My Avast keeps notifying me that i have trojans on my computer and i have put them all in the chest. Some are ones i thought i had gotten rid of and some are new. I have no idea what to do now
heres a list of some of them
Win32:ABC-trj
Win32:Zlob-ZK 5 of them
Win32:Zlob-TC
Win32:Zlob-ZW 2 of them
Win32:Zlob-UR 2 of them
Win32:Zlob-ZZ
What you don’t mention is there location and infected file names, (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
It looks like you have got either a hidden or undetected trojan downloader on your system.
What is your firewall, it should be capable of blocking unauthorised outbound Internet Connections ?
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
- If using winXP SUPERantispyware On-Demand only in free version. Or AVG anti-spyware (formerly Ewido) Resident scanner during trial On-Demand after trial ends. Or Spyware Terminator Resident scanner. Or a-Squared free On-Demand only with free version(if using win98/ME).
Hi, let’s see what we can do. Added to what DavidR has posted.
Download superantispyware
First update SAS Then
Under Configuration and Preferences, click the Preferences button.
Then click the Scanning Control tab.
Under Scanner Options make sure the following are checked
- Close browsers before scanning
- Scan for tracking cookies
- Terminate memory threats before quaranine.
leave the others unchecked.
Return to the main page by clicking close on that screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive.(and other fixed drives)
Under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan.
When the scan is done, quarentine everything found . Reboot if asked. You can post the log in your next reply if you wish.
Click here to download HJTsetup.exe
[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
C:/System Volume Information/_restore{21D7D692-4662-421F-93B0-877BC3820711}-/RP1 to most of them and some have C:/Program Files/Video ActiveX Access
I have windows firewall and thanks a lot for helping me
You may be luck. Turn off system restore and reboot your computer. The file you posted is a system restore point. When you reboot all the restore points will be removed.
Hi
After clearing the restore points, boot into safe mode, in your usual user account, not the administer account.
Open the Folder Options in the Control Panel. On the View tab make sure Show Hidden Files and Folders is checked and Hide Protected Operating System Files is not checked. Click OK.
Go to C:\Program Files and delete the entireVideo Access ActiveX Object folder.
Reboot to normal windows.
post a HJT log.
Sorry I forgot to say welcome to the forum. :-[
And sorry about the split instructions above, got interupted and posted it before I was done.
Turn system restore back on. A leaky boat is better than no boat at all.
Create a new restore point
You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point.
Run SAS as I posted above. It may pick up anything left. Post that log and a new HJT log with your next reply.
Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
- There are many freeware firewalls such as, Comodo, PCTools Firewall Plus, Jetico, etc. Many forum members (not myself) are using Comodo firewall.
See http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php.
Welcome to the forums.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/17/2007 at 11:14 PM
Application Version : 3.9.1008
Core Rules Database Version : 3342
Trace Rules Database Version: 1343
Scan type : Complete Scan
Total Scan Time : 05:37:45
Memory items scanned : 384
Memory threats detected : 2
Registry items scanned : 4077
Registry threats detected : 10
File items scanned : 115435
File threats detected : 74
Trojan.Downloader-LDCORE
C:\WINDOWS\SYSTEM32\LDCORE.DLL
C:\WINDOWS\SYSTEM32\LDCORE.DLL
Trojan.WinFixer
C:\WINDOWS\SYSTEM32\MLJJJ.DLL
C:\WINDOWS\SYSTEM32\MLJJJ.DLL
HKLM\Software\Classes\CLSID{525EC465-1FBA-47E6-9484-5C069EA98EC0}
HKCR\CLSID{525EC465-1FBA-47E6-9484-5C069EA98EC0}
HKCR\CLSID{525EC465-1FBA-47E6-9484-5C069EA98EC0}\InprocServer32
HKCR\CLSID{525EC465-1FBA-47E6-9484-5C069EA98EC0}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID{52CAF739-D10B-43F8-9631-B3541C497D11}
HKCR\CLSID{52CAF739-D10B-43F8-9631-B3541C497D11}
HKCR\CLSID{52CAF739-D10B-43F8-9631-B3541C497D11}\InprocServer32
HKCR\CLSID{52CAF739-D10B-43F8-9631-B3541C497D11}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{525EC465-1FBA-47E6-9484-5C069EA98EC0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{52CAF739-D10B-43F8-9631-B3541C497D11}
Adware.Tracking Cookie
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@statse.webtrendslive[1].txt
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@ad.yieldmanager[2].txt
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@html[2].txt
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@revsci[2].txt
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@2o7[1].txt
