Author Topic: Resolved: Found one Trojan horse on Windows 7 computer  (Read 26404 times)

0 Members and 1 Guest are viewing this topic.

Offline Diddy

  • Poster
  • *
  • Posts: 594
Re: Found one Trojan horse on Windows 7 computer
« Reply #30 on: November 12, 2012, 10:55:53 AM »
HI please let me now if I got everything right sorry any goof ups I am new at this sort of thing I am sorry in advance.

Thanks again

Windows 10 Home Edition  64 Bit
Avast free 11.1.2253

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5417
  • Spartan Warrior
Re: Found one Trojan horse on Windows 7 computer
« Reply #31 on: November 12, 2012, 10:56:49 AM »
+1

And now we wait....  essexboy will let you know if you actually still have an active infection or if Avast! killed it.

Please be patient.  All looks good from here (posting the logs I mean).
Windows 10 Home 64-bit 1909 Avast Premier Security version 20.10.2442 (build 20.10.5824.618) UI version 1.0.591.

Offline Diddy

  • Poster
  • *
  • Posts: 594
Re: Found one Trojan horse on Windows 7 computer
« Reply #32 on: November 12, 2012, 11:01:06 AM »
hI Thanks Mchain thanks for your help of you I was a bit nervous but now I feel better that all of you on this community are so helpful to put me at ez.
Thanks again every one for your time and help

Windows 10 Home Edition  64 Bit
Avast free 11.1.2253

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Found one Trojan horse on Windows 7 computer
« Reply #33 on: November 12, 2012, 07:48:28 PM »
Hi just to put you mind at rest :

AdwCleaner can do a scan function only if you wish and will still produce a log for me to see
OTL is a diagnostic tool that I can use to remove any bad entries, sometimes it will not be strong enough and I may need to use a stronger tool.  But, I will tell you
AswMBR is again a diagnostic tool, but do not press any button apart from save log  :D

Offline Diddy

  • Poster
  • *
  • Posts: 594
Re: Found one Trojan horse on Windows 7 computer
« Reply #34 on: November 12, 2012, 11:45:50 PM »
HI Esseyboy So What is it you want me to do with Aswmbr Do you want me to just do a quick scan with it and then save the log file again that correct

Thanks I should mention Esseyboy that I am new to this kind of thing please be patient with me

Thanks again.

Windows 10 Home Edition  64 Bit
Avast free 11.1.2253

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36993
Re: Found one Trojan horse on Windows 7 computer
« Reply #35 on: November 13, 2012, 12:08:09 AM »
the logs are okay posted

guess Essexboy did not see them since they are in reply 29

he is probably in bed now so check back tomorrow

Offline Diddy

  • Poster
  • *
  • Posts: 594
Re: Found one Trojan horse on Windows 7 computer
« Reply #36 on: November 13, 2012, 05:29:45 AM »
HI Essexboy I just thought I would tell you that if you go to the second page of this topic the logs you need are at the bottom of the second page.  Just letting you now.

Have a good day
ps: the logs are for Windows Vista home Basic only.

thanks
Windows 10 Home Edition  64 Bit
Avast free 11.1.2253

Offline Diddy

  • Poster
  • *
  • Posts: 594
Re: Found one Trojan horse on Windows 7 computer
« Reply #37 on: November 13, 2012, 07:14:50 AM »
HI I was wondering if someone could please tell me more about Essexboy is he a certified malware expert?  How long has he been cleaning computers of malware infections for?

He will not wreck my computer right he only gets rid of the bad stuff on your computer for you and at the end of this cleaning off the bad stuff my computer will still work right.  Just curious that is all I just want more information that is all.

Thanks very much for your time and help.

Windows 10 Home Edition  64 Bit
Avast free 11.1.2253

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70035
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Found one Trojan horse on Windows 7 computer
« Reply #38 on: November 13, 2012, 07:24:54 AM »
1. HI I was wondering if someone could please tell me more about Essexboy is he a certified malware expert?
2. He will not wreck my computer right he only gets rid of the bad stuff on your computer for you and at the end of this cleaning off the bad stuff my computer will still work right.

1. Yes.
2. Right.
Win 8.1 [x64] - Avast PremSec 21.3.2459.BUC [UI.612] - EEK - Firefox ESR 78.9 [NS/uBO/PB] - TB 78.9
Avast-Tools: Secure Browser 89.1 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Found one Trojan horse on Windows 7 computer
« Reply #39 on: November 13, 2012, 04:06:29 PM »
I am an instructor at GeekstoGo Malware school, but it is only right that you should know who is asking you to run programmes on your system  ;D

Ok this run with OTL will remove the active search bars etc.. that are not considered to be effective or useful as they will only send you where they want as opposed to where you really want to go
I will also remove some redundant elements.
I will also empty all the temporary files/folders on the computer
Prior to all of this OTL will create a restore point for you.

