[michael4902]

Hi, my name is mike and i realy dont know to much about computers. i have a desk top that has been infected with a virus called "trojandownloader.xs". i was reading some the other post on how to fix it but i dont understand how to do some of the things that are required. if anyone could help me in anyway i would greatly appreciate it. thank you in advance for any help.

[Advertisements]

Hello michael4902

Welcome to G2Go.
=====================
* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\Hijack This.
• Click on I agree
• Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

[kahdah]

Hello michael4902

Welcome to G2Go.
=====================
* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\Hijack This.
• Click on I agree
• Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

[michael4902]

I appreciate you helping me. I tried to download what you told me to but my computer keeps freezing up. I tried to open task manager and a box comes up that says "task manager has been disabled by administrator." I dont understand because I am the only account on that computer. I also get a bunch of pop ups about buying anti-virus. I am using my laptop to log on to here. I dont have any anti-virus or spyware software on my desk top computer. thanks again for taking time to help me.

[kahdah]

Ok do this download this file to your laptop and transfer it over to your desktop.
THen boot into Safe Mode and run it from there.

Download it first then run it in Safe Mode.
Only do this if you are running 2000 or XP

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

To boot into safe mode do the following.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.
====================================
Then double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Reboot into normal mode and then try to post the log it produces.
Also try to post a Hijackthis as well please.

[michael4902]

thanks again for the help and sorry it has taken me so long to reply. i am still having trouble downloading the program to my desk top. my desk top just freezes as soon as i log in. my internet works but very very slow. when i try to open the file i can click on it but nothing happens. im not sure if i am transfering the file properly either. will i be able to down load the file to my desk top if i start it in safe mode?

[kahdah]

Yes you can do this in Safe Mode With Networking.

Delete your version of Combofix and try this :
================================
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**