Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

difficult malware removal - trojan?


  • Please log in to reply

#1
bergsa

bergsa

    New Member

  • Member
  • Pip
  • 4 posts
A buddy asked me to help clean up his PC. What a mess!

I have run Spybot, ewido, spy sweeper, Norton Antivirus and ScanSpyware. Each has deleted something, totalling a couple hundred items (look2me, drdownload, Vundo, WinHandler, cookies, contaminated restore points, etc.) Which left the tough one...

After the final All Clear, I rebooted. The desktop repainted, then hung for a couple of minutes. A system command window appeared in the upper left. The task manager showed "project1" as an application. When it closed, I was bombarded with a popup or popunder at least once per minute. Typical host sources were amaena, zip404, etc. There was even a Macromedia Flash object that popped up dead center on the screen.

I ran the checkers again and suddenly had over 200 malware items. My suspicion is that the checkers missed one trojan activated on boot that immediately downloads MANY malware items, reversing hours of scans in a few minutes. I'm going over to my friend's house now to run some new scans.

So, if I post a HijackThis log in the next message, will you suggest a fix?

Thanks!

Scott
  • 0

Advertisements


#2
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi bergsa

Welcome to G2G! :tazz:

Please do this:

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
bergsa

bergsa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Well, after another three hours of mind numbing scans, I think I have it licked.

I ran ewido overnight and it found a couple of things and fixed them. An apparent side effect was that the network link went offline due to a failure to get an IP. All that went away on reboot. Then I ran a couple of other removal programs and found a few more minor items.

The PC is up and running. There may be one popup ad virus left, but at least the PC is usable again, and with quite a performance gain.

I'll keep this place in mind!

Thanks!

Scott
  • 0

#4
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
You should still post the Hijack This log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP