Think I may still have a virus...

Details
A few weeks ago, my laptop was infected by a virus (a trojan I think) which messed up my internet. Firefox (the program I was using at the time, which is now uninstalled) & Internet Explorer 8 refuse to load up any webpages. However, my A.V programs,
Avast 4.8,
Malwares Anti-Bytes,
Spybot Search & Destroy,
can still update properly. E-mail & Lime-wire can also still connect.

Have run antivirus scans multiple times since in normal & safe modes, with & without my LAN cable connected. Avast found several trojans when scanning & it said they had been successful dealt with. Have since installed Super Antispyware & Spyware Doctor. The former comes up clean but the latter says my laptop still has a trojan. Not sure whether it’s correct though as you have to buy the software to remove viruses.

Summary
Web browsers no longer work
Most other programs requiring net connection do
4 free A.V products currently find no viruses
1 free scan but pay to remove program finds 1 trojan

Any help would be highly appreciated.

  1. Drop Spybot and Spyware Doctor…!!!
  2. Update to the latest build of avast, which is 5.0.545
  3. Run a boot time scan with avast. (I guess you’re on a 32bit system…!??)
  4. Report back here.
    asyn

i would remove spyware doctor and spybot SD

Then i would follow this guide from Essexboy, and post the MBAM and OTL log`s here
http://forum.avast.com/index.php?topic=53253.0

he will then fix this when he arrives in the forum, usually late UK time

post the logs as attachments

see down left corner > additional options > attach

Thanks for your quick replies.
Installing Avast 5 off my USB stick now. Will run Avast & Malware bytes scan shortly. Lan cable’s in so it should be able to update if necessary.
Just realised that I didn’t post my system specs, don’t know if they’ll be any help but here they are:

Acer Travelmate 4062LMI
Wins XP SP3
1.73GHZ
2GB Ram
120GB Hardisk (Partitioned, about 90 in C, 20 in D)
Intel Graphics Media Accelerator 900

Its a few years old now, but this is the biggest problem it’s ever had so I can’t complain.

You’re welcome…!
Awaiting your reply…
asyn

Afraid scanning with Avast 5 & Malware Bytes hasn’t changed the situation.
I hope you can see the screenshots & there’s a log attached.

EDIT - Screenshots now attached to

No, can’t see your screenshots, use the attach function to post them…!
Your Mbam log is clean…!
What actions did you take exactly…? (refering to my first reply…!!)
asyn

What actions did you take exactly..? (refering to my first reply..!!)

Removed Spybot & Spyware Doc

Ran a full scan with Avast & Malwares in normal windows operating mode

That’s all I’ve so far. Downloaded the OTL program but haven’t chance to try it yet.

Thanks for the help.

So did you also run a boot time scan (as suggested) with avast yet…??
If not, please do so…!!
asyn

Before you run OTL do this :

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer

And for Firefox there are instructions on this page and you want the setting to be no proxy

THEN

Run OTL and post the log ;D

Good News - Ran Avast boot scan & it removed 1 trojan. Internet still didn’t work after point though. However, followed essexboy’s advice on the proxy server & now internet connection seems fine.

Will run OTL shortly & post log. Hopefully the problem is now solved though.

Thanks for all your help. Usually I’m able a sort out any malware on P.Cs in my house but this one was nastier than all the others i’d encountered.

If any more problems are discovered, I’ll post back here.

You’re welcome…!
asyn

Ok, I’ve done a full scan with OTL. Logs attached. I’ve had a quick look through it but I’m not sure what to look for.

Hopefully there’s no problems.

One minor element to kill - What problems do you have now ?

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS] 
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

One minor element to kill - What problems do you have now ?

Run OTL

* Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyServer” = http=127.0.0.1:5555

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

* Then click the Run Fix button at the top
* Let the program run unhindered, reboot the PC when it is done</blockquote>

Ok, have ran the OTL fix & rebooted. Only took 30secs to remove the data.
Having no problems at all.

Thanks for the help you guys have given me although I’m hoping I won’t have to post here again for a while! :wink:

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[
]Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[*]SpywareBlaster to help prevent spyware from installing in the first place.

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :wave: