Hello everybody,

So as the title suggests, I have this trojan that causes (I guess) various extremely unwanted popups with ie.

Here's my hijackthis log, I hoped i managed to upload it correctly.
Please help me.
Ad-aware se finds the trojan and indicates the regedit path. When i suppress the trojan in the reg it comes back later (restoration is disabled) and it still doesn't leave when i try to get it with killbox (at least the only .dll file i find).

Hope you can help, i'll be waiting for your answers.

By the way, i have win xp.

Sorry for the delay in responding, welcome to the forum.

This problem is best left to Joe5, our resident "Nasties" Guru, I am sure he will pick this up as soon as he has some time.

Hi there , Yolneversolvethisone. (yes i will.. :tongue: )





Before fixing things with HijackThis Please Do the Following:



Show hidden files and folders:

For XP:

1. On the Tools menu in Windows Explorer, click Folder Options.
2. Click the View tab.
3. Under Hidden files and folders, click Show hidden files and folders.
4. If you see a warning message, click Yes.
5. Click Apply.
6. Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinXP.

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

Please download CCleaner

Download Process Explorer by Systernals from HERE.

Also download KillBox by Option^Explicit from HERE.

Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original Hosts file.



Then boot up in SAFE MODE and stay in safe mode (hit f8 when booting up), untill the entire fix is done.


Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Exlporer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.
Once you see this screen click on each instance of st3.dll once and then click the kill button.
After you have killed all of the st3.dll's under winlogon click OK.

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of st3.dll then click the kill button.

Once you have done that click OK again.


Next run HijackThis and place a check beside each of the following:

Then delete the file in bold , and run Ccleaner.


Double click on Killbox.exe and then check the delete on reboot button.

Enter the following filepath and filename into the Full path of file to delete box:

C:\WINDOWS\system32\st3.dll

Click the red circle with the white x and allow your computer to reboot.
(if killbox doesn't reboot on its own then please reboot manually)


After your computer has rebooted please run Hijackthis again and post a new Hijackthis log.

Hey Joe (haha)

Thanks very much for your help, I tried to follow the instructions as best as possible. Nevertheless I didn't manage to delete the admparsel.dll (access denied or something).

Anyway here's my new log.

Thanks again.

Download and install win32delfkil.exe.

http://users.telenet.be/marcvn/tools/win32delfkil.exe

Place it on youre desktop and doubleclick on win32delfkil.exe to install it.
A folder will be placed on youre desktop: win32delfkil.
Close all open windows and programs.
Open the folder win32delfkil and dubbelclick on fix.bat.
Youre computer will reboot.

Then try to delete C:\WINDOWS\admparsel.dll (if still present)

Then please post a new hjt log and post the windelf log. (c:\windelf.txt.)
And a description of remaining problems , if any.

Here you go

Looks like everything is working fine now.

Thanks again

Looks like you'll have to change youre name.:tongue:

Everything is clean. Do you still have any problems or questions?