Trojan infection

Status
Not open for further replies.
aneesh kalra

aneesh kalra

Mclaren F1 Long tail
I have been facing a series of problems oy computer lately.My computer has been infected with spyware and trojans lately.Inspite of turning system restore off,disconnecting the net during scans,deleting the quarantines and scanning the system fully with avg,ad-aware and super anti spyware and system mechanic pro the trojans sem to be recurring back prominently the trojan win fixer and the trojan generic.They along with some adware seemingly modify and add some dll's to the windows folder in such a situation. Your assistance in solving the above will be highly appreciated.Is there any software that is specially meant for rewmoving trojans.
 
anandk

anandk

Distinguished Member
winfixer is a rogue. to remove it, disable ur system restore, clean up ur pc temps with ccleaner, and then try the Winfixer Removal Tool or Rogue Remover.

for manual removal instructions click here.

after this get ur hjt log auto-analysed at www.hijackthis.de just 2 b sure :D
 
OP
aneesh kalra

aneesh kalra

Mclaren F1 Long tail
The first link identified the spyware but asks for an upgrade to a paid version to remove them.Second rogue remover is not able to detect spyware detected by the scanner in the first link.ad-aware was also not useful.
Please suggest a proper free spyware scanner.
 
Kiran.dks

Kiran.dks

Technomancer
Can you give the name of the malware? It would help us in pin pointing the removal tool if available.
 
anandk

anandk

Distinguished Member
if it indeed is winfixer infection a safemode adaware scan shud v removed it. manual removal as u can c in the above link is a pain.

u can try vundofix.exe and/or SysProtect the new WinAntiVirus / WinFixer .

posting ur hjt logfile wud be a big help !
 
OP
aneesh kalra

aneesh kalra

Mclaren F1 Long tail
There is this generic trojan.ub always keeps adding dll files into the temp windows folder.Moreover I think zlob and erorsafe are present but I am unable to remove them as spyhunter is only able to detect them and one has to pay for a full version to remove the detected spyware .I have turned off sytem restore.
Logfile of HijackThis v1.99.1
Scan saved at 7:53:13 PM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\123\Local Settings\Temp\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [iolo Personal Firewall®] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O14 - IERESET.INF: START_PAGE_URL=*www.sify.com
O16 - DPF: {F3D34410-6F9A-4FDD-987E-410C6F7AEA27} - *www.edgestream.com/software/ES_EasyInstall.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.ex
 
Status
Not open for further replies.
Top Bottom