Trojans won't go away!

Computing.Net > Forums > Security and Virus > Trojans won't go away!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Trojans won't go away!

Name: marders
Date: July 29, 2007 at 10:09:37 Pacific
OS: xp home
CPU/Ram: celeron 512
Product: hp

Comment:

My PC is running slow and AVG constantly detecting and healing the same viruses (Kolweb.G / Downloader.Generic4.ZQI / Collected.11.B / SHeur.ZQ / Downloader.Generic5.QB)
I have a hijackthis log if required. thanks

Sponsored Link

Ads by Google

Response Number 1

Name: XpUser4Real
Date: July 29, 2007 at 10:19:54 Pacific

Reply:

where are those files located?
I'm not sure if anyone is qualified to read your HJT file here anymore...the resident helper seems to have moved on.
Some Help in Posting a Message in computing.net
Hopefully my advice will help you...Please post back with your results as it wi

Response Number 2

Name: marders
Date: July 29, 2007 at 10:38:11 Pacific

Reply:

those files are generally coming up in temporary internet folders (C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5). also notice that they reliably come about when I open firefox but not so much using IE. where can i get help from if the experts here have gone awol?? thanks

Response Number 3

Name: XpUser4Real
Date: July 29, 2007 at 11:08:21 Pacific

Reply:

If they are located in your temp files, check out the cleaners on my signature, if you rescan after cleaning and the problems are gone, set a new system restore point.
If they are still there after the scan, you'll have to turn off system restore after cleaning and turn it back on after the problem is gone
That should get you going.
Good Luck
Some Help in Posting a Message in computing.net
Hopefully my advice will help you...Please post back with your results as it wi

Response Number 4

Name: marders
Date: July 29, 2007 at 11:15:47 Pacific

Reply:

thanks, the link in your signature isn't working... i just use AVG is that ok to clean?

Response Number 5

Name: ScoobyDoo
Date: July 29, 2007 at 11:18:30 Pacific

Reply:

If you dont have it. Download CCleaner from CCleaner.com .
Disable System restore and reboot your computer. (This will remove all restore points.)
Run CCleaner. (This will delete temp files and cookies, run weekly)
Go here and run this online scan:
BitDefender : http://www.bitdefender.com/scan8/ie...
Re-enable System Restore and create a restore point.
You may like a program called Advanced WindowsCare Personal V2. It's for daily maintanaince. Only takes a few minutes.
http://majorgeeks.com/Advanced_Wind...

windows update icon won't go away office live pop up won't go away hp update window won't go away	outlook paragraph symbol won't go away office live pop up won't go away adobe updater won't go away
See More

Response Number 6

Name: XpUser4Real
Date: July 29, 2007 at 11:30:54 Pacific

Reply:

sorry, I must've made a mistake making the link...it's fixed now and when you get there click on free programs...sorry for the inconveience
Some Help in Posting a Message in computing.net
Hopefully my advice will help you...Please post back with your results as it

Response Number 7

Name: MrExacta
Date: July 30, 2007 at 20:04:52 Pacific

Reply:

I can take a look at your HijackThis Logs. Download the following programs:
HiJackThis:
http://myweb.cableone.net/sterbat/a...
Spybot:
http://myweb.cableone.net/sterbat/a...
Killbox:
http://myweb.cableone.net/sterbat/a...
WinsockxpFix:
http://myweb.cableone.net/sterbat/a...
VirtumundoBegone:
http://myweb.cableone.net/sterbat/a...
Reboot into safe mode and run HijackThis, post your log into this thread.
MrExacta -`

Response Number 8

Name: marders
Date: August 3, 2007 at 15:12:28 Pacific

Reply:

Thanks for taking a look into this...
Do I need to run any of these other programs?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:01, on 03/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Microsoft Windows Firewall] firewall.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\obeybtou.dll",forkonce
O4 - HKLM\..\RunServices: [Microsoft Windows Firewall] firewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Kerio\Personal Firewall 4\kpf4ss.exe
--
End of file - 3766 bytes

Response Number 9

Name: marders
Date: August 3, 2007 at 16:13:14 Pacific

Reply:

Thanks for taking a look into this...
Do I need to run any of these other programs?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:01, on 03/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Microsoft Windows Firewall] firewall.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\obeybtou.dll",forkonce
O4 - HKLM\..\RunServices: [Microsoft Windows Firewall] firewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Kerio\Personal Firewall 4\kpf4ss.exe
--
End of file - 3766 bytes

Response Number 10

Name: marders
Date: August 7, 2007 at 14:24:26 Pacific

Reply:

Been tryna sus this out and was wondering if this line is dodgy?
Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Response Number 11

Name: XpUser4Real
Date: August 7, 2007 at 15:13:33 Pacific

Reply:

Send MrExacta a PM.
Looks like he asked you for your log and then deserted this post.
Some HELP in posting on Cnet plus free progs and instructions
Hopefully my advice will help you...Please post back your result

Sponsored Link

Ads by Google

Unallowed access, wireles...

safe password

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Trojans won't go away!

Viruses Won't Go Away

Summary

www.computing.net/answers/security/viruses-wont-go-away/17340.html

boxsexitbags won't go away

Summary

www.computing.net/answers/security/boxsexitbags-wont-go-away/12101.html

Virus won't go away

Summary

www.computing.net/answers/security/virus-wont-go-away/26970.html

From the Geek Dictionary
electronics - any instrument that performs computations and/or uses electricity

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
How do I select newly inserted rows?

list being populated in add and remove

vcdcutter key for windows vista

network connection problem

Why Additional Domain Controller

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE