hijacked again???

Hi I think im being hi-jacked….my computer freezes up on me within 5 mins….i have avast anti-virus but it doesn’t work……the internet is severly slow….can a virus travel between two computers……in this case my upstairs neighbor is sharing internet with me but were not on a network. Even mozilla firefox wont let me stay connected to the internet for more than two mins…….not long enough to use a online scanneri booted into safe-mode and scanned my system with avast virus cleaner….nothing……I cant afford to have my computer formatted again……chirstmas……so what should I do? My computer wont stay on more than 5 mins then it freezes!!! Im typing this message on Microsoft word and pasting it into the box……my hijack this log is attatched….please have a look and reply asap! Sometimes I get a “run time error” ill post it as soon as I can get the name of the error…….but after that my computer freezes compleately and I have to reboot again……any suggestions???

Logfile of HijackThis v1.99.1
Scan saved at 9:38:21 PM, on 12/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\FONTS\LSASS.EXE
C:\PROGRAM FILES\HILOA\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM..\Run: [SystemTray] SysTray.Exe
O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM..\Run: [LoadQM] loadqm.exe
O4 - HKLM..\Run: [WFIPS] C:\MY DOCUMENTS\MY EBOOKS\IP HIDER\IPHIDER[1]\IP HIDER.EXE -autoboot
O4 - HKLM..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM..\Run: [WindowsUpdate] C:\WINDOWS\FONTS\lsass.exe
O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM..\RunServices: [WindowsUpdate] C:\WINDOWS\FONTS\lsass.exe
O4 - HKLM..\RunOnce: [WindowsUpdate] C:\WINDOWS\FONTS\lsass.exe /RunOnce
O4 - HKLM..\RunServicesOnce: [WindowsUpdate] C:\WINDOWS\FONTS\lsass.exe
O4 - HKCU..\Run: [BPK] C:\PROGRAM FILES\000000000000000\BPK.EXE
O4 - HKCU..\Run: [warez] “C:\PROGRAM FILES\WAREZ P2P CLIENT\WAREZ.EXE” -h
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/126ca708857675bf5806/netzip/RdxIE601.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

Your computer is infected by a worm and by spyware, possibly other things as well.

You will need to download some programs onto a CD somewhere- a clean up tool kit. As a bare minimum, Trend Micro Sysclean, Ad-Aware (plus definitions), Spybot Search and Destroy (plus definitions), CWShredder and WinsockXPfix, plus the definitions file for your AV.

Download link:

http://www.trendmicro.com/ftp/products/tsc/sysclean.com

Download both Sysclean and the latest definitions (Pattern files).

http://www.trendmicro.com/download/pattern.asp

Unzip the file and move Sysclean to the same folder and run from there.

It’s normally possible to copy Sysclean to the HD, reboot into safe mode and scan.

After this see if your AV is working. Update (from the definitions file if necessary) and run a boot time scan.

Then install (if you haven’t already) Ad-Aware and Spybot, update (from the definitions file if necessary) and run a scan.

Run a scan with CWShredder.

(Run WinsockXPfix only if your internet connection has now gone.)

Your log file seems incomplete, I don’t see avast there ;D ;D only AVG.

Perhaps it is time to make the leap to avast as I did a over 18 months ago, I haven’t looked back from when I switched from AVG and you can’t fault the help you get on the avast! Support Forums ;D

:slight_smile: The HighjackThis log you posted in these forums in early
Nov differs quite a bit from the one you are now posting,
particularly in the reduced number of “running processes”
which implies the latest one was run while in “Safe Mode” ;
was it ? A Safe-mode run HighjackThis scan is NOT very
useful; can you run it in “regular” mode !?
I see you still have Win 98 and “Dogpile” does not seem
to be on your computer !?
And I see NO antiSPYWARE program on your computer,
even though there are good & FREE ones like Ad-Aware &
Spybot available.
The best HighjackThis Experts are on antiSPYWARE forums
and I recommend you seek assistance at
www.landzdown.com .

Okay i got everything stablized for about 14 days…so herers the full story…ive always trusted avast…ive always used avast…but when i tried to use the registration key avast e-mailed to me it wouldn’t work…so i contacted avast and asked them for a new one…that was like a moth ago now…still no reply. Second…I found out what the trojan is that is terrorizing my system…it came up as Backdoor.Mosucker.L …i was actually able to use bitdefender to scan my comuter…but it didnt remove it…i doenloaded a “trojan horse remover” it seemed to get rid of it but it keeps coming back…it in my registry and none of the AV picked it up (besides bitdefender…but it failed to remove it) third i downloaded a free trial of zone alarm suite onto my computer…it has everything stableized for now…its only a 15 day trial (darn this would be a good time to have a credit card…lol) the culprit trojan keeps trying to access the internet…but zone alarm wont let it (yessssss!!!) but im only protected for another 14 days.:frowning: I just need a tool that wil let me delete this nasty lil bugger so i can move on with my life…lol. I will do a hijack this scan not in safe mode…wow that trojan wouldnt let me do anything!!! now i can…so ill get right on it!!! :slight_smile:

Logfile of HijackThis v1.99.1
Scan saved at 12:18:42 PM, on 12/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\FONTS\LSASS.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ZONELABS\ISAFE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HILOA\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM..\Run: [SystemTray] SysTray.Exe
O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM..\Run: [LoadQM] loadqm.exe
O4 - HKLM..\Run: [WFIPS] C:\MY DOCUMENTS\MY EBOOKS\IP HIDER\IPHIDER[1]\IP HIDER.EXE -autoboot
O4 - HKLM..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM..\Run: [WindowsUpdate] C:\WINDOWS\FONTS\lsass.exe
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM..\RunServices: [WindowsUpdate] C:\WINDOWS\FONTS\lsass.exe
O4 - HKLM..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM..\RunServicesOnce: [WindowsUpdate] C:\WINDOWS\FONTS\lsass.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/126ca708857675bf5806/netzip/RdxIE601.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37480.cab

This os where that nasty thing is hiding…C:\WINDOWS\FONTS\LSASS.EXE

Oh and when i had my computer re-formatted the guy put AVG as my AV rolls eyes

You shouldn’t have to ask support for a new registration key, register again and use a different email address and you will automaticaly be sent an email with the registration key.

doenloaded a "trojan horse remover"
Which one?
the culprit trojan keeps trying to access the internet...but zone alarm wont let it
What is its name file name and location, etc.

