJT. Reboot your computer.

You should now be able to change your home page.

I have merged your new thread into this one.

Regards Howard :)
 
I figured out how to fix my problem. I ran hijack this in safe mode under owner instead of administrator and it allowed me to get rid of the RO and allowed me to change the internet homepage.

Thank you for all of you help.
 
Status
Not open for further replies.

Similar threads

dcovalencia
Solved Downloaded a .exe file from a copy of a website
Replies
23
Views
3K
Broni
Broni
Senius
What would my FPS be low with 4090?
Replies
1
Views
863
Nelson28
N
S
Solved "The connection to www.espn.com is not secure"
Replies
7
Views
2K
Broni
Broni

Latest posts

Back