From the logs posted there is no apparent malware just the advertising stuff which will slow down your computer.

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/howfytdl/{3547C6A4-562D-4EA9-B769-7DAD07F1971C}
IE - HKLM\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://search.speedbit.com/search.aspx?s=CAUe0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/?s=CAUe0
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=egtb&c=&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7bee129ccc-e08f-4afb-a60c-3691dd268bb8%7d&component=&q={searchTerms}
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=egtb&c=&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7bee129ccc-e08f-4afb-a60c-3691dd268bb8%7d&component=&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=060612_5_&babsrc=SP_ss&mntrId=0c02ff50000000000000001aa072ac13
IE - HKCU\..\SearchScopes\{271DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://jixey.com/?q={searchTerms}&id={8C4D5522-344D-4970-9F3A-48B060C913A8}&src=chr&ver=2.2.5
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://search.speedbit.com/search.aspx?s=CAUe0&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/howfytdl/{3547C6A4-562D-4EA9-B769-7DAD07F1971C}?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Speedbit Search"
FF - prefs.js..browser.search.defaulturl: "http://search.speedbit.com/search.aspx?s=CAUe0&q="
FF - prefs.js..browser.search.order.1: "Speedbit Search"
FF - prefs.js..keyword.URL: "http://search.speedbit.com/search.aspx?s=CAUe0&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com:
[2011/08/07 18:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\f146a7vj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2012/06/18 22:55:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7792546F-70AE-4ABC-B2B6-BE68E9410002} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found
O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0 File not found
[2012/10/30 00:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
[2012/10/30 00:01:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
[2012/10/30 00:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2012/10/30 00:01:28 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\System32\AniGIF.ocx

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
« Last Edit: November 13, 2012, 04:34:28 PM by essexboy »

Offline Diddy

  • Poster
  • *
  • Posts: 594
Re: Found one Trojan horse on Windows 7 computer
« Reply #40 on: November 13, 2012, 09:56:54 PM »
HI Essexboy I was wanting to ask some thing when I did the otl log I forgot to put some stuff in the customfix box I am talking about the stuff under the otl in the guide should I re do the scan and put the following stuff in the custom box of otl

Thanks

Windows 10 Home Edition  64 Bit
Avast free 11.1.2253

Offline Diddy

  • Poster
  • *
  • Posts: 594
Re: Found one Trojan horse on Windows 7 computer
« Reply #41 on: November 13, 2012, 10:37:27 PM »
HI Essexboy I was wanting to ask a question should I have put the following when I did the first scan without the following stuff stuff below does it make a difference in the logs here is the stuff I am talking about below:
    Select All Users
    Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop

I am  sorry if I forgot to put this stuff in the otl's custom fix box the first time Essexboy.

Let me now if I should do a new scan with Otl Essexboy with stuff included
Sorry about that


CREATERESTOREPOINT
Windows 10 Home Edition  64 Bit
Avast free 11.1.2253

Offline Diddy

  • Poster
  • *
  • Posts: 594
Re: Found one Trojan horse on Windows 7 computer
« Reply #42 on: November 14, 2012, 08:06:44 AM »
HI Essexboy I followed the directions better and did all the directions right this time here is the otl log for windows Vista and I also copied and pasted everything that was in the guide to the letter this time here is the new otl log with everything that was included only in the guide.

Sorry for the mistake

Windows 10 Home Edition  64 Bit
Avast free 11.1.2253

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36993
Re: Found one Trojan horse on Windows 7 computer
« Reply #43 on: November 14, 2012, 08:21:07 AM »
Quote
here is the otl log for windows Vista
you dont have to tell him.....all tech info is displayed in the logs
and if he needed a new log he would have told you....as he can see how it was run   ;)


NOW follow the instructions and run the fix  in Essexboys reply #39
« Last Edit: November 14, 2012, 08:25:13 AM by Pondus »

Offline Diddy

  • Poster
  • *
  • Posts: 594
Re: Found one Trojan horse on Windows 7 computer
« Reply #44 on: November 14, 2012, 11:05:32 AM »
HI Essexboy I tried your fix and everything seemed fine when I put your fix in the Custom box of olt and pushed the fix button everything seemed to be fine then otl was not responding so I pushed the button to start my computer over again this time I made sure I had all my windows and folders closed and then I did the exact thing again and this time otl was not responding but before that avast free had just updated.  I was wondering Essexboy should I disable avast free before I start the fix with otl.

Thanks have a good day

Windows 10 Home Edition  64 Bit
Avast free 11.1.2253