This is one to definitely fix
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab

Do you know what this is?
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll

For an on-line analysis - HiJackThis Log file - On-line Analysis
OR HiJackThis Log file - On-line Analysis 2

Yes you should also get rid/fix of the references to C:\WINDOWS\FONTS\lsass.exe
O4 - HKLM..\Run: [WindowsUpdate] C:\WINDOWS\FONTS\lsass.exe
O4 - HKLM..\RunServices: [WindowsUpdate] C:\WINDOWS\FONTS\lsass.exe
O4 - HKLM..\RunServicesOnce: [WindowsUpdate] C:\WINDOWS\FONTS\lsass.exe

Trojan Remover (for that was the one) has no track record- a far better bet is a-Squared.

Now you have two active AV’s- AVG and Zone Alarm Secuirty Suite. This is not a good idea. Decide which AV you want to use and use one only. ZA firewall (free) will work with AVG or avast!

To clean your computer, run Sysclean, Ad-Aware and Spybot Search & Destroy. Decide which AV you want and remove those you don’t. Install ZA Free firewall. Update your AV and run a scan. Scan with a-Squared. Follow these steps and your computer should be 99% malware free. Then is the time to check with Hijack This!

These scans should remove the crap David is trying to help you with now, saving him the trouble! :wink:

:slight_smile: I also recommend you uninstall that “P2P” program and
install in its place the “safer” “Shareaza” available from
www.shareaza.com .
And this looks like a good time to remove ( uninstall, etc )
AVG , as has been suggested by others .
The site for A-squared “free” edition is :
www.emsisoft.com/en/software/free

I did uninstall AVG! Like 50times!! But the guy who formatted my computer, made a D drive and a program setup thingy for AVG is in there. I’m not a big fan of Zone Alarm because it always cuts my internet off for long periods of time!! I just want to ged rid of this pest for a trojan and get avast set up! i will do all the stuff yuo told me to do. Ummm that Trojan horse remover is one that my friend sent me its juat called “trojan horse remover” Anyways i uninstalled it from my computer because it wasnt helping me much. It doesn’t matter how many times i erase this thing it keeps coming back!!! And it keeps setting itself to strart up when i reboot…I removed it from the start-up menu but it made another copy of itself. I’m scared to try to erase it becuase i think its in my registry and it might mess up my system. But i will try what i was told to do and i will post another hijack this log soon.

Is AVG still installed and working?

If it is, I suggest you leave it, uninstall ZA security Suite and install ZA Free firewall.

After you system is clean you can get some advice about removing AVG and installing avast!

Okay now my computer has gone CA’PUT!!! Every program seems to be causing an illegal operation! I got rid of the trojan using AVG (I had to re-install it) But now my computer won’t connect to the internet at all!!! so what am i supposed to do now? Im using a library computer right now!! I downloaded sysclean But my computer decided to act up just as i was trying to download the path files…sigh…im so frustrated rightnow!!! But i will make an effort to come back here tomorrow and hopefully see if there is any new info! Oh and I uninstalled ZA suite it was bieng a pain the behind!!!

Your best bet is to download Syclean plus Pattern files on another computer: unzip the Pattern Files and move sysclean to this folder. Burn the folder to a CD.

On the infected computer, try to copy the folder onto the HD- then reboot into safe mode and run Sysclean.

You will get a warning about running the program in safe mode: ignore this. You will not cause damage by running sysclean in safe mode.

:slight_smile: Sometimes when you remove a piece of malware, it will
cause you to lose your internet connection. The solution,
since you have Win 98, is to have a copy of LSPFIX on a
CD that you can then use to “restore” your connection.
This program is available from either :
1) www.cexx.org/lspfix.htm
2) www.spychecker.com/program/lspfix.html
Right now it appears you have to download that program
from a computer that can connect to the net onto a CD.
You would have less problems if you would seek
assistance of your malware ( not virus ) problems from
experts on an antiSPYWARE forum as I suggested earlier.

Well I re-formatted my computer…But there is still a problem!!! It still won’t connect to the internet!! It says I need to install my modem…But it is installed!!! And when I try to install IE from a CD I get an error message and then it won’t start up!!! and besides i dont know any other spyware forum…

Well, this does not seem an infection symptom…
Maybe Windows is not recognizing your modem. Can you post the name of the manufacturer, the model, etc.?
Do you have a manual of this modem?

Or did it come with a CD which has drivers on it. Just because the modem is fitted doesn’t mean it is installed. You could try to find System (my computer right click) Properties, Hardware, Device Manager, Modems and reinstall the driver or check and see if there are any problems listed.

It doesn’t say what kind of modem it is…I open the case up and I cant seem to know where to look. Can someone please tell me where to look? My computer model is VIA Technologies model…V8…I cant remeber the rest…but you get the idea…ill look it up on google…