Trojan Symptoms - Can I Avoid Reformatting All Drives [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Trojan Symptoms - Can I Avoid Reformatting All Drives [Solved]

Options

handhfan View Member Profile	Apr 28 2009, 10:43 AM Post #2
GeekU Moderator Posts: 8,508 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Hello, tniah, and welcome to GeeksToGo! Please download ComboFix from Here or Here to your Desktop. Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop Please, never rename Combofix unless instructed. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.* ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall

handhfan View Member Profile	Apr 28 2009, 05:36 PM Post #4
GeekU Moderator Posts: 8,508 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. Please do an online scan with Kaspersky WebScanner Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Please post this log in your next reply. Please post both logs in your next reply.

tniah View Member Profile	Apr 29 2009, 03:06 PM Post #5
Member Posts: 17 OS: XP Pro	<--------- HERE IS MY MALWAREBYTES LOG ----------> Malwarebytes' Anti-Malware 1.36 Database version: 2056 Windows 5.1.2600 Service Pack 3 4/28/2009 8:23:16 PM mbam-log-2009-04-28 (20-23-16).txt Scan type: Quick Scan Objects scanned: 28637 Time elapsed: 3 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) <------------------- NOW STARTS THE KASPERSKY LOG -- IT FOUND BISS, I DON'T EVEN USE THAT PROGRAM, BUT NOT YET DELETED OR QUARANTINED ---------------------> -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Wednesday, April 29, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Wednesday, April 29, 2009 05:11:54 Records in database: 2089254 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ Scan statistics: Files scanned: 384848 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 13:53:01 File name / Threat name / Threats count F:\Setup Files\BISS\Blocklist Manager\BLMInstall277.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1 The selected area was scanned.

handhfan View Member Profile	Apr 29 2009, 09:35 PM Post #6
GeekU Moderator Posts: 8,508 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Your logs all look clean. Are you still experiencing problems? What issues are you having?

tniah View Member Profile	May 1 2009, 08:37 PM Post #7
Member Posts: 17 OS: XP Pro	Mostly just slow page loading and mouse reaction. I had already scanned with several tools before I posted, and all scans were clean, so my problems may be OS based. But I tried Windows XP Repair and it did not do much good. One thing I did think of is, I put some RAM in my machine just before I got the Codec Trojan back in February. I wonder whether I may have a RAM problem, which got partially confused with the Codec Trojan symptoms. I ran MemTest several times, and it showed good. So I am at a little bit of a loss. Therefore I thought I would reformat my C: OS drive, but not the other drives. Thus the message in my original post. Tniah

handhfan View Member Profile	May 1 2009, 08:42 PM Post #8
GeekU Moderator Posts: 8,508 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Yeah, sounds like it may be a OS or Hardware issue. It doesn't seem malware related. Feel free to post a new topic in the Windows XP forum and give them all the details about the issue you are experiencing, and that you have gone through the malware forum already. They will best be able to help you from here out. Just some clean up and prevention below. Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Make sure you have an Internet Connection. Download OTCleanIt to your desktop and run it A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so. Click Yes to beging the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. Please update Adobe Reader, by downloading and installing Adobe Reader 9.1. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard gives you realtime protection from spyware. Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask. To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit. Have a safe and happy computing day!

tniah View Member Profile	May 3 2009, 04:42 PM Post #9
Member Posts: 17 OS: XP Pro	Handhfan, Thanks for your help. I have uninstalled ComboFix and run the OTCleaner that you suggested. The remaining issues I will post in the hardware forum. I am going to post the logs from the laptop that I use in my DAW music system here for you to look at. But I will start a new topic for that machine with an explanation that it is related to this series of posts. I still have one question that remains unanswered, I have BitDefender 2009 as my primary VirusScanner and Firewall. I thought that BD 2009 had a Spyware scanner implemented, but now I don't see it, so maybe I was wrong about that. Regardless, my question is, can I have the spyware scanners installed while using BD 2009? I thought that you just could not have them running at the same time, but that it was OK to have them all, or at least some of them, installed. I currently have the following installed: MalWareBytes SuperAntiSpyware SpyBot S & D (but TeaTimer is not running) If BD 2009 does not have a SpyWare Scanner, can one of the Spyware scanners be running in real-time mode? I think you will get the gist. If I can leave them installed, but not running, I can used them to scan periodcally, turning off BD temporarily if necessary. Thanks for your help, Tniah

handhfan View Member Profile	May 3 2009, 04:45 PM Post #10
GeekU Moderator Posts: 8,508 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	QUOTE (tniah @ May 3 2009, 06:42 PM) If BD 2009 does not have a SpyWare Scanner, can one of the Spyware scanners be running in real-time mode? You are correct. Only one spyware scanner should be running in real-time (either Malwarebytes or SuperAntispyware). The other you can do an occasional scan with. It will not interfere with BitDefender.

handhfan View Member Profile	May 7 2009, 03:56 PM Post #11
GeekU Moderator Posts: 8,508 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Trojan.Vundo.H, Trojan.BHO can't be removed [Solved] 12	15 / 7,611	17th December 2008 - 12:11 AM shuh08 started - last by emeraldnzl
Virus, Spyware and Trojan Removal Trojan horse PSW.OnlineGames.BLRI..can't get ride of [Solved]	3 / 578	20th January 2009 - 06:40 PM Agrona started - last by handhfan
Virus, Spyware and Trojan Removal AV says it is a Trojan, but can't seem to remove. [Solved]	2 / 320	23rd March 2009 - 02:06 PM goldster started - last by Rorschach112
Virus, Spyware and Trojan Removal Trojan.Win32.AutoRun, IM-Worm.Win32.Sohanad.t [Solved]	11 / 191	1st November 2009 - 12:21 PM aravindps started - last by emeraldnzl