Win32:TratBHO

Viruses and worms
1

??? Hi… again same story… read other threads… have downloaded Hijackthis and ComboFix… same pesky virus warnings pop up every hour (by the way what actions should be taking?.. I’ve putting them in the chest)… I gather I should append my log from Hijack this to recieve some guidence… so here I go… thanks in advance for the help

2

Welcome to the forum.

Open HJT, run a system scan only, check mark these lines if present

O2 - BHO: (no name) - {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} - C:\WINDOWS\system32\opnllmn.dll
O20 - Winlogon Notify: opnllmn - C:\WINDOWS\SYSTEM32\opnllmn.dll

Close all other browsers/windows, click fix, close HJT.

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall.

3

Dear Oldman,

Those files you told me to check I believe are now history, I’ll append both logs (hijack this/ ComboFix) to make sure there are no other issues. Thank- you I hope this has done the trick.

But Question: I downloaded this virus in a zipped file. Does avast recognize viruses in zipped form? Is there a way to avoid having this happen again with zipped files?

4

Looks like we got it.

Avast should have picked it up in the zip unless the zip was password protected.

If you still have it you could submit it to virus@avast.com , in a password protected zip, or if it’s in the chest, you can send it from there, no need to zip it. Hopefully it will get added to the dections soon.

All right let’s clean up the tools and do some housekeeping.

  1. Click start button, click run, copy and paste the following line into the box

combofix /u

  1. Open HJT, click misc tools button, slide the slider down, click uninstall.

  2. Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point , click create

  1. Remove old restore points
  • Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.
  1. Out of date java is an entry point for malware.

Open an Internet Explorer (only) window and go to http://www.java.com/en/download/manual.jsp > In the middle of the page, click on the Download button to the right of Java Runtime Environment (JRE) 6u3 > If Information Bar pop-ups up, right-click on it and say it’s OK to display the blocked content.

You do not have to install the Java Web Start ActiveX Control

Accept the license agreement > Click on Windows (XP,Vista, .etc) Offline Installation, Multi-language and Save the file jre-6u3-windows-i586-p.exe to your desktop; do not Run it.

When the download is complete, Open Control Panel > Add/Remove Programs:

Uninstall anything that says Sun Java, Java JRE, or similar.

Close Add/Remove Programs.

In Windows Explorer, navigate to C:\Program Files\Java <=this folder, if found. Delete any subfolders it may contain.

Do NOT delete C:\Program Files[b]JavaVM[/b] <=this folder, if found!

Reboot your computer.

Double-click on the saved file to install the update.

Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

  1. Download and run this clean up utility. You can use it regularly. When it’s first run, it is in demo mode to show you what it will remove. Review it and then rerun in real mode. It is configurable.

CleanUp

  1. You may want to consider this

If you are using windows firewall, please note that it doesn’t provide outbound protection. A third party firewall will.

A discussion on free firewalls can be found here.

http://forum.avast.com/index.php?topic=30808.0

Take care and keep safe.

5

Dear Old man,

In a wreakless fury of trying to avoid the virus taking hold after I realized I had it I probably deleted the file it was zipped into… in the future if I should ever be so blessed, I will submit it for the folks at avast to play with ;/ thanks for the help

6

[quote author=Befuddled link=topic=32652.msg273092#msg273092 date=1200275295]

In a wreakless fury of trying to avoid the virus taking hold after I realized I had it I probably deleted the file it was zipped into..

That’s ok. Hopefully there won’t be a next time, but if there is and you can move it to the chest, do so. It is save in the chest, it can’t run or be accessed from outside.

[b]in the future if I should ever be so blessed, [/b]I will submit it for the folks at avast to play with

;D ;D

;/ thanks for the help

You’re welcome.