SpywareDoctor can't remove Trogan

[evanesco]

I have Spware Doctor on my PC, and it's picked up a Trogan, but it can't fix it, what should I do?

[Carbon Dudeoxide]

Our Malware Specialists are currently offline but if you could look HERE to get a head start.

[evanesco]

Thanks for that. I've started foloowing the instructions. I've attatched the first log from SAS.

[Saving space - attachment deleted by admin]

[Broni]

Next logs, please.

[evanesco]

Next logs, please.

Sorry, I had to go out, I'm on it now 

[evanesco]

MBAM log attached.

[Saving space - attachment deleted by admin]

[evanesco]

HJT log attatched.

[Saving space - attachment deleted by admin]

[evanesco]

I think I've done everything required. My pc is actually running a lot better, just from the scans I've done, but obviusly I need some help with the complete removal of the trogan. I also wanted to ask which programmes are essential for start up, so I can disable the rest of them from running on start up.

[Carbon Dudeoxide]

If you're talking about the startup in MSCONFIG, the computer will work without any of them checked but I don't think it would stop the Trojan. I would wait until one of our malware specialists to have a look at the logs you've posted.

Don't worry, they will be online soon to give you a tune-up. 

[evanesco]

I'm not sure what MSCONFIG is, so I'll explain a bit more. When I turn on my pc, several programmes start, like nokia connectivity (which is for my phone, so I know I'm good to disable that on start up), things that run in the background that don't really need to and could be run when needed. How do I check what's running so I can disable what I don't need running?

[Carbon Dudeoxide]

Have a look here:

http://www.computerhope.com/tips/wintips.htm#38

[CBMatt]

I'm only going to be on for a little bit longer, but I'll go ahead and get the ball rolling.  It looks like SAS and MBAM cleared out quite a few infections for you, but you're not entirely in the clear just yet.  For now, we're only going to concern ourselves with the infections.  We can worry about your start-up entries later.


Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file.  Open HijackThis and scan again.  Check the following entries, but don't do anything to them yet...

O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - X$þ - (no file)
O2 - BHO: (no name) - Ø$þ - (no file)
O2 - BHO: (no name) - ˆ$þ - (no file)

O4 - HKLM\..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe

O20 - Winlogon Notify: iifdbaAs - iifdbaAs.dll (file missing)
O20 - Winlogon Notify: tuvvuro - tuvvuro.dll (file missing)

Now, close all windows (including this one) besides HijackThis, then click Fix Checked.  Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)...

Barbie Girls or Mattel Barbie Girls

Please note any other programs that you dont recognize in that list in your next response.

Navigate to and delete the following folder(s) if present...

C:\Program Files\Mattel\Barbie Girls

Navigate to and delete the following file(s) if present...

C:\WINDOWS\system32\iifdbaAs.dll
C:\WINDOWS\system32\tuvvuro.dll

Once you've done all of this, reboot into Normal Mode and post a new HijackThis log along with new SAS and MBAM logs so we can see if there's any other junk we need to clean up.  And just for the heck of it, also run a scan with SpywareDoctor and tell us the results.  Let me know how everything's running now and if you had any problems following my steps.

Also very important...
I don't see any anti-virus (SpywareDoctor is only anti-spyware) or firewall running on your computer.  This needs to be remedied as soon as possible!

[Carbon Dudeoxide]

Also very important...
I don't see any anti-virus (SpywareDoctor is only anti-spyware) or firewall running on your computer.  This needs to be remedied as soon as possible!

Here are some good Antivirus software:

http://www.computerhope.com/issues/ch000514.htm

Personally, I like AntiVir, AVG and McAfee.

Note, only have one antivirus software.

[evanesco]

Thanks I'm on it now.

[evanesco]

O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - X$þ - (no file)
O2 - BHO: (no name) - Ø$þ - (no file)
O2 - BHO: (no name) - ˆ$þ - (no file)

O4 - HKLM\..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe

O20 - Winlogon Notify: iifdbaAs - iifdbaAs.dll (file missing)
O20 - Winlogon Notify: tuvvuro - tuvvuro.dll (file missing)

Done

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)...

Barbie Girls or Mattel Barbie Girls I couldn't remove this in safe mode, the installsheild wizard wouldn't start up, so I've removed it in normal mode.

Please note any other programs that you dont recognize in that list in your next response.

Navigate to and delete the following folder(s) if present...

C:\Program Files\Mattel\Barbie Girls Done

Navigate to and delete the following file(s) if present...

C:\WINDOWS\system32\iifdbaAs.dll
C:\WINDOWS\system32\tuvvuro.dll Niether were present.

Once you've done all of this, reboot into Normal Mode and post a new HijackThis log along with new SAS and MBAM logs so we can see if there's any other junk we need to clean up.  And just for the heck of it, also run a scan with SpywareDoctor and tell us the results.  Let me know how everything's running now and if you had any problems following my steps.

Also very important...
I don't see any anti-virus (SpywareDoctor is only anti-spyware) or firewall running on your computer.  This needs to be remedied as soon as possible!

I'm going to do the scans and logs now. I haven't got anti virus, becasue I thought it was in with Spyware Doctor, obviously not, and I thought my windows firewall was enough. I'll get sorted with this and then get me some anti-virus and a better firewall. Thanks =)

Oh, I didn't know how to reboot in safe mode and how to show hidden folders, I figured it out though.