Junior Member
Hi
Can anyone help me. My computer has been infected with the above in particular win32trojan & trojan.dowspy.htmls. Norton Anti-virus unable to remove. Are software specialist programmes such as Pest Trap or Malware Wipe any good & are they worth the money. Also, pop up problems.
Any help much appreciated but please try to explain in layman terms as I'm not a techie.
Many thanks
Mike
Senior Member (Canada)
PestTrap or MalwareWipe (each one word) are both deemed to be rogue applications - see: http://www.spywarewarrior.com/rogue_anti-spyware.htm (use Edit>Find to locate unfavorable info on each application).Are software specialist programmes such as Pest Trap or Malware Wipe any good & are they worth the money.
If running W2K or XP,
Download and install Ewido anti-spyware 4.0 (uninstall any previous version first).
- Click the Download BUTTON. On the next page click the Download now BUTTON.
- Save and then install (Run) from the save location.
- Open/Run ewido anti-spyware
- Wait a few moments and Ewido should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:
- Click on the Update now LINK at the top of the window
- Click on the Start update button
- Wait for the update to download and install
- This is very important to get the LATEST updates
- Click on the Status ICON
- Under "Your computers Security"
Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)- Click on the Scanner ICON at the top of the window
- Click on the Settings tab then select Recommended Actions and choose Quarantine
- When updating has finished. Close Ewido.
Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan:
- Click on the default Status ICON and select the Scan now LINK.
OR
- Click on the Scanner ICON . Select the Scan TAB.
- Select Complete System Scan. Ewido will now begin to scan your system.
- If Ewido finds anything, it will list them in the Preview WINDOW. Select Apply all actions (and the items found will be quarantined – and recoverable, if any items are needed back).
- When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
- Copy and paste the scan results into your next post.
- Close Ewido.
Also need you run the READ FIRST Procedures found HERE:
http://www.d-a-l.com/help/showthread.php?t=32403
Lastly, please provide a Hijackthis log and any current observations or remaining issues.
Junior Member
Thanks a lot for all your help & advice much appreciated. I've followed your instructions & quarantined the viruses found. The pop ups have gone but I'm still getting a red pop up square saying:"Your computer is infected" "Critical system error" Use antimal software to to clean. click here which I've ignored as I know it's likely to be bogus. How do I clear as it appears to be v.persistant - stays for 60 seconds then goes but reappears every 5-10 minutes approx.
My Log below:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:49:02 04/07/2006
+ Scan result:
C:\WINDOWS\FQISD.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32 -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ADBN1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ADVC3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\BingoRoom1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\CASH1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\DEBT1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\FindRomance1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\INK1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\KanFinance1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\MORT1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\RAM1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\SLC1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\SPZ3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMP1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\UTN1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\XTFL2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\PdpPlugin5094.dll -> Adware.Gator : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\goinuninstall.exe -> Dialer.GoInDirect.a : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A8ETNPO1\preload[1].cab/preload.ocx -> Downloader.Dyfuca.w : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UHO32LY5\preload[1].cab/preload.ocx -> Downloader.Dyfuca.w : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\regperf.exe -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\simpole.tlb -> Downloader.Zlob.ut : Cleaned with backup (quarantined).
C:\WINDOWS\MSMGT.exe -> Logger.Achum.e : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\__delete_on_reboot__g_u_x_x_a_ ._d_l_l_ -> Not-A-Virus.Hoax.Win32.Renos.du : Cleaned with backup (quarantined).
[1140] C:\WINDOWS\system32\guxxa.dll -> Not-A-Virus.Hoax.Win32.Renos.du : Error during cleaning.
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AJUBITQN\index[4].htm -> Trojan.KarmaHotel.e : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CXCVO38V\hardcore[2].htm -> Trojan.KarmaHotel.e : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GLE7QN8X\hardcore[1].htm -> Trojan.KarmaHotel.e : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BEFAZNVB\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\J3RDL0UP\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\L6Y209Q2\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OLU7GTE7\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PNJXB5FO\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld103.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld1083.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld1196.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld142E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld15A5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld16DC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld17A6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld253D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld28.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld29C6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld29E3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld2ADC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld3831.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld39B8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld3DA4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld3E7C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld40D6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld4654.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld46C7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld486D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld4918.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld4A14.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld59EE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld5AFC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld5C0E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld5E42.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld6085.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld68F9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld6984.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld6BA3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld6C92.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld6ED8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld6FE7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld7009.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld7DBA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld7E90.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld7FAA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld86F9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld8817.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld885B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld8B2E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld8C0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld92BE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld9695.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld9ADB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldA030.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldA031.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldA168.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldA195.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldA228.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldB182.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldB1B6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldB291.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldBA47.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldBD0E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldC477.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldCDDD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldCF0D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldD0F1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldD217.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldDC11.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldDE30.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldE1BF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldE5F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldF130.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldF1A4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldF6B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldFF40.tmp -> Trojan.Small : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
Thanks for any further help you can give.
Mike
Senior Member (Canada)
Post a HijackThis log as per READ FIRST Instructions given in my last post so that we may proceed from there.
Junior Member
Vincent
Thanks for all your very thorough help. I haven't got as far as the HijackTHISLOG bit but I will. The red warning pop up has gone now. Ewido is a great piece of anti - virus software. I will be very careful what files I open in future "If in doubt don't open". I will also look to leave a small donation.
Mikey
