tchio.com virus

hello I’m having some problems with a virus in my computer i have no idea if its a Trojan, vundo, spybot or what have you.
it got in to my computer when i used a fake installer for daemon tools i found on rapidshare so far all the virus does is open http://tchio.com/ a (German?) tool (the band) fan site normally it isn’t a really problem but i use a small laptop with low resources
and opening firefox while I’m using a app in full screen can create some really bad lag and mess up my app

anyway iv run scans in CA anti-virus and spy ware, AVG, spybot, windows Malicious Software Removal Tool, vundofix, avast antirootkit
and hijackthis
if anyone has had the same problem and found a way to fix it please let me know

Try Malwarebytes Antimalware

http://www.malwarebytes.org/

thanks for the help the scan found a few things
but im not sure about what to do now

Scan type: Full Scan (C:|D:|)
Objects scanned: 374658
Time elapsed: 4 hour(s), 9 minute(s), 14 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Users\Cameo\AppData\Roaming\svchost.exe (Trojan.Delf) → No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Delf) → No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Cameo\Downloaded Programs\Cracks and Patches\HERE_FIRST!\DT_PRO_v4.10.0218\Patch\daemon.tools.pro.patch.exe (Trojan.Agent) → No action taken.
C:\Users\Cameo\AppData\Roaming\svchost.exe (Trojan.Delf) → No action taken.

Can you run the scan again and this time remove all the infection found by malwarebytes

ok but it sounded like messing with svchost was not something i should be doing

This copy of svchost isn’t correct.

Before dealing with it send a sample to avast.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that, e.g. allow MBAM to remove it.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

Note when you use cracks, you open yourself up to malware.

C:\Users\Cameo\Downloaded Programs\[b]Cracks and Patches[/b]\HERE_FIRST!\DT_PRO_v4.10.0218\Patch\daemon.tools.pro.patch.exe (Trojan.Agent)

Post a complete MBAM log next time as it is missing the header that contains important information.

e.g.
Malwarebytes’ Anti-Malware 1.40
Database version: 2687
Windows 5.1.2600 Service Pack 3

Malwarebytes’ Anti-Malware 1.40
Database version: 2687
Windows 6.0.6001 Service Pack 1

25/08/2009 9:23:27 AM
mbam-log-2009-08-25 (09-23-27).txt

Scan type: Full Scan (C:|D:|)
Objects scanned: 374658
Time elapsed: 4 hour(s), 9 minute(s), 14 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Users\Cameo\AppData\Roaming\svchost.exe (Trojan.Delf) → Not selected for removal.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Delf) → Not selected for removal.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Cameo\Downloaded Programs\Cracks and Patches\HERE_FIRST!\DT_PRO_v4.10.0218\Patch\daemon.tools.pro.patch.exe (Trojan.Agent) → Quarantined and deleted successfully.
C:\Users\Cameo\AppData\Roaming\svchost.exe (Trojan.Delf) → Not selected for removal.

First Vista SP2 is available.

You need to start Internet Explorer then go to Tools then Windows Update and download all of the available updates.

Also you should enable Automatic Updates or at least be notified that Updates are available.

Go to Control Panel then Automatic Updates then select Automatic (recommended) or at least Notify me but don’t automatically download or install them.

Ask about this entry at Malwarebytes forum:
http://www.malwarebytes.org/forums/index.php?showforum=42

C:\Users\Cameo\AppData\Roaming\svchost.exe looks highly suspicious.

thank you British Canadian Hitler i think that deleting the fake schost fixed my problem so thanks i send a email with a zip containing the .exe to the email

You don’t get the joke as you have not been around here long:
http://www.youtube.com/watch?v=IIlKiRPSNGA

Thanks for trying to improve avast detections.

L.M.F.A.O. ;D ;D ;D