Author Topic: Resolved: Found one Trojan horse on Windows 7 computer  (Read 29834 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Found one Trojan horse on Windows 7 computer
« Reply #45 on: November 14, 2012, 03:42:22 PM »
No that is MBAM being pig awkward again.. On some systems it refuses to stop and blocks OTL

Run this fix and it will sail through

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/howfytdl/{3547C6A4-562D-4EA9-B769-7DAD07F1971C}
IE - HKLM\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://search.speedbit.com/search.aspx?s=CAUe0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/?s=CAUe0
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=egtb&c=&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7bee129ccc-e08f-4afb-a60c-3691dd268bb8%7d&component=&q={searchTerms}
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=egtb&c=&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7bee129ccc-e08f-4afb-a60c-3691dd268bb8%7d&component=&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=060612_5_&babsrc=SP_ss&mntrId=0c02ff50000000000000001aa072ac13
IE - HKCU\..\SearchScopes\{271DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://jixey.com/?q={searchTerms}&id={8C4D5522-344D-4970-9F3A-48B060C913A8}&src=chr&ver=2.2.5
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://search.speedbit.com/search.aspx?s=CAUe0&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/howfytdl/{3547C6A4-562D-4EA9-B769-7DAD07F1971C}?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Speedbit Search"
FF - prefs.js..browser.search.defaulturl: "http://search.speedbit.com/search.aspx?s=CAUe0&q="
FF - prefs.js..browser.search.order.1: "Speedbit Search"
FF - prefs.js..keyword.URL: "http://search.speedbit.com/search.aspx?s=CAUe0&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com:
[2011/08/07 18:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\f146a7vj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2012/06/18 22:55:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7792546F-70AE-4ABC-B2B6-BE68E9410002} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found
O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0 File not found
[2012/10/30 00:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
[2012/10/30 00:01:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
[2012/10/30 00:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2012/10/30 00:01:28 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\System32\AniGIF.ocx

:Commands
[resethosts]
[emptyjava]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Diddy

  • Guest
Re: Found one Trojan horse on Windows 7 computer
« Reply #46 on: November 14, 2012, 10:23:00 PM »
HI Essexboy I have i am still having trouble otl starts go and then it gets stuck on firefox and it will not go any further.  I uninstalled malwarebytes free off of my computer.  so I put the fix back into otl and pushed on the fix button but again otl was not responding.  What can I do.

Thanks for the help


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Found one Trojan horse on Windows 7 computer
« Reply #47 on: November 14, 2012, 11:26:03 PM »
Unfortunately that means that there is a corrupt file/folder in firefox.   It appears that your computer is one of the few that gets a bit uppity with OTL, it happens I'm afraid.  The files etc that I am removing are easily handled by AdwCleaner so if you wish to run the scan on that and post the log I will highlight the ones to select for deletion 


Diddy

  • Guest
Re: Found one Trojan horse on Windows 7 computer
« Reply #48 on: November 14, 2012, 11:36:05 PM »
HI here is the adwcleaner log you wish to have.

Thanks

TheHulk

  • Guest
Re: Found one Trojan horse on Windows 7 computer
« Reply #49 on: November 15, 2012, 08:10:42 AM »
boy! still having problems???? o.o

fresh install of windows will sort out the problems like I said before

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: Found one Trojan horse on Windows 7 computer
« Reply #50 on: November 15, 2012, 08:21:45 AM »
Let Essexboy make that call TheHulk IF he need to reformat his HD and reinstall of windows will sort out the problems.

Essexboy is very good at this solving problem this way without reformatting his HD and reinstall of windows.
« Last Edit: November 15, 2012, 08:23:53 AM by SpeedyPC »
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v23.11.6090 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Found one Trojan horse on Windows 7 computer
« Reply #51 on: November 15, 2012, 08:25:39 AM »
naaaa...Speedy.... firefox problems are easyer solved with a reinstall.  ;D

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: Found one Trojan horse on Windows 7 computer
« Reply #52 on: November 15, 2012, 08:28:42 AM »
naaaa...Speedy.... firefox problems are easyer solved with a reinstall.  ;D

I know that Pondus ;) :P depend on how bad is this Trojan horse he has on his HD
« Last Edit: November 15, 2012, 08:30:31 AM by SpeedyPC »
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v23.11.6090 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Found one Trojan horse on Windows 7 computer
« Reply #53 on: November 15, 2012, 08:34:22 AM »
he may have to buy a new computer.  ;)

Diddy

  • Guest
Re: Found one Trojan horse on Windows 7 computer
« Reply #54 on: November 15, 2012, 08:57:31 AM »
HI everyone I am sorry I did not make things clear the first time this computer that I am using to type these messages for help under this topic is Windows Vista home basic I made a mistake though when I put on here as the topic title Windows 7.  This is not a Windows 7 operating system
my Windows Vista does not have a virus on it just a bunch of toolbars at least thats what Essexboy told me in a post any ways.

Thanks

Diddy

  • Guest
Re: Found one Trojan horse on Windows 7 computer
« Reply #55 on: November 15, 2012, 09:01:11 AM »
hI Essexboy I was wondering I have uninstalled firefox off of my computer for now I was wondering what would happen if you removed the fix for firefox extensions would the fix and otl work fine then or would it be worthless try this solution.

Thanks


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Found one Trojan horse on Windows 7 computer
« Reply #56 on: November 15, 2012, 03:03:33 PM »
Everything shown in adwcleaner is stuff that you do not need on your computer, so you could run and select delete to remove them

Uninstall Firefox by all means but it will need to be a full uninstall http://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

It must be stated here that I have never been impressed with firefox and I stick to IE (currently running IE10) .. Watch the fireworks begin  ;D

After the Firefox uninstall then run the OTL fix as there may still be some FF related entries

Diddy

  • Guest
Re: Found one Trojan horse on Windows 7 computer
« Reply #57 on: November 16, 2012, 06:19:08 AM »
HI Essexboy I have uninstalled Firefox fully from my computer and I have removed the mozilla firefox folders from my computer.  I was also going to ask another question Essexboy I would like to run adwcleaner but when it gets done scanning I am afraid that I will delete the wrong file and if windows needs that file then I cannot get that file back right I don't want to goof up my computer.  I re tried otl and the fix and again otl hung on me again so what should I do now.
please guide me what I should do

Thanks




Diddy

  • Guest
Re: Found one Trojan horse on Windows 7 computer
« Reply #58 on: November 16, 2012, 08:20:45 AM »
HI Essexboy I took your advice and used adwcleaner and deleted the toolbars and stuff off my computer and let adwcleaner reboot my computer then the log came back up but I made a mistake I looked at the long and closed it by accident without saving it first so I did another search and saved the file for you to look at sorry for the goof up.  I was wondering when adwcleaner produced the log the first time and I pushed the x to close the long the first time I noticed that adwcleaner was still open waiting for an action how many times does adwcleaner have to reboot my computer to clean out the toolbars and stuff off of my computer.
here is the log

ps: let me now if you want me to do anything else Essexboy


Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
Re: Found one Trojan horse on Windows 7 computer
« Reply #59 on: November 16, 2012, 08:31:37 AM »
You are now good to go as far as attaching that log.  Now we wait for essexboy to come around and have a look-see...
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801