I have repeatedly caught this virus after running this avast software on my computer. It is now preventing me from accesing the avast scanner at all. The first two times that I caught this thing, avast figured it out and supposedly deleted it, but now it keeps coming back. I have caught it eight times in four days and now, like I said, it must have gitten smart because if I try to start the avast program, it says this " a required .DLL file, ASHBASE.DLL, was not found. So, how to I fix this? Now, I have also contracted another trojan. It’s called dyfuca. Is this coming from the original, and how do I get rid of both of them?
First try a repair of Avast. Let’s see if that gets Avast going again.
Than click on the link in my signature and from the menu on that page choose “malware removal instructions” and follow every step there to thoroughly clean your system from malware.
Don’t rush, take your time to read that page and do as explained there.
Than come back here and let us know how you are doing.
I have tried to figure out how to repair the avast program, but i am unable to load the program in the first place. How do I repair it without loading it? I may sound stupid, but I really don’t know much about computers. Thank you.
Go to add/remove programs click on avast to remove/change then down bottom is repair, Hope this gets us somewhere,And try a trend micro virus scan http://housecall.trendmicro.com/
Well, I have gotten avast working again. The virus keeps coming back every day between 4 nad 5 so i guess in the future i just have to make sure im not on the internet at that time.(ha,ha). I wonder if that will solve the problem. Thank u guys for all your help. If I hadn’t had your help, that thing would have probably eaten my whole computer by now. Thanks again. Michelle
Hi Michelle,
either work through eddy’s page again/properly, or
read “VirusRemoval” below in my sig and then:
-
tell us WHERE avast finds the trojan(s): exact trojan-name and full path/folder/filename for each occurence
-
post a hijackthis-Log here…
-
Update your Windows & secure your browser
the trojan comes in two locations
c:\TEMP\NCASEP~1.dl
and
c:\Window\AllUsers\ApplicationData\AOL\Storage\Cache.db.
It came again today at 4:21pm. It always seems to come at this time (BETWEEN 4:19 AND 4:21 PM). I have included the hijack this log from today. Maybe it will help you.
You can use Eddy’s HijackThis Analyser tool, available from his site (click the link on his signature)
If you want to try an on-line scan of your Hijackthis file try here [b]http://hijackthis.de/index.php[/b]
I simply ran your report through his analyser and the attached hjtreport.txt has the fixes, etc.
This is the result from my HijackThis Log Analyzer:
CHECKING HIJACKTHIS, INTERNET EXPLORER, WINDOWS AND SOFTWARE FIREWALL:
You are using the latest version of HijackThis.
You are using the latest version of Internet Explorer.
Software firewall detected.
THESE ITEMS ARE HARMFULL AND SHOULD BE FIXED/REMOVED :
\program files\windows taskad\winsched.exe
\windows\rundll.exe
\program files\windows taskad\wintaskad.exe
o2 - bho: search relevancy - {1d7e3b41-23ce-469b-be1b-a64b877923e1} - c:\progra~1\search~1\search~1.dll
o4 - hklm..\run: [systemtray] systray.exe
o4 - hklm..\run: [wildtangent cda] rundll32.exe c:\progra~1\wildta~1\apps\cda\cdaeng~1.dll,cdaenginemain
o4 - hklm..\run: [windows taskad] c:\program files\windows taskad\wintaskad.exe
o4 - hklm..\run: [oss] c:\windows\system\rk.exe -boot
o8 - extra context menu item: &aol toolbar search - res://c:\program files\aol toolbar\toolbar.dll/search.html
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
o16 - dpf: {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} - http://public.windupdates.com/get_file.php?bt=ie&p=d5ce257857a083868c1f4672b0407c8b9379fe5496c0e7d74dd5b79e931ad6d6d9b0f3669e53e51b8fba848fa8088c3fc64cb0edfedca287d6c4c1b056f368:c05c8ac2b23f939ff11a0351cafa03db
o16 - dpf: {2119776a-f1ad-4fcd-9548-f1e1c615350c} - http://www.stop-sign.com/pub/download/ss_tscanner.cab?=&n=s_mm_df_001&pg=%26ss_research_virusdetail%26ss_virus_list2%26ss_research_virusdetail%26ss_virus_list2%26ss_research_virusdetail%26ss_virus_list2%26ss_research_virusdetail%26ss_virus_list2%26ss_research_virusdetail%26ss_virus_list2%26ss_research_virusdetail%26ss_virus_list2%26ss_research_virusdetail%26ss_virus_list2%26ss_research_virusdetail%26ss_virus_list2%26ss_research_virusdetail%26ss_virus_list2%26ss_research_virusdetail%26ss_virus_list2%26ss_research_virusdetail%26ss_virus_list2%26ss_research_virusdetail%26ss_virus_list2%26ss_research_virusdetail%26ss_downloads%26ss_downloads&se_spin=&se046b=&ver=online&sv=se046b&dc=1&rfx=na&virusid=20041011_01
o16 - dpf: {74d05d43-3236-11d4-bdcd-00c04f9a3b61} (housecall control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
o16 - dpf: {4a3cf76b-ec7a-405d-a67d-8dc6b52ab35b} (qdiagaolccupdateobj class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTIME FOR THE SYSTEM TO WORK PROPERLY:
o4 - hklm..\run: [webscan] c:\program files\acceleration software\anti-virus\stopsignav.exe -k
o4 - hkcu..\run: [spyware doctor] “c:\program files\spyware doctor\swdoctor.exe” /q
c:\Window\AllUsers\ApplicationData\AOL\Storage\Cache.db.
And of course empty/clean out your AOL-Cache (Temp-Internet-Files in AOL)
Securing your Browser &
exercising a bit of caution/common sense concerning the sites you visit, still apllies, of course…