Is it safe to delete this Trjn?!

Viruses and worms
1

i ran i schedule boot time scan for an hour ago, and Avast! found an Trojano-522[trj] in the folder G:\windows\system32\06wu29rd.exe

(G:\ is my local hdd… C:\ i have another OS on… ;D)

the question is: is it safe to delete that file?! i know i can do nothing but to delete trojans(or move/rename) so my guess is, that im in really big trouble… :smiley:

waiting for expert help ;D

2

That file is part of the “ABetterInternet” adware. Also known as VX2, Binet, VX2.ABetterInternet, StopPop, stop-popup-ads-now.com, My PanicButton

Removing that file will not completely removed the infection. You also have to remove things from the registry and perhaps even more. leas post a HijackThis log here and let us have a look at it.

3

Allrighty then… i´ll just download HijackThis and then u can have the log… thx for your interest in helping me :slight_smile:

4

Here it is then:

5

Have a look HERE and fix everything that is marked as nasty. Than create a new log and let us again have a look. And please use the latest version of HijackThis 1.98.2 since 1.98.0 has some issues. You can get it from HERE

6
Have a look HERE and fix everything that is marked as nasty.
FIX.. what do you mean by fix?! Delete?! please define FIX...

and the file that is infected, can i delete that or what did you say?

thx for the support… you are gr8! ;D

7

I mean “fix” cause that is what it is called in HijackThis.

8

OKay then… one more question: Fix(repeating myself eeh? ;D) what do you mean by FIXXXXXXXX… how do i FIXXX a file… ???

9

yes. i am a newbie… ;D and i just found out what you meant… sorry… :slight_smile:

10

Run HijackThis, put a checkmark in front of the things reported on the site I gave as being nasty, then click on “fix checked”, rbeoot after doing so.

Then create new log with HijackThis and post it.

11

yup… i did what i was told. SIR… ;D

well… it seems like this little fellow:

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

(and yes, it is copied from the txt file, it is listed 5 times :))
those files just wont disappear, i´ve tried several times, to “fix” them, but they wont get away… so, here is the log…:

12

Those things are Winsock hijackers, that can be fixed with LSPFix.

13

Yeah… lets download that for windows XP… Ooh no… somthing appeared… its a box that is telling me:

File Requested does not exist, download aborted.
URL: Http://members.shaw.ca/techch/winsockXPfix.exe

and i dont think i repair utility for windows 95/98/WME would fit XP right…

the link doesnt work… ??? sp what do i do?!

14

I don’t know how you got to that URL, but that is not the one I gave you to get lspfix. http://www.cexx.org/lspfix.zip is the one you need. The correct link is at about 1/3 from the top of that page on the left site. :wink:

15

the signature you have, i pressed it and pressed a link to lspFix and i got into that site and just pressed: “LspFix for XP”. i dont know how i got that URL too, but thanks for the correct link. i have an internet download speed tester that tells me that all the FTP sources with LspFix on cexx.org are “almost dead”(running 1kb/s or so) hehe… so its gonna take a while…