ive been infected by trojan downloader

Hewlett-packard / Hp pavilion dv2700 notebo...
July 4, 2009 at 14:33:33
Specs: Microsoft Windows Vista Home Premium, 2.1 GHz / 3006 MB
i have been infected by a trojandownloader: Win32/Renos.DZ
it displays pop-ups and random audio clips. it also slows my computer down alot and redirects my search engine.
windows defender finds it but when i maunally remove it, it comes back in about 30 mins.
i am using symantec/norton antivirus and avast antivirus.
I ran GMER and it detected a rootkit. and i am using windows vista.
does anyone know of any ways to help me get rid of this trojan downloader.

See More: ive been infected by trojan downloader

Report •

July 4, 2009 at 14:37:28
Follow these steps in order numbered:

1) Download GMER: http://gmer.net/download.php
[This version will download a randomly named file (Recommended).]

2) Disconnect from the Internet and close all running programs.

3) Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

4) Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.

5) GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)

6) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.

7) Now click the Scan button. If you see a rootkit warning window, click OK.

8) When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log and upload it rapidshare.com. Post the download link to the uploaded file in your post.

9) Exit GMER and re-enable all active protection when done.

Note: Please give me the exact name of the file you downloaded in step 1 + post your log from step 8 in your next post.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 6, 2009 at 10:01:36
thanks for the reply!

i followed the steps 1 - 7 as stated above. i let GMER scan my computer overnight (took a while). when i checked it in the morning, it had restarted itself. so i executed GMER again and it still detected a rootkit(highlighted in red). is there a way to get the scan results, or should i just scan again?

I appreciate all the help.

Report •

July 6, 2009 at 10:09:45

Report •

Related Solutions

July 6, 2009 at 22:18:58
ok so i ran GMER again, no restart this time. heres the link.
Download Link:

MD5: 54B8B3C6C9056FC690D4DF94EC182086

Report •

July 6, 2009 at 22:27:57

Report •

July 6, 2009 at 22:54:12
here is the file

Report •

July 7, 2009 at 07:30:22
Follow these steps in order numbered:

1) Open Gmer like before.
2) Click on the >>> tab. This will open up the rest of the tabs for you.
3) Click on the CMD tab and make sure CMD.EXE is selected.
4) Now highlight the contents of the below codebox and copy it to the clipboard by pressing ctrl+c

bjgt0hpt.exe -killall
bjgt0hpt.exe -del service MSIVXserv.sys
bjgt0hpt.exe -del file C:\WINDOWS\system32\drivers\MSIVXgpwwytdtmirmvovpytpxvmguqylepicy.sys
bjgt0hpt.exe -del file C:\WINDOWS\system32\MSIVXvgrwqjxfeuqjbwiitvnosqjxwphxqsqh.dll
bjgt0hpt.exe -del file C:\WINDOWS\system32\MSIVXedvykmxcfcpexadxwtpmywdsbdbeeubp.dll
bjgt0hpt.exe -reboot

5) Now paste the contents into the top black box in GMER by using ctrl+v.
6) Click Run, the script will run and then your PC will be rebooted.
7) After rebooted, rerun GMER like before and attach the new log.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 8, 2009 at 02:13:11
so i cut and pasted the text repsonse number 7. But, as soon as i clicked run, the screen went black. and then the computer restarted with that error screen that says " computer shut down unexpectedly ..... start in safe mode, safemode with networking, or start windows normally. so i booted up with a normal startup, and ran GMER like i did before and this is the log i uploaded to rapidshare.

Download Link:

MD5: 0DB35C51BA8889D4D1699C98E06B1791

Report •

July 8, 2009 at 03:50:57
Follow these steps carefully and in order numbered:

1) Download The Avenger by Swandog46 from here.

2) Unzip/extract it to a folder on your desktop.

3) Double click on avenger.exe to run The Avenger.

4) Click OK.

5) Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.

6) Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.

Drivers to delete:

Files to delete:

7) In the avenger window, click the Paste Script from Clipboard, button.

8) Click the Execute button.

9) You will be asked Are you sure you want to execute the current script?.

10) Click Yes.

11) You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.

12) Click Yes.

13) Your PC will now be rebooted.

Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.

14) After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

15) Please upload this log to rapidshare.com and post a download link to the uploaded file.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 8, 2009 at 16:11:26
Download Link:

MD5: 5B4A01109F3DBAE1CA7076A017F9B3D4

Report •

July 8, 2009 at 16:14:03
1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

2) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 9, 2009 at 18:50:19
the first link is the malwarebytes log, the second link is the superantispywarelog

1. Download Link:

MD5: 46627E5CB39A572E97B619B28808D3EE

2. Download Link:

MD5: 94FDDBFFC1424A5A826C570FB5493900 2. Download

Report •

July 9, 2009 at 19:20:20
Update your malwarebytes database and run a complete scan again.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 10, 2009 at 00:18:55
i updated and there was no malicious files found.

thank you very much for all of your help, your responses were very helpful and much appreciated.

i think my pc is good now, is there anything else i should do to makke sure?

Report •

July 10, 2009 at 05:30:03
Download ccleaner and clean your temp and registry.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 12, 2009 at 12:21:10
I ran ccleaner and it fixed alot. That's a good program thanks.
Can you think of anything else that I should do?

Report •

Ask Question