need some help removing TR/s.bzc Trojan

I tried to remove this trojan with avast pro, but it’s freaking freezes my computer. I go to safe mode and remove it, and is still there… >:( >:(
Than I tried scan with Avira premium is deteck this TR/s.bzc Trojan.
i try to deleted is still there… :‘( :’(
scan with Malwarebytes’ Anti-Malware didn’t detected
I used this HijackThis but can’t find it…
this things keep poping up C:\Windows\System32\SKYNETIpomklbj.dll

i really need help !!!
:‘( :’( :cry:

If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.

If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.

That’s the problem, you see after the safe mode scanned and removed it and i can’t even reboot is just freezes during the scans, it got to 98% completed it doesn’t move at all. I can’t even start the windows, it freezes at black scream.

Than i go back with avira premium is back to normal, but the scream keep poping up showing this TR/s.bzc Trojan

Are you using avast and Avira at the same time? Both antivirus will conflict and freeze the computer…
Did you run avast at boot time?

i uninstall avast before i install avira of couse :wink:

i’m using windows vista peimium 32 service pack 2 by the way

forgot to mention i have uninstall avast in safe mode because windows doesn’t load at all. it’s FREEZE…after uninstalled, go back to avira and go here needs some help…

Read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD’s:

  1. Avira
  2. Kaspersky
  3. BitDefender
  4. F-Secure
  5. Dr. Web

Man, this is really pissing me of… >:( >:( >:(
after i did everything, this trojan is just keep coming back…

any ideas ??? ???

Be sure that you removed avast from control panel and with the removal tools (for all anti virus you do its should be that).

If im not wrong Threat Fire(Behavior Protection),Spybot S&D(Anti Spyware) or Comodo(Internet Security so uninstall Avira) should detect this trojan and im sure its would can delete it. Try these 3 things or wait another suggestions for be sure.

I think that another opinion wouldn’t hurt…try to scan with Superantispyware…i think maybe it could do the trick for you,if the other stuff doesn’t work… :slight_smile:

Hi jpmartin,

TR/s.bzc Trojan for this I would suggest running ComboFix then post the resulting log, I am sure the Malware hunters here will help. Here is a walk through for ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

here’s the problems.

  1. used the avira rescue cd doeen’t boot, it’s giving errors.
  2. Malwarebytes’ Anti-Malware detected and put on quarantine, but it’s just keep popping up. Tried to deleted is said “denied code 1183.” run on safe mode but didn’t detected during the scan.
  3. Malwarebytes’ Anti-Malware detected said "\?\globalroot\systemroot\System32\SKYNETIpomklbj.dll

I’m out of ideas here ??? ???

i’m out off ideas; my last resort is reformat the Hard Drives and start over. :‘( :’( :cry:
but my questions is does it remove it?
please let m know…

You could try this.

Unhook from internet. But first download latest version avast to Program Files.
Uninstall all AV (or even AV and spyware if you want) from your computer.

Turn off System Restore (I assume you have exhausted or bypassed this option).
Boot into Safe Mode. Load avast into Program Files.
Start avast and set boot-time scan rather than run simple user interface scanner.
Restart computer.

If scan runs okay. Then repeat with setting thorough and archive checked.

Also
Load latest edition of MBAM or other spyware and run also.
Continue anti-malware routines, include repeat boot-time quick scan, until satisfied.

mkis

Itried that before. go to safe mode using avast removed it, but when to go start up windows, the screen goes black and freeze…doesn’t work.

when i tried to deleted or sent to quarantine is give a report said “Quarantine failed: deleteFile failed with error code 1381.”
I’m scanning with Malwarebytes’ Anti-Malware and it’s reported

But dont run a scan in Safe Mode.

Boot into Safe Mode. Load avast into Program Files. Start avast and set boot-time scan rather than run simple user interface scanner. Restart computer.

Just use Safe Mode to uninstall all - install clean avast and then set boot time scan in Safe Mode and Restart computer - scan is then run after restart before programs need to load.

Like i said it before installed avast and let it scan itself. after completed start with windows but the screen turn black and freeze it self. try restart again and again, but the windows keep FREEZE in a black screen. So i have to uninstall avast in safe mode and the windows back to normal but the trojans is coming back as well… :-\

Okay I read back through all the posts in this thread. I can only offer same advice because I think where your situation is at the moment is that with so much activity, infections have been mutating, making detection by clear definition unstable. Viruses (=malcode) rely on activity to mutate. Not so in Safe Mode but this would not mean (mal)scripts were not in place to jam or disable or confuse or whatever else - scanner in Safe Mode cannot untangle a mess, despite that viruses are kept from actioning any further for the time being.

In your case, given previous levels of activity running on the computer, Safe Mode may be best for preparing your attack on the virus. Set up a boot-time scan - use thorough and check archive if you want.

The value in the boot-time scan is that it should engage before the windows keep FREEZE in a black screen. In fact, it must. Though I admit that only doing will be proof and I’m not there with you.

The sequence is important - you have do each step in the right order so that boot-time scan can strike with full impact and comprehensively cover your directories. Virus detection should come early in scan.

I think i have an ideas of removing it, but is going to take a long times of finding it. this stepts below works right? i found it but wasn’t sure. asking an expert before doing it. i suspecting is this keys but wasn’t sure.

“WaitToKillAppTimeOut”
WaitToKillServiceTimeout"

“root viruses infect your system files
so it cannot be removed without a tough manuever
but they can be disabled by deleting the .dl key form
your registry (which most of the root virii use)
you can edit your registry by typing “regedit” in the “run” app.
from start menu”