# hlp plz with trojan.win32.pakes.cdw

May 14, 2009 at 20:07:43
Specs: Windows XP
 when I run my virus scanner it picks up a virus called trojan.win32.pakes.cdw it says under it c:\windows\system32\c_isci.dll but it just puts it in quarantine but it will not remove it can u plz hlp me remove this from my comp thank u in advance

See More: hlp plz with trojan.win32.pakes.cdw

#1
May 14, 2009 at 20:11:17
 Hi,Can you please post your AVZ log:1) To create the logfile, download AVZ by clicking HERE(http://www.z-oleg.com/avz4.zip). Please save this file to your desktop or "My Documents" folder.2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting OpenIf you are running Windows vista launch AVZ.exe by right clicking and selecting Run as AdministratorYou should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.begin ExecuteStdScr(3); RebootWindows(true); end. Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and past the link here or pm it to me.

Report •

#2
May 15, 2009 at 01:47:50
 http://www.systemsecurityinstitute....See this site maybe they include some research on this kind of a trojan. Want A Weekly Update on Latest System Security Problem http://www.systemsecurityinstitute.org

Report •

#3
May 15, 2009 at 09:14:32
 I pmed u the link to the avz log

Report •

Related Solutions

#4
May 15, 2009 at 10:05:56
 Did/Do you run sunbelt AV?Run this script same way as before your computer will restart.begin SetAVZGuardStatus(True); SearchRootkit(true, true); QuarantineFile('C:\WINDOWS\System32\Drivers\IsDrv122.sys',''); QuarantineFile('C:\WINDOWS\system32\drivers\wmahotzy.dat',''); DeleteService('majyqzuf'); StopService('majyqzuf'); DeleteFile('C:\WINDOWS\system32\drivers\wmahotzy.dat'); DeleteFile('C:\WINDOWS\System32\Drivers\IsDrv122.sys'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end. After reboot follow this steps carefully:Attach a Combofix log, please review and follow these instructions carefully.Download it here -> http://download.bleepingcomputer.co...Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.Now, please make sure no other programs are running, close all other windows and pause/stop any Antivirus/Spyware application you have running until after the scanning and removal process has taken place.Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.It may take a while to complete scanning and this is normal.You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Report •

#5
May 15, 2009 at 10:43:01
 how do i turn everything running off and how do i know if there all off

Report •

#6
May 15, 2009 at 10:59:09
 Did you run first half of the script with AVZ? What antivirus/anti-spyware programs you running?

Report •

#7
May 15, 2009 at 11:02:48
 avanquest fix it

Report •

#8
May 15, 2009 at 11:07:09
 If there is icon in taskbar right click on it and see if there is option to disable it. Also run first half of the script(AVZ part) first.

Report •

#9
May 15, 2009 at 11:07:47
 i did all the steps up to where it says please make sure no other programs are running, close all other windows and pause/stop any Antivirus/Spyware application you have running until after the scanning and removal process has taken place. but i want to make sure i have all the programs turned off how do i know if i do

Report •

#10
May 15, 2009 at 11:12:18
 Does your virus scanner still detect the trojan? If you can't find disable option its ok just add combofix to total exception from it in your antivirus and run it.

Report •

#11
May 15, 2009 at 11:29:18
 ok i ran combofix it has finished what do i do now

Report •

#12
May 15, 2009 at 11:32:14
 Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post.

Report •

#13
May 15, 2009 at 11:35:34

Report •

#14
May 15, 2009 at 12:02:12
 i attached the log now what do i do?

Report •

#15
May 15, 2009 at 12:10:58
 Run this script in AVZ:begin CreateQurantineArchive('c:\quarantine.zip'); end. A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://rapidshare.com/ Then, Private Message me the Download link to the uploaded file. Lastly, uninstall Combofix by: pause AV > Start > run > type combofix /u > ok. Or Start > run > type 234 /u > ok.Also, if you use Windows System restore, turn it off > reboot and do a full scan with Antivirus. Then turn system restore back on, if you wish; this to remove malware from system volume information files. How to turn it off/on: http://support.kaspersky.com/faq/?q... Let me know if your antivirus still detects anything.Also, scan with Malwarebytes' Anti-Malware and attach its log, but Please Don't fix anything yet, until the log is reviewed.

Report •

#16
May 15, 2009 at 12:47:53
 i tried uninstalling combofix like u said and when i hit run it says it can not find it

Report •

#17
May 15, 2009 at 12:51:17
 Try Start > Run > 123 /u > ok or Start > Run > 123.exe /u > ok.

Report •

#18
May 15, 2009 at 12:52:33
 ok it said it was uninstalled the icon is still there does that matter

Report •

#19
May 15, 2009 at 12:53:27
 ok ty its gone

Report •

#20
May 15, 2009 at 18:10:16

Report •

#21
May 15, 2009 at 18:16:11
 Okay fix that and re post an AVZ log from Response Number 1. Seems like some of component is still there not deleted.

Report •

#22
May 15, 2009 at 18:37:19
 By re-post i mean remake AVZ log again.

Report •

#23
May 15, 2009 at 19:33:41
 Before i manually start deleting stuff i want you to download and run Kaspersky AVP Tool:http://devbuilds.kaspersky-labs.com...Once you download and start the tool select these objects:System MemoryStartup ObjectsDisk boot sectorsC:And hit ScanPost me log/Screen shot of what it detects once it finished and fix what it recommends.

Report •

#24
May 16, 2009 at 06:02:13
 ok i did the kaspersky scan as u said i sent u the link to the screenshot and the log and i fixed what it said

Report •

#25
May 16, 2009 at 06:11:10
 Yes got it. Can you also send me those files to analyze. Then i will tell you how to proceed from there.regards,neo

Report •

#26
May 16, 2009 at 06:46:19
 I cant find either of them files I even set it up to view hidden files and still can not find them

Report •

#27
May 16, 2009 at 06:56:02
 1) Download: http://mail.ustc.edu.cn/%7Ejfpan/do...2) unpack and execute icesword.3) Go to the file section and look for C:\WINDOWS\system32\drivers\wmahotzy.dat, repeat same for C:\DOCUME~1\FRANS~1\LOCALS~1\Temp\catchme.sys.4) right click it and choose force delete. and make a new avz log and pm it to me.

Report •

#28
May 16, 2009 at 07:02:01
 Also after new avz log re-run malaware byte -> full scan and post scan results again.

Report •

#29
May 16, 2009 at 07:08:11
 still cant find them

Report •

#30
May 16, 2009 at 07:10:11
 Ok continue with new AVZ log and re-scan with Malwarebytes.

Report •

#31
May 16, 2009 at 09:51:51
 Malwarebytes' Anti-Malware 1.36Database version: 1945Windows 5.1.2600 Service Pack 35/16/2009 12:48:03 PMmbam-log-2009-05-16 (12-48-03).txtScan type: Quick ScanObjects scanned: 89716Time elapsed: 1 hour(s), 2 minute(s), 45 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)

Report •

#32
May 16, 2009 at 11:43:56
 Ok seems virus cleared out :). I highly recommend you use kaspersky/bitdefender/Norton/Eset as antivirus. Just to remove residual stuff do full scan with http://www.bitdefender.com/scanner/... . If anything pop's up which it can't take care of let me know.

Report •

#33
May 16, 2009 at 11:59:49
 I forgot to mention also run those microsoft tools/link i pm you. How does system feels faster/bettter? Does your current AV detect anything?

Report •

#34
May 16, 2009 at 13:54:04
 i did a scan using my virus scanner there were no threats found woooohoooooo thank you so much you are a sweet heart

Report •

#35
May 17, 2009 at 08:45:46
 I tried running my disk defrag and it wont run not sure why

Report •