Trojan Virus DID Computer Hope Virus and Spyware section Guidelines..HELP

[shaboogirl]

Here is the reports I received from the scans I did. It doesnt show much from what I see. But now that I logged back on my computer I know there back so I will do another scan and it should show the TROJAN virus I have. Im running an AVG scan now and will post results soon. Also Everytime Im on the computer my harddrive makes a ticking noise and when I first log in I get these 2 ERROR messages:

1. Windows cannot find c:\docum~1\george\locals1\netdetect.exe, make sure you type the name correctly, and then try again. to search file, click start button then search.

2.Could no load or run c:\docume~1\george\locals~1\netdetect.exe, specified in the registry. make sure file exists on your computer or remove the reference registry.

*** I notice when I do the scans that "George\locals and registry keep coming up.

I attached my scans, any help is great.

[attachment deleted by admin]

[CBMatt]

You have Vundo and possibly another infection.  Go ahead and follow these steps...


Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[shaboogirl]

Hey Matt, I was able to do what you said. I have the two logs you said to do. I have one for Hijack and one for combo fix I am attaching. Thanks for your help!!!!

[attachment deleted by admin]

[CBMatt]

Sorry for making you wait a little bit; I got wrangled into helping out with a web site and it took up a lot of my time.  I got your PM about the issue you were having with ComboFix...you have posted a log, so does that mean everything is working okay now?  If not, let me know.

ComboFix appears to have cleared out the infection.  I would suggest opening up HijackThis and run another scan (without saving a log).  Place checkmarks next to these three items...

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - *{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)

Close everything else besides HijackThis and click on Fix Checked.  That should take care of those.  They're not really a cause for concern, but you don't need them.

Now...your computer's a bit cleaner, but I have reason to believe that something is still lurking about.  Follow the instructions for using ESET...

1. Please go to ESET OnlineScan (NOD32): http://www.eset.com/onlinescan
2. You will then see the Terms of Use, check the check-box in front of YES, I accept the Terms of Use
3. Now click Start
4. Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
5. Click Start
Note: (the Onlinescanner will now prepare itself for running on your pc)
6. To do a full-scan, check "Remove found threats" and "Scan potentially unwanted applications"
7. Press Scan
8. The Onlinescan will now start and scan your PC (this could take a while)
9. When the scan has finished, it will show a screen with two tabs: "Overview" and "Details", and the option to get information or buy software.  Just close the window
10. Click Start > Run and type type: C:\Program Files\EsetOnlineScanner\log.txt and click OK
11. The Scanresults will now open in Notepad
12. Click into the text area, right-click and chose "select all" (or use <Control>+A)
Right-click again and chose "Copy" (or <Control>+C)
13. Close/Exit Notepad
14. Navigate to this thread and post your log along with anything else requested from us, by right-clicking and pasting (or ctrl+v) in the text area of the reply post you just created.



Hopefully that will yield further results and we can make some progress with your problem.

[shaboogirl]

I just did the above like you suggested. Before I did it seem I now have TR/Agent2.kgp. I attached a report from Avira. The only programs I have are Avira and SuperAntispyware. I tried to install 3 different firewalls and its not allowing me to. Im wondering if it has something to do with the virus. Now that I ran Avira and the eset I will try again.

[attachment deleted by admin]

[CBMatt]

You certainly need a firewall, but let's not worry about it yet.  Like you said, an infection could be preventing it from working.

Do you have the Eset log?  I'd really like to take a look at that and see what it says.

[shaboogirl]

I will run a new one and post again. I am actually thinking of disabling everything and doing the combofix again. Seems like every time I do a scan nothing comes up but I know I have a virus still. I tried deleted some stuff from my hard drive that looked weird and it came right back. Also under downloads I keep getting this folder, something shield..I will have to get the name and post when it comes back.

[shaboogirl]

I did the eset scan and it says it found nothing and there was no option and get a log

[shaboogirl]

ok so that thing came up under my downloads on c drive, it says Force Field Shared Files. I delete that and it comes back, not sure if its part of the virus, but everytime I do a scan nothing comes up.

[CBMatt]

You need to be careful when deleting unknown files.  Since they are unknown to you, you never know if you may be deleting something important!  In the case of Forcefield, it should be a ZoneLabs product, but you don't show any other evidence (that I can see) of having ZoneAlarm or Forcefield installed.  Have you installed it recently?  Or did you once have it in the past?  If so, then it isn't a cause for concern.

At this point, you aren't showing many signs of infection.  But for the heck of it, go ahead and scan with ComboFix again.  If you can, try scanning it in Safe Mode:
http://www.computerhope.com/issues/chsafe.htm

Save the log, then restart your computer (which will take you back to Normal Mode).  Run a new HijackThis scan.  Post both of those logs here.

If you are still getting the NetDetect error, go ahead and try CCleaner to see if it helps at all.  Let me know your results...
http://www.computerhope.com/forum/index.php?board=25.0
(Be sure to avoid installing the Yahoo! toolbar)

[shaboogirl]

hey, just wanted to thank you for trying to help, my computer is so *censored* up. I did a system restore and tried the combofix becuase that got rid of the virus before. Now I have Vundo and others, I cant install any kind of antivirus and cant even run combofix now because in order to do it you have to disable AVG and antivirus software. I keep getting an error message, then when i tried to uninstall it wont allow me to. but thanks for trying, I do appreciate it.

[shaboogirl]

Here are the combofix and hijack log, I sent you a personal message about the AVG

[attachment deleted by admin]

[CBMatt]

I've never had issues with AVG causing problems for ComboFix, but at the same time, I wouldn't be all that surprised.  In your last post, you said you have Vundo.  I don't see any traces of Vundo (or any other infection) in your logs...what program said you have Vundo?  And does it still say it?  Unless a programming is reporting otherwise, I'd be willing to say that you're likely virus-free.

Now, about the situation you described to me via PM about AVG...it sounds like you didn't properly uninstall AVG.  Did you go to Add/Remove Programs and uninstall the program, or did you simply start deleting files?  If you just starting deleting files/folders/components, that would explain your current issues.  In any case, I suggest downloading AVG Remover to remove all of the files properly:
http://www.avg.com/download-tools

Once that's taken care of, you can either try AVG again (fresh install) or try out a different program such Avast!, Avira, or ClamWin.  MBAM and SUPERAntiSpyware are great programs to have, but you need an active anti-virus to be adequately protected (a firewall such as ZoneAlarm is also strongly urged).  If you're not experiencing anymore problems, then you don't need HijackThis or ComboFix anymore and you can simply get rid of them.  However, if you are still experiencing problems after using AVG Remover, let me know.

[shaboogirl]

I just ran a new scan with superantispyware and the trojan came up. I saved it and attached. Then I ran Malwarebytes and it didnt come up. Vundo is gone finally. I will try the AVG uninstaller. I did try and delete from add and remove files but then I did just try and delete files.

[attachment deleted by admin]

[CBMatt]

Your SAS log is nothing to be concerned about.  That "trojan" at the bottom isn't actually an infection.  I don't know why exactly, but when some people run ComboFix, it places that file in their Windows directory.  Because that's not where the file is supposed to go, SAS picks it up as a threat.  Keeping the file won't cause harm, but feel free to just remove it if you wish.

As for the AVG Remover, I'm hoping that will help out with a couple of your issues.