Greetings, AVG is showing 'Trojan Horse Downloader.Dyfica.N' as uncleanable after successfully removing several Trojans (10) and Worms(6) at one hit. Symptoms include: 'My Computer' fails to recognise the installed Sony CD Re-writer even after deleting and re-installing the Sony driver, there are some intermittent wrong functions on the keyboard, everything has gone slow, outgoing e-mails cannot be sent (from Incredimail or OE) due to '550 error. recipient not authorised...' (or similar). Any ideas?? And...can anyone tell me how to trace back who is poking around in my PC?? (My history is with Fortran, Fortran-4, Algol, Cobal... on machines like ICL 1903-A so this other stuff is new to me. Who remebers punched-card and punched-paper tape!!)

Adaware is supposed to remove this trojan. http://www.lavasoftusa.com If no luck there, try an online Virus scanner: http://www.closedsocket.com/links.html

[remembers bloody punch cards too well] have a look at this general guide Computing.Net Guidelines and follow up with these notes: Download and update ! HijackThis 1.97.0.7 new version http://www.spywareinfo.com/~merijn/files/hijackthis.zip Unzip/extract all…and double click on hijackthis.exe. * Make sure that you actually extract HijackThis to its own folder,and not to a \temp folder. DO NOT run it from a temp folder or from within a zip manager (Winzip), as no backups will be saved. * If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post. *If you have run and fixed anything with Spybot Search and Destroy or AdAware, please reboot before scanning. Run HijackThis, Press Scan, and wait, Save the log, (the ‘scan’ button changes to ‘save log’) Edit>select All > copy and paste its contents here. ** Don't fix anything yet. Most of what it lists will be harmless or even essential for your system or for the log reader to resolve the problem** Post the full log including header info in reply. It will be reviewed by someone here.

Logfile of HijackThis v1.97.7 Scan saved at 10:17:08 AM, on 15/01/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\System32\gearsec.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\Mixer.exe C:\Program Files\Grisoft\AVG6\avgcc32.exe C:\WINDOWS\System32\LVComS.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\nCase\msbb.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.exe C:\PROGRA~1\FASTDE~1\FAST2.exe C:\Program Files\RSNet\RSEDNClient.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\SlimBrowser\sbrowser.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem216.dll O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\System32\LVComS.exe O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [BIOVF] C:\WINDOWS\BIOVF.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [msbb] C:\Program Files\nCase\msbb.exe O4 - HKLM\..\Run: [CFMSZ] C:\WINDOWS\CFMSZ.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FASTDE~1\FAST2.exe -tray O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: AOL Instant Messenger (TM) (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/20031218/akamai.info.apple.com/iTunes4/WW/win/019-0123.20031218.zes4d/iTunesSetup.exe O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/ActiveXInstallers/Installer/nCaseInstaller.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37947.7635532407 O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - http://cdn.climaxbucks.com/internet-optimizer/080703/UniDistIOcrack.CAB O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Installer/104/rsinstaller.cab

This is a different computer with a different set of problems. Please start your own thread: run spybot and state this in your post....and repost this log - there are some problems to fix..

I ran a complete test today using the free version of AVG. It found the same Trojan virus downloader.dyfica.n and dyfica.s but seems to have healed it and moved it to the virus vault, where I'm going to delete it. Firstly I'm going to kick my boyfriend's arse as it was in an exe called freesex!! ;-) Talk about catching diseases LOL :-) Hopefully this will be the end of this nasty little trojan. If I'm wrong please post a reply. Cheers.

Xemus, Thanks for the advice, I will give those a try. Cheers. Iceblue, Now then, a blast from the punched card past!! Thanks for the detailed advice, I have been busy setting up an alternative system to get back up and running at work and have now brought the problem system home and will try to connect it to the net here. I'm now on my home PC. As soon as I get through your directions I will come back as requested and will look forward to hearing from you with your prognosis. Strange, there doesn't seem to be much info available on this one. One thing though, I have had some good recomendations to use 'Black Ice' in future. Have you any experience of this one or is it best to stick to Zone Alarm? Cheers for now. (Now my auto remembered pass-word keeps changing when I try to connect to the net on this one. Never stops does it!)