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@tacoda[2].txt
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@interclick[2].txt
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@advertising[2].txt
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@www.burstnet[1].txt
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@burstnet[2].txt
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@atwola[1].txt
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@doubleclick[2].txt
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@atdmt[1].txt
C:\Documents and Settings\John.AARON-FFF79CF13\Cookies\john@bizrate[1].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@2o7[2].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@2o7[3].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@ad.yieldmanager[1].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@adrevolver[1].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@adrevolver[2].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@advertising[2].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@atdmt[1].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@atwola[1].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@doubleclick[1].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@fastclick[1].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@go.drivecleaner[1].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@msnportal.112.2o7[1].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@realmedia[2].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@revsci[1].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@stats.drivecleaner[2].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@tripod[1].txt
C:\Documents and Settings\Kaiko\Cookies\kaiko@zedo[2].txt
C:\Documents and Settings\Kaiko.AARON-FFF79CF13\Cookies\kaiko@ads3.think-adz[2].txt
Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\KAIKO\FAVORITES\ONLINE SECURITY TEST.URL
Trojan.Downloader-AUPD
C:\DOCUMENTS AND SETTINGS\KAIKO.AARON-FFF79CF13\LOCAL SETTINGS\TEMP\AUPD.EXE
Adware.ZenoSearch-NVON
C:\DOCUMENTS AND SETTINGS\KAIKO.AARON-FFF79CF13\LOCAL SETTINGS\TEMP\T0CHD001.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP85\A0009462.EXE
C:\WINDOWS\SYSTEM32\DWDSRNGT.EXE
Trojan.ZenoSearch
C:\DOCUMENTS AND SETTINGS\KAIKO.AARON-FFF79CF13\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WH8VOJS7\DQ[1].EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP85\A0009463.EXE
Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1560OINADMIN.EXE
C:\PROGRAM FILES\COMMON FILES\YAZZLE1560OINUNINSTALLER.EXE
Trojan.Downloader-Gen/Insider
C:\PROGRAM FILES\INETGET2\INSTALLEUR.EXE
Trojan.Downloader-Gen/WinAble-Installer
C:\PROGRAM FILES\TEMPORARY\WININSTALL.EXE
Adware.WinUpdates
C:\PROGRAM FILES\WINUPDATES\A.TMP
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP56\A0003320.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP59\A0005866.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP72\A0006124.EXE
Adware.AdRotator/RightOnz
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP46\A0002091.DLL
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP53\A0002236.DLL
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP72\A0007451.DLL
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP72\A0007676.DLL
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP72\A0007679.DLL
Adware.webHancer
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP53\A0002197.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP53\A0002199.DLL
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP54\A0003308.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP54\A0003310.DLL
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP54\A0003311.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP58\A0003336.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP58\A0003338.DLL
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP72\A0007432.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP72\A0007444.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP85\A0009466.DLL
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP85\A0009467.DLL
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP85\A0009468.EXE
Malware.VirusProtectPro
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP67\A0005946.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP85\A0009472.EXE
Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION_RESTORE{ECF6C83E-2E23-416D-882D-1EDBE4AAEB92}\RP83\A0009404.EXE
C:\WINDOWS\B147.EXE
Trojan.Downloader-Gen/Installer
C:\WINDOWS\B122.EXE
Adware.Vundo-Variant/Small
C:\WINDOWS\SYSTEM32\GEBABYV.DLL
Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WINPFZ32.SYS
Adware.Unknown Origin
C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG
Please post a new HJT log. SAS found and removed a lot of things.
Did you remove the folder “Video Access ActiveX Object”?