Member Panel

davidwilcock

Hi,
I had Troj/Spywad-I, I ran Ewido and got rid of this. Some details fo the trojan are given here: http://www.sophos.com/virusinfo/anal...ojspywadi.html.

I tried to download the Sophos software but it wouldnt recognise my OS. Thats not the problem however, my problem now is that I cannot change the background on my desktop. the trojan changes it to something about 'computer infected' (see the link). I deleted this by searching for desktop/html on my computer, but now i cant change it to my old background. i can got to the place where you change it but clicking the buttons just doesnt work and i cant scroll up and down the different pictures.

Any ideas?

thanks,
dave

btalman

Hi davidwilcock and welcome to PCHF,
Please make a hijackthislog and post it to the hijackthissection of this site. The experts over there will analyze the log and try to remove any traces left by the trojan.
Bram

joe5

Looks like you have a Spysherrif infection , we should get rid of that pretty easy after you post a hjt log.

davidwilcock · 08:16 PM

Edited, log placed as an attachment by mod: please read the hjtposting rules before posting a log
Edited by mod: please place hjt logs in the appripriate section, moved the post

joe5

I would uninstall EmpirePoker , royalvegasMPP and PartyPoker in add/remove programs if you don't want/use them.

Before fixing things with HijackThis Please Do the Following:

Show hidden files and folders:

For XP:

On the Tools menu in Windows Explorer, click Folder Options.
Click the View tab.
Under Hidden files and folders, click Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply.
Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinXP.

Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

Please download CCleaner

Then boot in safe mode (hit f8 when booting up) and fix these with hjt:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\System32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\System32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\System32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\System32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\System32\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\search.html
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/...GameLoader.dll

Delete the file in bold and run Ccleaner.

Then reboot and download and run this fix:

http://users.telenet.be/marcvn/regfi...desktopfix.zip

After that please upload this file:

C:\WINDOWS\SYSTEM32\htproc32.dll

To these sites and report back the results:

http://www.virustotal.com/flash/index_en.html

http://virusscan.jotti.org/

Also i see you have no firewall and no AV , to prevent problems like this you really should have those. Have a look in our download section for some free versions.

And you have also no service packs installed but we'll get to that when youre clean.

Last , please post a new hjt log to check.

davidwilcock · 01:50 PM

Hi, thies are the results of the scans

AntiVir
Found nothing
ArcaVir Found Trojan.Psw.Lineage.Sk
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Trojan.PWS.Lineage
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-PSW.Win32.Lineage.sk
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
.................................................. .................................................. .

AntivirusVersionUpdateResultAntiVir6.33.0.7012.28. 2005no virus found
Avast4.6.695.012.27.2005no virus found
AVG71812.27.2005no virus found
Avira6.33.0.7012.28.2005no virus found
BitDefender7.212.28.2005no virus found
CAT-QuickHeal8.0012.27.2005no virus found
ClamAVdevel-2005110812.26.2005no virus found
DrWeb4.3312.28.2005Trojan.PWS.LineageeTrust-
Iris7.1.194.012.27.2005no virus founde
Trust-Vet12.4.1.012.28.2005no virus found
Ewido3.512.28.2005Trojan.Lineage.sk
Fortinet2.54.0.012.27.2005no virus found
F-Prot3.16c12.28.2005no virus found
Ikarus0.2.59.012.27.2005no virus found
Kaspersky4.0.2.2412.28.2005Trojan-PSW.Win32.Lineage.sk
McAfee466012.27.2005no virus found
NOD32v21.134112.27.2005no virus found
Norman5.70.1012.28.2005no virus found
Panda8.02.0012.27.2005no virus found
Sophos4.01.012.28.2005no virus found
Symantec8.012.28.2005no virus found
TheHacker5.9.1.06212.27.2005no virus found
UNA1.8312.28.2005no virus found
VBA323.10.512.27.2005no virus found

The box with all the wallpapers in is now useable but it still doesnt let me change them, when I click apply nothing happens. Also if I press ctrl alt del a message pops up saying 'task manager has been disabled by the administrator.'

thanks for the help,
David

Member Panel

Sponsors and Ads

Live Tag Cloud