I have a dwn.exe trojan

I have a Trojan on my computer listed as program - dwn.exe(Trojan)

Risk name - Trojan Win32.Generic!BT by my antivirus program.

It keeps trying to open every few minutes and is at poresent being stopped from opening and quarantined. Have run numerous scans quarantined and also tried deleting, but always comes back.

Please help

Thanks

Please attach your logs. (MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

Hi,

here are the logs as requested first one aswMBR

second log

otl log 3 0f 3

thanks

Could you re-run OTL again after this as the registry section was missing

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]
:Files
C:\Users\Sue Sheppard\AppData\Local\Temp\mdi464.dll

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Hi,

Here is the last OTL log scan produced after running your fix.

thanks

I now have another problem with my computer after running the fix on the Trojan.

Has worked and got rid of the Trojan so thanks for that but now have another small issue.

When Windows stats up - it takes a long time and it says

Windows has a problem starting C:\Users\SUESHE-1\AppData\Local\Temp\mdi444.dll
The specified module could not be found

Eventually I am able to click OK on this error box and it disappears. Windows does then seem to work properly.
As above it takes about 5 minutes for this to be ok.

Can you please advise on this

Thanks

Sorry Essex,

I see 2 initial issues as of right now:

  1. You have a P2P program currently installed (BitComet).
  1. You have at least 2 Anti-Viruses currently installed

VIPRE
Avast!

Choose one and remove it.

Avast!: http://www.avast.com/uninstall-utility
VIPRE: http://kb.threattracksecurity.com/articles/SkyNet_Article/How-to-Uninstall-VIPRE-Antivirus-and-VIPRE-Internet-Security/?l=en_US&fs=Search&pn=1

Ok I have uninstalled Avast and Bit comet and rebooted the system.

That issues with windows on previous post still there though

Thanks

Now that the registry is visible I can remove the last elements

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No CLSID value found.
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKCU..\Run: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\SUESHE~1\AppData\Local\Temp\\mdi464.dll,runme File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found

:Files
C:\Program Files (x86)\Mobogenie
C:\PROGRA~2\SearchProtect

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks very much to all who have helped my computer is now fixed

Much appreciated :wink:

Run OTL and press the cleanup button to remove it

Apologies for missing sending the last log,

I have Run OTL and pressed the cleanup button to remove it.

Should I do another scan now and send another log?

Thanks

As long as you are happy there is no need :slight_smile: