Avast WEBforum

Avast Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: freeze04 on October 03, 2004, 02:27:13 AM

Title: Trojans are swamping my PC!
Post by: freeze04 on October 03, 2004, 02:27:13 AM
I am using the latest version - 4.1 Home Edition, Build 4.1.418, VPS 0440-3, compile date 01.10.2004.  Windows XP Pro.

I am continuously getting trojan found messages for four days now. There seem to be a lot of us getting these trojan messages. I have disabled the Restore Point and rebooted. No Help.  

I keep putting them in the chest and/or deleting them, and they keep coming back. I ran a boot-time scan, and deleted them there, but it hasn't stopped the onslaught.

 No one on the forum can tell the users how to get rid of these trojans?

C:\Windows\system32\xtpsq.dll - Winshow [TRj]

C:\Windows\system32\msiz32.exe - Trojano-422

etc etc
Title: Re:Trojans are swamping my PC!
Post by: Eddy on October 03, 2004, 02:29:33 AM
Click on the link in my signature and follow all steps on that page. Let us know if the problem is solved after doing so.
Title: Re:Trojans are swamping my PC!
Post by: freeze04 on October 03, 2004, 04:10:08 AM
Well, thanks for the advice. I have done most of these things already, but I tried them again.. and it did not work.  I still have the same trojans.

I don't understand a couple of things:
1. If the software can't delete a file that's in use..why doesn't the program tell you "inable to delete file in use" instead of just going to the next step after the user hits the Delete button?
2.  Why do you have to explain how to fix a trojan in a forum? Why isn't this explanation a prominent feature on the AV website?

Before I go any further.. anybody got any ideas how to get these trojans off my PC?
Title: Re:Trojans are swamping my PC!
Post by: Eddy on October 03, 2004, 08:41:49 AM
There are many different malwares. Writing specific info on how to delete one, while people mostly also have other problems as just 1 malware is hardly possible. And at least will cost a lot of time and money.

The page I gave you, tells you how to completely clean a system independently of what kind of malware you have and in the same time secures most systems more than they are currently.

Therfor it is important you do ALL on that page. Not just one thing or some.
Title: Re:Trojans are swamping my PC!
Post by: DavidR on October 03, 2004, 02:17:47 PM
These are general not trojan specific points. Delete is not always the best option, what if you delete an infected system file (not normally the case with trojans though). First try, repair, move to chest, move and my last resort delete.

Many people have successfully used Eddy's web pages to remove malware, it can be long winded (best to print the instructions), but follow it step by step.

A search of these forums for the trojan names will no doubt return many hit as this topic has been  previously discussed a number of times.

Check out this thread also, General Advice & Tools for virus/trojan/malware removal (http://forum.avast.com/index.php?board=4;action=display;threadid=5373)

If you need more help, come back here with more info....
Title: Re:Trojans are swamping my PC!
Post by: freeze04 on October 03, 2004, 10:52:27 PM
I have followed Eddy's advice, to the letter and no help.  Every time I start IE, I get these warnings..

Winshow trojan


Anybody got any better ideas to remove these Trojans?
I am not trying to be a pain, but just commenting on the state of virus removal tools and procedures.. It's a mixed up world when it's easier to create havoc on thousands of PCs than it is to get a trojan removed from one.  Why hasn't ONE (any?) anti-virus software company seriously tackled this?   A user has to load and run six or more different software tools to fix this? It would be much easier to just erase everything and start over again.. and that's insane too.  
Title: Re:Trojans are swamping my PC!
Post by: whocares on October 03, 2004, 11:24:59 PM

- post a hijackthis-Log file HERE
- secure your system & browser better

for more details -> see "VirusRemoval" below in my sig

Title: Re:Trojans are swamping my PC!
Post by: freeze04 on October 04, 2004, 05:16:41 AM
I really feel I must congratulate myself!  After following all this advice to clean all the malware off my PC, I have two more files infected than I did when I started!

Here is the log..

Logfile of HijackThis v1.98.2
Scan saved at 10:58:42 AM, on 10/3/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\hijack\HijackThis.exe

O2 - BHO: (no name) - {352092D6-C44A-CE73-5767-988EE4E21EAE} - C:\WINDOW1\system32\apiac32.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Polisystems] C:\WINDOW1\System32\vcchost.exe
O4 - HKLM\..\Run: [wintb32.exe] C:\WINDOW1\system32\wintb32.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -aim -turbo
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office10\OFFICE11\REFIEBAR.DLL
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093720677105
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://wsc1.perfora.net/app/static/activex/msxml4.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab

Title: Re:Trojans are swamping my PC!
Post by: Eddy on October 04, 2004, 12:33:30 PM
This is not a complete HJT log. Please post the entire log here. Or use my analyzer and the online one. And when I look at this incomplete log, you did not do all as instructed on the page I gave you. :'(
Title: Re:Trojans are swamping my PC!
Post by: freeze04 on October 05, 2004, 03:10:35 AM
I just opened up the log file to check, and this is all there is.. I don't understand how it could be incomplete. ?!?  It starts with the words "Logfile of.." and ends with "abasetup.cab".  If you feel there is something wrong, let me know what it is.

I don't know how to run the Log analyzer, so I won't be able to do that.  When I click on the executable, it flashes on the screen and then it just disappears after 3-4 seconds.

As to not doing what your instruction page says.. I must say I don't know what you're talking about.. could you give me a clue?  I am not playing around here, I've already spent over 15 hours on trying to get rid of this problem.  So, just tell me what you mean. ???
Title: Re:Trojans are swamping my PC!
Post by: Eddy on October 05, 2004, 09:55:13 AM
I am not playing around here.
We don't say you do and I can't speak for the others ofcourse, but I believe you. Click on the link in my signature. Read that page before starting to do anything. Make sure you have all utils mentioned in the 1st table on that page. If needed read it twice to understand. Then follow the 8 steps there.

And for the analyzer that is flashing..... That is explained in the readme.txt.