Custom Search
Join the PC homebuilding revolution! Read the all-new, FREE 200-page online guide: How to Build Your Own PC!
NOTE: Using robot software to mass-download the site degrades the server and is prohibited. See here for more.
Find The PC Guide helpful? Please consider a donation to The PC Guide Tip Jar. Visa/MC/Paypal accepted.
Results 1 to 2 of 2

Thread: Two Trojans Killing Me

  1. #1

    Two Trojans Killing Me

    I have two trojans. One is Troj ISTBAR and the other is Troj DESKTOPHI.B. I can manually locate the Troj DESKTOPHI.B, but it will not let me delete the file manually. Apparently, my access is restricted. I can't locate the other file and I've looked for hours. My HJT list is follows. Trend-Micro can't delete or quarantine the files. Spybot, Adaware and Spydoctor all have failed. This is so frustrating I'm ready to put my foot in my computer's hard drive.

    Logfile of HijackThis v1.99.0
    Scan saved at 3:58:20 PM, on 10/11/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\HPConfig.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\WINDOWS\System32\S3trayhp.exe
    C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Documents and Settings\Kenny Hardy\Desktop\FixBugb-1.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Kenny Hardy\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bengals.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [S3TRAYHP] S3trayhp.exe
    O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O23 - Service: HP Configuration Service - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
    O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    Please Help Me.

    Thanks

    SpecialK

  2. #2
    Join Date
    Jul 2002
    Location
    Minn
    Posts
    17,373
    Welcome to

    Did you run that log in Safe Mode or have you disabled a bunch of stuff in msconfig?? There is no sign of infection there, how did you determine that you are infected??

    There are a couple of things you can try, but more info would be good... If you disabled programs in msconfig, please do a Normal boot and post a fresh log from that.... Meanwhile:

    Please download, install, and update the NEW free version of Ewido trojan scanner:
    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    2. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    3. From the main ewido screen, click on update in the left menu, then click the Start update button.
    4. After the update finishes (the status bar at the bottom will display "Update successful")
    5. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
    6. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
    7. When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.


    Launch Notepad, and copy/paste the box below into a new text file. Save it as Export.bat and save it on your Desktop.

    CODE
    regedit /e HKCURun.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run"
    regedit /e HKLMRun.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Run"
    copy HKLMRun.txt + HKCURun.txt = Output.txt
    del /q HKLMRun.txt
    del /q HKCURun.txt
    notepad Output.txt
    del /q Output.txt


    Locate Export.bat on your Desktop and double-click on it. This will open Notepad with some text in it. Post that.

    Post the HJT log, the Ewido log and the Export.bat log... You will probably need to do that across several posts...
    Budfred ..... Caveat Emptor....

    Helpful links SpywareBlaster... HijackThis... ATF Cleaner...

    Post a complaint about malware here!!
    So how did I get infected in the first place??

    MS MVP 2006 and ASAP member since 2004...

    If you PM me for help, expect an irritated response... Post in the forum...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •