All right, I have been getting an error message and my Norton AV finds a Trojan on my computer but can't do anything about it. I was just wondering if you guys could take a look at the HJT and tell me if there's anything I can do from there. Thanks.

EDIT1::
All right, shortly after I posted this Norton popped up and I now have the exact name of the file that is infected. C:\WINDOWS\system32\wingkb32.dll I don't know if this helps anything, but that is the name. When the error message pops up, if it does, again, then I'll post the exact contents of that as well.


EDIT2::
Again, shortly after my last edit the message came up. Something about 16 bit MS-DOS Subsystem, then C:\WINDOWS\TEMP\h91746.exe....illegal instruction of some kind. Hope this helps.

Attached Files

hijackthis.log (6.4 KB, 3 views)

Hi Mark!
Sorry but there's on one of the Security Team online right now.
Please be patient until one of them is online and able to take a look at your LOG.
Thanks,
Bluefish

Of course. No worries. I'm not in any real hurry, my computer still functions, so I can get my homework done, at least. Haha. Kinda wish it would keep me from being able to do it. Then at least I'd have an excuse to skip it.

Hya Mark , lets have a look.

First please download Smitrem to your desktop:
http://noahdfear.geekstogo.com/click...click.php?id=1
Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.

Reboot into safe mode (Reboot and keep tapping F8 , then
choose safe mode from the list)

Run SmitRem:
Open the SmitRem folder and double click the "RunThis.bat" file to start the tool. Follow the prompts on screen , wait for the tool to complete , and disk cleanup to finish.

The tool will create a log named smitfiles.txt on the drive that you ran Smitrem on, eg; "C:\smitfiles.txt" , or the partition where your operating system is installed on.

Please attach this log to your next reply , plus a new hjt log.




Note: XP users using the XP theme may ex-perience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.


You will need to reload your wallpaper as the SmitRem
tool will reset it, you can do this by right clicking
desktop and choosing properties, First check Theme and
set it to Windows XP then click the Desktop tab and
choose the one you want to use and press apply.

All righty. Here goes the new HJT and Smitrem.



The problem persists....

Attached Files

	hijackthis.log (5.0 KB, 1 views)
	smitfiles.txt (3.1 KB, 1 views)

Please download Process Explorer by Systernals from HERE.

Also download KillBox by Option^Explicit from HERE.

Then boot up in SAFE MODE and stay in safe mode (hit f8 when booting up), untill the entire fix is done.


Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Exlporer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of wingkb32.dll once and then click the kill button.

After you have killed all of the wingkb32.dll's under winlogon click OK.
Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of wingkb32.dll then click the kill button.

Once you have done that click OK again.

Next run HijackThis and place a check beside each of the following:

Now click fix checked and close HijackThis.


Double click on Killbox.exe and then check the delete on reboot button.

Enter the following filepath and filename into the Full path of file to delete box:

C:\WINDOWS\SYSTEM32\wingkb32.dll

Click the red circle with the white x and allow your computer to reboot.
(if killbox doesn't reboot on its own then please reboot manually)

After your computer has rebooted please run Hijackthis again and post a new Hijackthis log.

Well here goes the new HJT Log. The one thing I noticed this time is that O20 says "(File Missing)" at the end of it now. This has to be a good thing.

Attached Files

hijackthis.log (5.0 KB, 1 views)