Honestly I'm a little confused. Here's a software that I hope could simplify things for both of us:
Funkytoad.com -fast, functional and free - Hoster v3.6

Unzip the downloaded zip file. Then double-click Hoster.exe. Press "Restore Microsoft's hosts file".


Next download ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

Click Exit on the Main menu to close the program.



Then run Panda ActiveScan.

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.

Hi Chiawaikian,

Thank you again for replying and I appreciate that you guys are doing your best to help me and for free no less. This is very commendable. However, before I go downloading and installing even more things and doing more scans, I'd like you to explain to me just what exactly you are confused about? Do you mean you are confused by my last message or are you confused by 'data' that was in the Notepad files? Although I made a joke about it, my the message was easy enough to follow and logical.

Let's quickly go over what I've done so far:

• I did a full system virus scan a few days ago with AVG 7.1. It found "virus hosts", located in path:C:\WINDOWS\System32\drivers\etc\
• It couldn't heal it due to "not enough information". I therefore put it in the virus vault and did another full scan.
• This time when it got to C:\WINDOWS\System32\drivers\etc\, it said "reading error".
• I came here next and Wolfeymole told we to look at the Prework link in his signature. I did this and followed the rules. This involved many procedures, including the installing and running of AVG Anti-Spyware (it found "Trojan.Dagonit.inf" and "Backdoor.Pakes") and also ATF Cleaner (which you have now told me to do again, as if for the first time!)
• Next, I submitted the AVG Anti-Spyware and HijackThis logs here.
• You proceeded to tell me to search for "hosts" and to transfer them to Notepad files. I have done so.

So are you confused by the contents of the Notepad files or is it something else?

Kind regards,
Mike

I understand what AVG found.

The notepad files are the ones that baffle me. But I have found a simpler alternative to doing what I intended to do, which was to reset your hosts file. Hoster will do just that.

Run ATF Cleaner again, as clearing your temporary internet files can lessen your scanning time. Running ActiveScan offers a second opinion, and does not require any downloading.


Sorry for the confusion, I can be a little slow at times, so bear with me.

Okay Chiawaikian,

Thanks for telling me. I shall do this straight away and get back to you. I'll send you the million dollars once it works!

Regards,
Mike

Okay, attached is what Pandascan found. I know one of the things it found is supposed to be beneficial and that's Smitfraudfix. What I'm unhappy about is the Trojan and the two diallers. If you could help me fix them then I will build a statue in your honor!

The thing is that having used the Hoster file from Funkytoad.com, I assume that the original problem of "virus hosts" has been resolved, but what about the Trojan.Dagonit.inf and Backdoor.Pakes that AVG Anti-Spyware found? They've been quarantined and weren't found by Pandascan, but I only have the 30 day trial, so when it runs out will they become active again?

I'll shut up now in case you get too sick of me!!!

Mike

Attached Files

Activescan.txt (6.1 KB, 1 views)

After the 30-day trial period, all your qurantined files will stay, and you still have the function to update and run scans. The only feature you will lose is Automatic online-updates and real-time monitoring.

Please make sure that you can VIEW ALL HIDDEN FILES. Reboot your computer into SAFE MODE.

Then delete these files or directories (Do not be concerned if they do not exist):
c:\windows\system32\vx.tll
c:\windows\switchagreement.txt
C:\hp\bin\FondleWindow.exe
C:\hp\bin\KillIt.exeC:\hp\bin\Terminator.exe
C:\WINDOWS\Downloaded Program Files\startbf2.inf

Reboot your computer. You should get back to normal mode. Run AVG Anti-spyware again, before rescanning with Panda ActiveScan. Post the new log in your next reply.

Hi again,

Not very promising!

I've uploaded both reports for you. The AVG report scan does not seem bad - just tracking cookies, but the pandascan is still showing up quite a lot. The Smitfraudfix is (I think) a misnomer as I got it after reading an article here in the past, where it was recommended.

The three things that are annoying are:


Virus:trj/abwiz.a - it does not say where this is located.
C:\WINDOWS\system32\Process.exe - I'm not sure what this is!
& C:\WINDOWS\Downloaded Program Files\startbf2.inf - this was on the list of things that you told me to delete, but when I searched the folder its supposed to be in, it does not show up. Before you say it, YES, I have configured my system to show hidden files. How do you delete an item that cannot be found using the search tool?

Any other suggestions you have for dealing with this stuff (especially the trojan) are welcomed.

Thanks.

Regards,
Mike

Attached Files

	Report-Scan-20070116-112506.txt (2.1 KB, 1 views)
	Activescan2.txt (3.6 KB, 1 views)