HELP!! I am also having problems with Win32.TratBHO [trj]

Viruses and worms
1

hi all…
I am also having problems with Win32.TratBHO [trj]; avast detects it but cannot remove it because it says that ‘the file is in use’… can you help me plz??? I downloaded HJTInstall.exe and scannned system and proceeded to copy the info.

[I tried to post the log info here, but there is a limit of 10000 characters…can you imagine? ]

How can I get this info to you??
PLZ help!!!

CAN YOU HELP ME ?!?!?!?!
thank you for your time…
jeff ferris

2

please remove your email address or you will get swamped in spam.

Attach the logs using the additional options button on the reply page, scroll down so you can see the browse button.

3

here is the log:

4

It looks like you have AVG7 installed along with avast, please uninstall it. 2 avs are not better than one.

Please delete the shortcut for hijackthis from your desktop. We will make another. We need to rename hijackthis to make the vundo visible.

Open windows explorer and navigate to this folder

C:\Program Files\Trend Micro\HijackThis

in the right hand panel find hijackthis.exe right click it and select rename. Type in the new name bugs.exe Left click the screen near the file, make sure the new name is there, Right click it and highloght send to, select Desktop(create shortcut). Close windows explorer.

Open HJT (bugs), run a system scan only, check mark these lines if present

O4 - HKLM..\Run: [d491dada] rundll32.exe “C:\WINDOWS\system32\htgmtwxn.dll”,b
O4 - HKLM..\Run: [BMd7a2e946] Rundll32.exe “C:\WINDOWS\system32\phvkbeil.dll”,s

Close all other browsers/windows, click fix, close HJT.

When you download this next program, please rename as in the images

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop

[]Please, never rename Combofix unless instructed.
[]Close any open browsers.
[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.

[*]Close any open browsers.
[*]WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
[]Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[]If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

[*]Double click on combofix.exe & follow the prompts.
[*]When finished, it will produce a report for you.
[*]Please post the “C:\ComboFix.txt” along with a new HijackThis log for further review.

Note: Do not mouseclick combofix’s window while it’s running. That may cause it to stall

5

Ok, I uninstalled AVG, but I keep getting messages to the effect that it is still SOMEWHERE on my laptop…so I went into the control panel and tried to uninstall it again, with no luck. I get the following message: ‘Installation failed: Installer initialization failed due to following error:
Error: Initialization of the language file “C:\Program Files\Grisoft\AVG Free” failed.
General failure.’
Any tips on what to do about that???
Will that even have any effect on the rest of the process?

6

It might.

Try uninstalling in safe mode, this from the avg forum on how to remove avg when uninstall fails.

  1. download the latest version of AVG Free and save it to you desktop.

Boot into safe mode.

2.Navigate to where you saved the AVG7Free Installation file that you just downloaded.

  1. Click on the AVG7Free Installation file
    …At the welcome dialog box Click Next
    …Click to Accept the Licence
    …on the Acceptance notice, Click Accept
    on the next dialog box AVG will Check the system status
    Next you will see a dialog box with 3 options
    …Select Uninstall product and Click Next
    …When prompted, Select Remove user settings
    …Select Include objects in Virus Vault
    …Click Yes
    …Click Ok
    …Restart computer

  2. …Please Check to see if these exist,
    A. … Navigate to C:\Program Files\and highlight the folder named Grisoft and hit the delete key.

B. …In Windows XP Navigate to C:\Documents and Settings\All Users\Application Data and highlight the folder’s named Grisoft, and AVG7 and hit the delete key you may find that there is only one folder and not two.

here’s a download link
http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=aff