Elite Member
Who can point me to a series of steps to get rid of a trojan? Its cranking out babies faster than I can catch em!
Senior Member (Canada)
A trojan can often be more a result of some underlying process(es) that should be more thoroughly assessed and considered by first doing a HijackThis log (looking for downloaders and re-infection agents):
http://www.d-a-l.com/help/showthread.php?t=32403
Elite Member
This thing is all over the place, it seems, and it appears the one way to take it out is to format the drive. Is this necessarily going to kill it, or is there some way it can infect the secondary drive, another 80 gig?
Elite Member
Adaware keps catching it and trapping what's there, but there is always something new to catch every time I run it.
Elite Member
Ran Hijack this and dont see how to make good decisions on what to remove.
Senior Member (Canada)
Post the HijackThis log so that I can assess what might be causing your issues and advise what items to remove or suggest possible removal tools, as appropriate. It also shows me what type of security tools are also currently in use or not yet evident.
Elite Member
Originally Posted by VopThis
Not sure how to do that. I won't go to a password site on the affected machine, so would have to move log here. I saved it as a word file,too. Guess an email address is needed, so I can attach it.
Senior Member (Canada)
As a prudent precaution, please copy the Word file text into notepad or wordpad before trying to take such a file to another PC (because Word embedded macros can pose serious risk issues). Also suggest you immediately scan your transfer disk or media for potential viruses on both sending and receiving PCs.
Then, copy and paste the HijackThis text file contents into this thread.
Elite Member
here we go!
Logfile of HijackThis v1.99.1
Scan saved at 11:44:00 AM, on 9/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\PCODEC\isaddon.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Elite Member
Hope that helps, will check it later today.
