Trojan I can't find to get rid of

November 13, 2005 at 17:30:45
Specs: i don't know, i don't know

I can't get rid of it. Spy Sweeper detects it, and deletes it, but it's still there. It won't let me use my norton antivirus. I can't get into anything that uses a password.
HKLM\software\microsoft windows\currentversion\run\mcrss

and

HKU\S-1-5-21-1304732218-1455911604-3280316032-1009

Trojan-backdoor-securemulti_1

I've been trying to find anything on this and I can't. Does anyone know a way to get rid of this. thanks.

Chris and Wina


See More: Trojan I cant find to get rid of

Report •


#1
November 13, 2005 at 17:39:46

Chris, Run this free online scan from Panda

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it.

Download Ewido Security Suite then set it up this way Ewido Setup Instructions reboot into Safe Mode and run Ewido

When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop in case you need it later.

Please reboot into normal mode and post the ewido log.

Both logs would be helpful.


Report •

#2
November 13, 2005 at 19:49:52


Incident Status Location

Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:adware/need2find No disinfected C:\PROGRAM FILES\Need2Find
Spyware:spyware/altnet No disinfected Windows Registry
Adware:Adware/Need2Find No disinfected C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL
Adware:Adware/Need2Find No disinfected C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\1.hosts
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\2.hosts
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.msn
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\geebc.dll


Chris and Wina


Report •

#3
November 13, 2005 at 20:14:26

Chris,You have vundo and or winfixer download SpySweeper from this link http://www.spywaredb.com/remove-win32-vundo-522752trojan/

Choose download SpySweeper from this line:

Delete Win32/Vundo.522752!Trojan automatically >>> Get PestPatrol or Download SpySweeper at the above link and run it.

Then download and run ccleaner to clean out all your temp files. Make sure there is not anything in the recycle bin that you need as ccleaner will delete recycle bin items unless checked not to do so.

Then run ewido from safe mode and post it's log.


Report •

Related Solutions

#4
November 14, 2005 at 04:18:05

We did all that, acouple of times, got lots of virus's. No virus comes up now, but we still can't use the computer to get into our sites, or to get into Norton Antivirus. We tried to uninstall norton but it won't let us. comes up with error report. And we can't get into ipconfig either.


Chris and Wina


Report •

#5
November 14, 2005 at 06:16:56

Nope, got more virus's. Here is the report. I still get "Can't display this page" when I go into any password site.


ewido security suite - Scan report


+ Created on: 7:00:08 AM, 14/11/2005
+ Report-Checksum: E54587DB

+ Scan result:

C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup


::Report End

Should I just go to System Recovery.

Chris and Wina


Report •

#6
November 14, 2005 at 16:50:28

I didn't fully read all posts but maybe in the process of trying to clean your computer up some files got corrupted. Try System Restore or if all fails you might have to re-format your computer.

Report •

#7
November 14, 2005 at 19:18:21

Chris, You host file may be damaged. Download this tool Hoster, to a floppy or cd if you have to, but to the desktop if you can.Then install it and click "restore original host".

Next run the panda scan again and post the results.

Then download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.

Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.


Report •

#8
November 20, 2005 at 04:49:53

i have the same problem on my computer
i cant get into any website that needs a password
hotmail, msn, ebay,internet banking all dont work
we have tried everything to get rid of it
oh and we cant get into norton either


Report •

#9
November 20, 2005 at 11:41:04

Owen, If you'll start a new thread maybe someone will see you post and help you find the cause of the problem. The only reason I saw you post was that I thought chris had responded to the post.

Report •


Ask Question