computer has Win32 Trojan-gen
i can us spybot, adaware, and avast but it comes back as soon as i hook up my cable modum. I have used hijackthis but i dont know what to do with the results. please help
computer has Win32 Trojan-gen
i can us spybot, adaware, and avast but it comes back as soon as i hook up my cable modum. I have used hijackthis but i dont know what to do with the results. please help
Click on the link in my signature and visit the HJT section.
It has all you need (to know) about HijackThis
But I suggest you 1st visit the MS update site and make Windows, IE and Office up-to-date.
Your system is very much outdated and therfor very vulnarably to infections/hacking attacks and such.
This is the result of my HijackThis log analyzer:
You are using the latest version of HijackThis.
Old version of Internet Explorer detected, please update.
INMEDIATLY visit http://windowsupdate.microsoft.com and install ALL security patches/updates.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.
\windows\system32\msupdate.cmd
r3 - default urlsearchhook is missing
f2 - reg:system.ini: userinit=c:\windows\system32\wsaupdater.exe,
o2 - bho: (no name) - software - (no file)
o3 - toolbar: tadow! search bar - {1973395e-67f8-4723-bcc0-832cf4a5ddbc} - c:\windows\downloaded program files\toolbar.dll (file missing)
o4 - hklm..\run: [wintimer] “c:\windows\system32\msupdate.cmd”
o8 - extra context menu item: &tadow! search bar search - res://c:\windows\downloaded program files\toolbar.dll/search.html
o16 - dpf: {26cbf141-7d0f-46e1-aa06-718958b6e4d2} - http://download.ebay.com/turbo_lister/us/install.cab
o16 - dpf: {df780f87-ff2b-4df8-92d0-73db16a1543a} (popcaploader object) - http://antu.popcap.com/games/popcaploader_v5.cab
o4 - hklm..\run: [fasttvsync] “c:\program files\common files\intervideo\fasttvsync\fasttvsync.exe”
o4 - hklm..\run: [clonedvdelbydelay] “c:\program files\elaborate bytes\clonedvd\elbycheck.exe” /l elbydelay
o4 - hkcu..\run: [msmsgs] “c:\program files\messenger\msmsgs.exe” /background
o4 - hkcu..\run: [spyware begone] c:\freescan\freescan.exe -fastscan
o4 - hklm..\run: [kihupabqcng] c:\windows\system32\cflxaq.exe
@ Eddy,
Why telling him to remove parts of Avast?
Also as there no info on “cflxaq.exe” i think its safe to say its Malware.
@ htracey,
Don’t remove these:
o23 - service: avast! mail scanner - unknown owner - c:\program files\alwil software\avast4\ashmaisv.exe" /service (file missing)
o23 - service: avast! web scanner - unknown owner - c:\program files\alwil software\avast4\ashwebsv.exe" /service (file missing)
A bug in Hijackthis reported them as not there, this should be fixed in the next release.
Also you may want to remove this:
o4 - hklm..\run: [kihupabqcng] c:\windows\system32\cflxaq.exe
And them delete the file:
c:\windows\system32[b]cflxaq.exe[/b]
Also run/use the scanners suggested on Eddys site that you havn’t used yet. (CWShredder/spywareblaster etc).
–lee
thank you after running hijackthis should i remove all but the 2 you mentioned, or should i just remove the 1 you mentioned??
Remove all but the ones i said not to remove
–lee
also when i go into safe mode to run and remove items should i disconnect cable modum?
also what kind of problems can be caused by running computer with this trojan?
also when i go into safe mode to run and remove items should i disconnect cable modum?
A common mistake is to go into safe mode and run scanners etc, if you do this, most malware would not of started and therefore will remain on your system, run hijackthis in “normal” mode and remove the items suggested.
Also, are you saying that the hijackthis log you posted was done from safe mode?
also what kind of problems can be caused by running computer with this trojan?
Its not a trojan, its malware ;), more commonly known as Spyware/adware, one of the names avast gives these Spyware/adware is Win32 Trojan-gen.
–lee