Member Panel

momochigaara

Am busy witha friends pc and i cant seem to get rid of this trojan

virus scanner is avast

I turned off the system restore restarted the pc so that avast could scan on boot and so i could then delete whatever infected file there is...

but when it starts up the trojan is still there.

does anyone have a solution??
pretty please pretty pretty please :-D

Spaceman3750

To start with I would like you to do this:

Please delete your temporary files by deleting all files and folders that are in those folders:
(do not delete the temp folder itself)
(if there are "files in use" then empty these folders in safemode(hit f8 when booting up)

empty the C:\windows\prefetch folder ,
empty the C:\windows\temp folder ,
empty the C:\Documents and Settings\Administrator\Local Settings\Temp folder ,
empty the C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files folder EXCEPT the content.ie5 folder (may be hidden).
(replace administrator with youre user name)

And close all instances of IE and OE ,then go to: Control Panel / Internet Options / General tab.
Click the "Delete Files" button.
When prompted place a check in: "Delete all offline content", click OK. This removes the junk files such as downloaded files, zero byte files created by Outlook Express and many other hidden files that reside in your cache.

Do a virus scan here. Or select one here.
Also run Stinger - Trojan Remover.
If you get report of files that can?t be cleaned/deleted please write down the filenames and locations and post that in your reply.

Then please do this since it?s better to use automated tools to get rid of the bad stuff use these programs first before doing the final cleaning with HJT.

Spybot: Search And Destroy:

1.Download the new version (1.4) of 'Spybot: Search And Destroy'.

2. Install it according to the instructions in 'How To Setup Spybot SD'.

3. Next, 'Search for Updates' as the definitions are not likely to be up-to-date.

4. Close ALL windows except Spybot SD.

5. Click the "Check for Problems" button.

6. Click 'Fix Selected Problems' and fix only the RED items.

7. REBOOT to finish removing what Spybot SD found and clear memory.

Ad-Aware SE by Lavasoft:

1. Download 'Ad-Aware SE'.

2. Install according to the instructions in "How To Setup Ad-Aware SE"

3. Next, 'Check for Updates' by clicking on the 'world globe' second from the right at the top of your Ad-Aware SE window.

4. Install the updates.

5. Close ALL windows except Ad-Aware SE.

6. Click on 'Start' and choose 'full scan' for a full scan.

7. Quarantine anything that it finds and SAVE the log file.

8.REBOOT to finish removing what Ad-Aware SE found and clear memory.

Please download HiJackThis! from Joe's signature and run it from a permanant directory. Then post the log here in the form of an attachment. Thanks!

joe5

Originally Posted by Spacekid3750

Hi there ....? ?Welcome to PCHF.

Then please post a new HJT log as a reply to this topic.

Hya Space , firstly you are supposed to add the members name in place of the dots... and its his/her tenth post already so a welcome to PCHF isnt needed.
And secondly , this member didn't post a hjt log so he/she cant post a new hjt log. He/she might not even know what it is.

Spaceman3750

:S... Will edit first post, sorry!

momochigaara

here i this the HJT file

and the spybot log of what could not be removed

ISearchTech.SideFind: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-09-25 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-09-23 Includes\Cookies.sbi (*)
2005-09-23 Includes\Dialer.sbi (*)
2005-09-23 Includes\Hijackers.sbi (*)
2005-09-23 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-09-23 Includes\Malware.sbi (*)
2005-09-23 Includes\PUPS.sbi (*)
2005-09-23 Includes\Revision.sbi (*)
2005-09-23 Includes\Security.sbi (*)
2005-09-23 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-09-23 Includes\Trojans.sbi (*)

i wasnt sure if u could see this in the HJT file..

Also another question, say if all else fails would fromatting the pc be a viable option?

joe5

I dont think youll have to format , we'll get that cleaned up

Did you also follow this part?

Do a virus scan here. Or select one here.
Also run Stinger - Trojan Remover.
If you get report of files that can?t be cleaned/deleted please write down the filenames and locations and post that in your reply.

There is a bunch of nasty stuff in there and atleast some of them should have been cleaned after that i think.

Can you also run Ewido , that cleans the ISTbar infection and probebly a couple of other things in youre hjt log to.

Please download ewido Security Suite [*]Install ewido security suite [*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu." [*]Launch ewido, there should be a big "E" icon on your desktop, double-click it. [*]The program will prompt you to update click the "OK" button [*]The program will now go to the main screen

You will need to update ewido to the latest definition files.
[*]On the left hand side of the main screen click update [*]Click on Start

The update will start and a progress bar will show the updates being installed. After the updates are installed, exit ewido.

Once the updates are installed do the following:
[*]If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
[*]Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run ewido.
[*]Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
[*]Click on scanner [*]Click on Settings[*]Under "How to scan" all boxes should be selected [*]Under "Possibly unwanted software" all boxes should be selected [*]Under "What to scan" select scan every file [*]Click OK[*]Click on Complete system scan [*]Let the program scan the machine
[*]If ewido finds anything, it will pop up a notification. NOTE: We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere and the game "Risk" have been flagged. In particular, watch for alerts that have the word "Heuristic" in them - if you recognize the file name as "friendly," these may actually be false positives) select "none" as the action. DO NOT check "Perform action with all infections." If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
[*]Click Save report [*]Save the report to your desktop [*]Exit ewido

And after that please post the Ewido log and a new hjt log.

Member Panel

Sponsors and Ads

Live Tag Cloud