rookie with virus problem

[rookie47]

Hi - new to this, rookie with a major problem, can't seem to get rid of these items,, hijack log attached ,,, please help!

Drowor D Trojan   c:\WINDOWS\SYSTEM\INTERNAT.EXE

EliteKeylogger      c:\WINDOWS\SYSTEM\MCIOLE.DLL

Virus.Win32.Delf.ak   c:\WINDOWS\RUNDLL32.EXE

Smitfraud      c:\WINDOWS\WUPDMGR.EXE

[getting disk space - attachment deleted by admin]

[rookie47]

I see there are no takers on this. Does this mean it does not have enough information?  or  Is this task too difficult to handle here? I've been watching all day and I'm probably doing further damage by not having this corrected immediately. ??

I am a ROOKIE at this stuff ,,, Windows ME ,,, I'll have a lot of questions I'm sure.

[evilfantasy]

Run this Online Scan.

Run the BitDefender Online Scanner.

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file.
Thanks To Chaslang For The Bitdefender Guide!

[dairyman]

I'll take a look at the log file.

[dairyman]

Before I tell you what to clean in HijackThis, you need to install a firewall.

Comodo Firewall is NOT compatible with Windows ME, but you can install Jetico Personal Firewall instead. Click Here to go to the site.

[patio]

Why does he need to have a firewall installed before you look at his log ? ?
What are your HJT qualifications ? ?

[rookie47]

OK ,, thanks, I did the defender and here is the log ,,, I hope I did it correctly ,,,

I appreciate all the help ,,,

[getting disk space - attachment deleted by admin]

[dairyman]

Why does he need to have a firewall installed before you look at his log ? ?
What are your HJT qualifications ? ?

Sorry, I mean he should install a firewall.

I contacted CBMatt and he showed me a link to old post, which had another link to a web page that showed me how to read a log file.

[dairyman]

1 ) Print out the following instructions.
2 ) Download and install Spybot Search and Destroy.
3 ) Place a tick next to:

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL (file missing)

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL (file missing)

4 ) Click on Fixed Checked.
5 ) Reboot into Safe Mode.
6 ) Run Spybot S&D and run a full scan.

[rookie47]

I do have a question, I ran the Xoftspy again and Keylogger and Smitfraud were present, however, when I deleted them, rebooted and scanned again with Xoftspy they were gone, Does this mean I zapped them? or, Are they still running in the background undetected?

In your opinion, How good are these programs?, I run these all the time,

XoftspySE
PConPoint
Ad-AwareSE
McAFEE
HistoryKill

The reason I ask is these programs pick up things some of the other programs don't and vice versa ,,

[evilfantasy]

I am not sure about XoftspySE as I don't use it. There are plenty of free alternative that work very well.
=====
You need to clear you Java Cache. See link below for instructions:
http://www.java.com/en/download/help/5000020300.xml
=====
CCleaner
If you do not have CCleaner please install it. Download CCleaner
* Once CCleaner is open use the default options.
* Click Analyze and it will show a log of what will be removed.
* Next click Run Cleaner to remove everything.
=====
Next please install Superantispyware (SAS)

SUPERAntispyware Free Edition

Install it and double-click the icon on your desktop to run it.
*  It will ask if you want to update the program definitions, click Yes.
*  Under Configuration and Preferences, click the Preferences button.
*  Click the Scanning Control tab.
*  Under Scanner Options make sure the following are checked:
+  Close browsers before scanning
+  Scan for tracking cookies
+  Terminate memory threats before quarantining.
+  Please leave the others unchecked.
+  Click the Close button to leave the control center screen.
*  On the main screen, under Scan for Harmful Software click Scan your computer.
*  On the left check C:\Fixed Drive.
*  On the right, under Complete Scan, choose Perform Complete Scan.
*  Click Next to start the scan. Please be patient while it scans your computer.
*  After the scan is complete a summary box will appear. Click OK.
*  Make sure everything in the white box has a check next to it, then click Next.
*  It will quarantine what it found and if it asks if you want to reboot, click Yes.
*  To retrieve the removal information for me please do the following:
+  After reboot, double-click the SUPERAntiSpyware icon on your desktop.
+  Click Preferences. Click the Statistics/Logs tab.
+  Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
+  It will open in your default text editor (such as Notepad/Wordpad).
+  Please save the notepad file to your desktop by clicking (in notepad) "File" "Save As".
*  Click close and close again to exit the program.
*  Please add the log as an attachment along with a new HijackThis log in the next post.

[rookie47]

OK, I have just done what you've instructed with Java and I ran the Cleaner, I have not deleted anything with the cleaner as of yet until I clear it with you, I am not going to loose anything important by "Cleaning" am I? I am putting a lot of trust in you here, Should I proceed? There are a lot of files going to be deleted there.

[evilfantasy]

If you have never ran CCleaner then there will be a lot of stuff there.

It will not remove anything important unless you specifically tell it to. And that is done by creating a Custom Folders option to clean.

If you look at the list it has produced you will see stuff like cookies, temp folders, Recently Typed URLs etc, etc. The reason I ask you to run it is because it will reduce the time when running the SUPER AntiSpyware scan. If you are uncomfortable using CCleaner then it is not completely necessary. I have used it for years with no problems.

Click Here for a list of what it removes.

[rookie47]

OK, I've done that, I'm onto the Antspy

[rookie47]

Scanning, Complete scan correct?

Scan completed ,,, it says no infected files found!

What do you think? However, XoftspySE still shows these after a scan:

Drowor D Trojan           c:\WINDOWS\SYSTEM\INTERNAT.EXE
Virus.Win32.Delf.ak      c:\WINDOWS\RUNDLL32.EXE

HJT Log attached

[getting disk space - attachment deleted by admin]