I need help removing trojan.pandex

Hello,

Is there someone who can help me remove trojan.pandex from my system?

I am running Spyware doctor with antivirus. I do not know what other information you need from me. My OS is Windows xp. I ran a hijack this scan but it exceeds the allowed length for this message.

Thanks!

You can attach it as a text file or split over several posts.

attached is the hijack this log file.

thanks

First try a boot time scan with avast! Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested.

These entries are bad. If they’re still there after the scan, run HijackThis! again, tick the entires, close all other windows, click ‘fix’ and reboot into Safe Mode and find and delete the files.

O2 - BHO: (no name) - {BD962BAB-F429-460F-805B-B137087AB623} - C:\WINDOWS\system32\qoMfgGvs.dll

O20 - Winlogon Notify: qoMfgGvs - C:\WINDOWS\SYSTEM32\qoMfgGvs.dll

O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll

If that fails to work, ComboFix seems to work well against these sorts of infection:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ask for detailed instructions if you need them.

thanks Frank. I will try your suggestions and let you know how they turn out or if I need additional help.

Hi Frank, I tried your recommendations several times except the last one (can’t remember the name of the program) because it is way too complicated for me. They also ask for some program on the os disk that mine doesn’t have. Meanwhile, I purchased and received an new laptop because the old one was getting old so instead of hooking up a link between the 2 laptops, I am putting all my files from the old computer onto disk and then uploading them to the new computer. I think I will then scrub the old one clean and see what happens.

Thanks for you advice and assistance.

  1. Temporarily disable System Restore (Windows Me/XP).
    You must have an Administrator Privilege to be able to disable System Restore on Windows XP.

a. On the Desktop, Right Click on My Computer
b. Select the System Restore Tab
c. Mark the “Turn Off System Restore” to disable and UnMark to Enable
d. Click Apply on the Bottom of the Dialog Box to save the settings.
e. A message “This deletes all existing restore points” will appear, click Yes to disable.
f. Click OK.

  1. Download DrWebCureIT from here: ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe

  2. After downloading, browse where the file was saved and double click launch.exe to install it.

  3. Reboot your computer in SafeMode
    Starting computer in SafeMode was useful when troubleshooting computer problems by limiting the resources it loads.

a. During BootUp process Press F8 continuously until selection appears
b. Use Arrow Up+Down to select SafeMode on the selections menu.
c. Hit Enter to proceed.

  1. Run DrWebCureIT and do a full scan of your computer. Delete all infected files.

  2. In order to make sure that the threat is completely eliminated from your computer,
    carry out a full scan of your computer using Antispyware Software like Malwarebytes:
    http://www.malwarebytes.org/mbam/database/mbam-rules.exe

polonus

Thanks Polonius! I will try this and let you know how it turns out!

holy crap I think it worked!!!

I followed your steps and I just ran a full scan with spyware doctor and it came out clean.

Thanks Polonus!