SpywareDoctor can't remove Trogan

[evanesco]

Actually, I've gone back to the malware removal thread, and realsing I don't have anti-virus, I'm doing that first. Logs will be on when they're done.

[Carbon Dudeoxide]

how to show hidden folders

You don't have to go to Safe Mode to view hidden files and folders.

Another CH link you might want to check out
http://www.computerhope.com/issues/ch000516.htm

We're (I'm?) drifting off topic now. I don't think it's necessary to re-post the logs.

*couch* Chris *cough*

[evanesco]

how to show hidden folders

You don't have to go to Safe Mode to view hidden files and folders. I know that, I was asked to go into safe mode to remove the mattel/barbie girls programme. The hidden folders was a seperate thing.

Another CH link you might want to check out
http://www.computerhope.com/issues/ch000516.htm

We're (I'm?) drifting off topic now. I don't think it's necessary to re-post the logs. Quote "Once you've done all of this, reboot into Normal Mode and post a new HijackThis log along with new SAS and MBAM logs so we can see if there's any other junk we need to clean up.  And just for the heck of it, also run a scan with SpywareDoctor and tell us the results.  Let me know how everything's running now and if you had any problems following my steps."

*couch* Chris *cough*

Do I need the logs?

[Carbon Dudeoxide]

I think the ones you've already posted are ok

[evanesco]

Erm, that's ok, but I don't kow what I'm supposed to be doing now. I thought I had to re-scan with SAS and MBAM, along with SpwareDoctor and post the logs. Now you're telling me I don't have to. So is it just a HJT log that's needed?

[CBMatt]

Sorry about the confusion.  I do want you to post new logs for HJT, SAS, and MBAM.  I think Carbon Dudeoxide has been drinking...




As for Safe Mode and hidden files...he posted a link for the latter above.  Here's a link for Safe Mode:
http://www.computerhope.com/issues/chsafe.htm




I will have to leave in just a minute, but one of the other specialists should come online soon.  If you receive further instructions from Broni or evilfantasy (or anyone else with a Malware Removal Specialist title), you'll be in good hands.  If neither of them instruct you, then I will be back later today to do it myself.

If you want to take care of your anti-virus and firewall first, that is completely acceptable.  In fact, it is encouraged.  For anti-virus, I suggest AVG Free 8.0; for a firewall, I suggest Comodo.  Windows Firewall is good to have, but it does very little to protect you.

[evanesco]

Thank you, I've got Avast, it was recommended on the malware thread. I'm going to get Comodo now, then I'll make a start with the other scans. Maybe Carbon Dudeoxide should take a little water with his =)

[CBMatt]

Heh.  Avast is also a good choice.  Good luck with your scans.  We'll hopefully have everything sorted before the day is over!

[evanesco]

Comodo is scanning right now. Does it take so long because I have my hard drive is at 75% capacity? I need to delete some music, I've got a cd player for heavens sake!

[Carbon Dudeoxide]

  I think Carbon Dudeoxide has been drinking...

I managed to keep it fresh this long. 

Depending on how many files you have and the total used space, it shouldn't take more than a few hours. My computer scans in about 1 hour.

[evanesco]

Jeez, that was a pain, I had to go out, and SAS took 3 hours, then crashed. Luckily it had completed the scan and made a log, which is attached.

[Saving space - attachment deleted by admin]

[evanesco]

Here's the MBAM log.

[Saving space - attachment deleted by admin]

[evanesco]

I ran spyware dotor and it came back clean, so I haven't done a log, and attached is the HJT log. Cheers peeps.

[Saving space - attachment deleted by admin]

[Broni]

I hope Chris won't mind for me to chime in, since he's not here.
I'll check startups as well.

[Broni]

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):

- O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
- O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
- *O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
- *O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
- *O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
- *O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
- *O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
- *O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
- *O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
- *O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
- O4 - Global Startup: Event Reminder.lnk = ?
- *O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
- *O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

4. Click on Fix checked button.

5. Restart computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears)

6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

7. Delete following files/folders (if present):

- AskSBar folder from C:\Program Files

8. Restart in Normal Mode.

9. Post new HijackThis log.