I Have a virus

[The Bubba]

I've recently found that I have a virus called win32qhost.mg and was trying to find a program to remove it. I found one called CyberDefender and It says it out performs all of the well known others and lists them. Is it safe to use?
__________________

[evilfantasy]

Not familiar with it.

Trusted method HERE

[The Bubba]

I have AVG and it doesn't know it's there. I found it using Kaspersky's on line scan. My AVG is always updated as well and it still didn't catch it. I guess I'll bite and use this CyberDefender program that says it can remove it.

[evilfantasy]

Cyberdefender is a rouge tool. See HERE If you downloaded it then you have just infected your computer even further. All the tools we suggest are free and don't contain even more malware.

Do you still have the Kaspersky scan log? Kaspersky finds things but unless you know exactly what you are looking at in the log then it can be misleading.

You can follow the guide from my previous post or go for it on your own. Your choice.

[The Bubba]

Looks like there are mixed feelings about it. My AVG doesn't detect the win32qhost Trojan and my computer is still acting very slow and won't even open pages on the first or second try. What to do except put down some bucks for a good program that can remove it.

[evilfantasy]

Trusted method HERE

You can either do our guide which has helped hundreds fix their malware problems for free or as I said in the previous post you can go it alone. Your choice.

[The Bubba]

OK, I had already done the first 3 steps and will get back to you after I'm through with the rest. I had gone over your list before but got distracted somehow.

[The Bubba]

I'm about to give up, I've done all the steps and now when I try to add 3 attachments, it say either I can't add 4 attachments, no body or you've already posted that. What's a guy to do?

[The Bubba]

I'm going to try each attachment in 3 different posts.

[recovering space - attachment deleted by admin]

[The Bubba]

Another

Dr Web didn't want to do right, here is the log.


CFD.exe;C:\Program Files\BroadJump\Client Foundation;Adware.Cfd;;
00688484.FIL;D:\$VAULT$.AVG;Trojan.Fakealert.406;Deleted.;
00710875.FIL;D:\$VAULT$.AVG;Trojan.Fakealert.406;Deleted.;
00733187.FIL;D:\$VAULT$.AVG;Trojan.Fakealert.406;Deleted.;
nutils.dll;D:\Program Files\NoAdware5.0;Trojan.NtRootKit.103;Deleted.;
A0018115.dll;D:\System Volume Information\_restore{84ED5C82-C100-4A9C-A172-5240B436D570}\RP186;Trojan.NtRootKit.103;Deleted.;
A0019384.dll;D:\System Volume Information\_restore{84ED5C82-C100-4A9C-A172-5240B436D570}\RP190;Trojan.NtRootKit.103;Deleted.;




[recovering space - attachment deleted by admin]

[The Bubba]

And the last


[recovering space - attachment deleted by admin]

[The Bubba]

Success maybe?

[evilfantasy]

Having two antivirus programs running at the same time causes your computer to run very slowly and also causes random lockups.

Please uninstall one antivirus program and then run a new Hijackthis scan and post the log. You can just copy and pase it directly into the post instead of attaching it.

Let me know how things are now.

[The Bubba]

I removed one of the anti virus programs. Did you remove my attachments? Here is the Hijack this log you asked for. BTW, my computer is doing much better but still acting up just a tad.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:34 AM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\IE New Window Maximizer\iemaximizer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\John Matthews\My Documents\Hijack this\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigblueheaven.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [IE New Window Maximizer] D:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 6016 bytes

[The Bubba]

Well I saw the proceedure that you suggested remove some viruses, but I ran another Kaspersky online scan and it says I still have 6 viruses.