Avast WEBforum

Other => Viruses and worms => Topic started by: orysia on April 30, 2008, 12:09:52 AM

Title: infected with Win32:TratBHO [Trj]. PLEASE HELP!
Post by: orysia on April 30, 2008, 12:09:52 AM: My computer is infected with the Win32:TratBHO [trj] . I tried everything and I'm not sure if it helped or not and whether or not the virus is still there (most likely yes). I scanned with Avast which detected it but I can't remove or rename it. I scanned with other programs as well, but nothing seems to be working.
I'm pasting the log from combofix below. Anything else I need to do? Please help me out and let me know. I'm not very efficient with computers and I'm panicing because I have an important paper due in 12 hrs.

Thank you in advance!
-Orysia
Title: Re: infected with Win32:TratBHO [Trj]. PLEASE HELP!
Post by: Lisandro on April 30, 2008, 12:57:43 AM: I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware (http://www.superantispyware.com) and/or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
6. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or, better, submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
Title: Re: infected with Win32:TratBHO [Trj]. PLEASE HELP!
Post by: orysia on April 30, 2008, 03:05:12 AM: I cleaned my temp files, scanned at boot time, tried quarantining/removing/renaming (except I recieved an error message saying that the file could not be found or was in use), and made a hijackthis log. I had a problem with the log as i recieved a message stating "the system denied write access to the host file. If any hijacked domains are in this file, hijack this will not may able to fix this. If that happens you need to edit the file yourself...". So I tried opening hijackthis as administrator and scanning which worked (but I'm not sure if properly).
Title: Re: infected with Win32:TratBHO [Trj]. PLEASE HELP!
Post by: orysia on April 30, 2008, 03:09:41 AM: I might have uploaded the wrong log file?
Heres the new one.