[Marente]

Hello,

First of all, should let you all know I'm REALLY bad with computers. I pretty much don't know anything about them I just use them for schoolwork, and internet. My dad's away from home for a week and I need my computer fixed lol.

Secondly, I have this trojan (Trojan horse Generic11.LEY) on my computer.
The virusscan is AVG. It said 'threat detcted!' while opening file: C:\\WINDOWS\system32\pphcg52j0ej97.exe

I pressed HEAL, but after 20second the screen popped again. I pressed move to vault but yet again, the screen popped again.
I downloaded Trojan Remover since a mate advised me to, tried it with that but it won't seem to go away.
I have no clue what to do, I hope you can help me.




I did this too, in case needed:

Malwarebytes' Anti-Malware 1.25
Database versie: 1072
Windows 5.1.2600 Service Pack 2

23:15:13 20-8-2008
mbam-log-08-20-2008 (23-15-13).txt

Scan type: Volledige Scan (C:\|)
Objecten gescand: 140936
Verstreken tijd: 35 minute(s), 43 second(s)

Geheugenprocessen geïnfecteerd: 3
Geheugenmodulen geïnfecteerd: 4
Registersleutels geïnfecteerd: 9
Registerwaarden geïnfecteerd: 6
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 18
Bestanden geïnfecteerd: 33

Geheugenprocessen geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe (Rogue.XPAntivirus) -> Unloaded process successfully.
C:\Program Files\rhcl52j0ej97\rhcl52j0ej97.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\system32\lphcg52j0ej97.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\rhcl52j0ej97\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcl52j0ej97\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcl52j0ej97\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcl52j0ej97 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcl52j0ej97 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SoftLand Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcl52j0ej97 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcg52j0ej97 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\BASE (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\DELETED (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\SAVED (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\rhcl52j0ej97 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Application Data\rhcl52j0ej97 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Application Data\rhcl52j0ej97\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Application Data\rhcl52j0ej97\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Application Data\rhcl52j0ej97\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Application Data\rhcl52j0ej97\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Application Data\rhcl52j0ej97\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Application Data\rhcl52j0ej97\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Application Data\rhcl52j0ej97\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Application Data\rhcl52j0ej97\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Application Data\rhcl52j0ej97\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Application Data\rhcl52j0ej97\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080820204223984.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080820204720968.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080820214118234.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080820215424765.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080820220254390.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\rhcl52j0ej97\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl52j0ej97\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl52j0ej97\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl52j0ej97\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl52j0ej97\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl52j0ej97\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl52j0ej97\rhcl52j0ej97.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl52j0ej97\rhcl52j0ej97.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl52j0ej97\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureaublad\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcg52j0ej97.scr.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcg52j0ej97.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcg52j0ej97.bmp.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcg52j0ej97.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Local Settings\Temp\setup1021.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\DSN\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DSN\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


Thanks in advance,
Marente

Edited by Marente, 20 August 2008 - 03:16 PM.