Software > Computer viruses and spyware
desparately seeking assistance to remove trojan virus
SuperDave:
Go here. You will need to change the boot sequence. Set it so your computer boots from the diskdrive(CD-ROM). If you have more than one diskdrive (CD-ROM) select the one where you will place your disk.
padraig:
well, after many steps I have eliminated the trojan that first attacked my internet connection then infected my anti-virus software...ironic huh?
thanks Super Dave for your patience and guidance. I am contemplating an external harddrive purchase to image my C: just in case.
Cheers,
Padraig
SuperDave:
Why not go to this link and follow the directions and post the required logs. That way you will be sure your computer is clean.
padraig:
Thanks Super Dave, I guess that would help others too. I work out of town so weekends are the only time that I have access to this PC. Here are the logs for SAS before and then after, along with the logs for AVG before and after.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/03/2010 at 06:37 PM
Application Version : 4.22.1014
Core Rules Database Version : 4766
Trace Rules Database Version: 2578
Scan type : Quick Scan
Total Scan Time : 00:06:21
Memory items scanned : 440
Memory threats detected : 3
Registry items scanned : 489
Registry threats detected : 58
File items scanned : 6752
File threats detected : 10
Trojan.Dropper/Sys-NV
C:\WINDOWS\SYSTEM32\DSWAVE32.DLL
C:\WINDOWS\SYSTEM32\DSWAVE32.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\441d49b854
Trojan.Agent/Gen
C:\WINDOWS\SYSTEM32\12A.TMP
C:\WINDOWS\SYSTEM32\12A.TMP
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig15
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig4
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig5
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig20
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig25
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str14
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig10
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str6
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str7
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str8
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str9
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str10
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str13
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str1
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str2
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str5
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig7
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig8
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig6
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str16
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str17
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str19
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig18
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig17
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str22
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str23
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str25
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str26
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig24
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig23
Trojan.Agent/Gen-NumTemp
C:\WINDOWS\SYSTEM32\11.TMP
C:\WINDOWS\SYSTEM32\11.TMP
Adware.Vundo/Variant-X32[Header]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{015FAB16-B268-4248-9549-7469CB348D20}
HKCR\CLSID\{015FAB16-B268-4248-9549-7469CB348D20}
HKCR\CLSID\{015FAB16-B268-4248-9549-7469CB348D20}\InprocServer32
HKCR\CLSID\{015FAB16-B268-4248-9549-7469CB348D20}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\D3DRM32.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{021548D5-E78F-41F4-9513-C06289008553}
HKCR\CLSID\{021548D5-E78F-41F4-9513-C06289008553}
HKCR\CLSID\{021548D5-E78F-41F4-9513-C06289008553}\InprocServer32
HKCR\CLSID\{021548D5-E78F-41F4-9513-C06289008553}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DINPUT3232.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02BF562D-B268-4248-9549-7469CB348D20}
HKCR\CLSID\{02BF562D-B268-4248-9549-7469CB348D20}
HKCR\CLSID\{02BF562D-B268-4248-9549-7469CB348D20}\InprocServer32
HKCR\CLSID\{02BF562D-B268-4248-9549-7469CB348D20}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\FONTEXT32.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{042A91AA-E78F-41F4-9513-C06289008553}
HKCR\CLSID\{042A91AA-E78F-41F4-9513-C06289008553}
HKCR\CLSID\{042A91AA-E78F-41F4-9513-C06289008553}\InprocServer32
HKCR\CLSID\{042A91AA-E78F-41F4-9513-C06289008553}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{057EAC5B-B268-4248-9549-7469CB348D20}
HKCR\CLSID\{057EAC5B-B268-4248-9549-7469CB348D20}
HKCR\CLSID\{057EAC5B-B268-4248-9549-7469CB348D20}\InprocServer32
HKCR\CLSID\{057EAC5B-B268-4248-9549-7469CB348D20}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\EAPPPRXY32.DLL
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{015FAB16-B268-4248-9549-7469CB348D20}
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{021548D5-E78F-41F4-9513-C06289008553}
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02BF562D-B268-4248-9549-7469CB348D20}
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042A91AA-E78F-41F4-9513-C06289008553}
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{057EAC5B-B268-4248-9549-7469CB348D20}
Adware.Tracking Cookie
C:\Documents and Settings\Patrick\Cookies\patrick@atdmt[2].txt
C:\Documents and Settings\Patrick\Cookies\patrick@interclick[2].txt
C:\Documents and Settings\Patrick\Cookies\patrick@doubleclick[2].txt
Trojan.Unclassified/Cognac
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\Software\Cognac
padraig:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/03/2010 at 06:47 PM
Application Version : 4.35.1000
Core Rules Database Version : 4766
Trace Rules Database Version: 2578
Scan type : Quick Scan
Total Scan Time : 00:02:15
Memory items scanned : 498
Memory threats detected : 0
Registry items scanned : 497
Registry threats detected : 0
File items scanned : 502
File threats detected : 31
Trojan.Agent/Gen-FakeAV[LSASS]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SYSTEMPROC\LSASS.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\1.TMP
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@admarketplace[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@theclickcheck[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@smartadserver[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@invitemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pro-market[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kontera[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version