Please help with removing trojans and rootkits!

[Leon351]

I experienced some problems with my computer about a week ago when the screen started to flash as well as constant freezing. Eventually, when I tried using an application such as AIM, my computer shut itself off. When I restarted, my computer picked up that I had trojan horse downloader.delf.BTU and other adware. I am using AVG 8.0 and I've gone through countless spyware/adware programs until I was recommended to come here. I've already gone through the whole removing malware process. Attached are the logs. If there is any more information needed, I will glady offer if I can. I really would not like to have to format my hard drive and restore it with a backup CD, but I'll wait for a response. Thank you!

I forgot to mention my computer specs.

MS Windows XP
Service Pack 2
Toshiba
Intel Celeron M

Thanks!

[attachment deleted by admin]

[evilfantasy]

Sorry for the delay.

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- R3 - URLSearchHook: (no name) - - (no file)
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.

For Windows XP Systems install the Recovery Console:

- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
- If for some reason your Internet is not working click No.
- If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA click OK.
- Accept Microsoft's EULA (Click Yes).
- When you are told that the RC is installed correctly click YES to continue scanning for malware.

When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

[Leon351]

Here is the log. Thanks again for the help!

[attachment deleted by admin]

[evilfantasy]

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

File::
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{072b0596-a7b9-11dd-94b8-0011f54eab49}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66586192-c564-11db-922d-000fb0648965}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{813b1d6a-7c57-11dc-9304-000fb0648965}]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze


Also let me know how the computer is running now.

[Leon351]

Here is the combofix log.

My computer seems to be working alright. Should I perform another scan with superantiwpyware and anti-malware? Thanks for all the help.

[attachment deleted by admin]

[evilfantasy]

Should I perform another scan with superantiwpyware and anti-malware?

No we will run another scan for a final check.

First a bit of clean up.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

.
----------

Now run CCleaner and then restart the computer.

----------

Run this online scan.

This scanner requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

[Leon351]

Ok. Here is the log from ESET Online Antivirus Scanner.

[attachment deleted by admin]

[evilfantasy]

Looks good. If everything is running OK we can finish up.

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[Leon351]

Ok. Finished doing the scans and the updates. I ran a scan with Spyware Doctor and it came up with some files. Attached is a printscreen of what it found. Can these things be deleted from my computer? Other than that, the other spyware programs don't pick up anything. Thanks again!

[attachment deleted by admin]

[evilfantasy]

Those can be deleted.

[Leon351]

After doing several scans, neither AVG or Spyware Doctor pick up anything. Looks like I am in the clear. Thanks again for all the help. It saved me from having to start from scratch.

[evilfantasy]

Your welcome.

Safe surfing...