Re-appearing Trojans

[oneminuteofclarity]

A week or two ago, I started noticing that there are programs that had been recently installed without my wife or I knowing about it; there's a Parental Control Tool (1st Security Software Center), Yahoo Browser Plus, an encrypting program (to store passwords) and I believe there's a keystroke program. The parental control and the encryption program are password protected so I can't uninstall them. The Browser Plus can be removed but is reinstalled later. The keystroke program has only showed a start up banner, I haven't found the program to open or uninstall it.

I have a Sony VAIO with Vista, everything is updated. I'm been running the free version of AVG. I ran Super Anti Spyware and it found two Trojans. I deleted them and they reappeared later. After that I ran CCleaner, SAS, MBAM, and did the other steps before posting.

Thanks for any help

[recovering disk space - old attachment deleted by admin]

[harry 48]

the problem is a keylogger , but wait for an expert

there is a keylogger you can download if you want to check what the children are saying

[Dr Jay]

Hello

Please re-open HijackThis and click Do a System Scan only.  Check the boxes to the left of all the entries listed below.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711

Then, please exit all programs except for HijackThis (System Tray (bottom right of screen): right-click on each program icon and click an Exit or shut down option, etc.), then click Fix Checked. 

After it completes its process, please close HijackThis and reboot your computer.


Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

[oneminuteofclarity]

I ran ComboFix and before I selected anything, the program restarted my computer and showed it was going through some processes as the computer started booting up so I'm guessing it found something. I attached a HJT log.

[recovering disk space - old attachment deleted by admin]

[Dr Jay]

Look for the log for ComboFix at C:\combo-fix.txt...if you find it, post it here.

[oneminuteofclarity]

I'm not sure exactly what happened when I tried to run it the first time but I couldn't find the file so I ran another scan.

[recovering disk space - old attachment deleted by admin]

[Dr Jay]

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

[oneminuteofclarity]

Found one that time. Just curious if it's not too in depth, how do you know what's normal and what's bad in a HJT or ComboFix log file?

[recovering disk space - old attachment deleted by admin]

[Dr Jay]

Takes a lot of research.

Download SuperAntiSpyware[/color]

• Load SuperAntiSpyware and click the Check for updates button.
  
• Once the update is finished click the Scan your computer button.
  
• Check Perform Complete Scan and then next.
  
• SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
• Make sure that they all have a check next to them and press next.
  
• Click finish and you will be taken back to the main interface.
  
• Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  
• Copy and paste the log onto the forum.

[oneminuteofclarity]

Everytime I try to run it, it says there was a file copy error and aborts the installation. I had the program before but it got damaged at some point so I uninstalled it. I checked for leftover files and deleted the folder I found but I'm still getting the error.

[Dr Jay]

Cancel that.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

[oneminuteofclarity]

I downloaded it, agreed to the terms of use and click to run the file, then it says 'Administrator permissions required for this install.' The only profile I have on the computer has all rights (as far as I know through a little research and limited knowledge) but it still gives me this error while I try to install the program and at other times.

[Dr Jay]

Did you use Internet Explorer? Or a different browser?

[oneminuteofclarity]

I tried IE and Safari

[oneminuteofclarity]

I double checked and there's another profile on the computer that I didn't know about until just now which is now the administrator. I tried changing it back and I don't have permissions. The new profile is password protected.