trojano attack-- cant remove

[polonus]

Hi Storzek,

This is what I found: http://forum.clubedohardware.com.br/index.php?showtopic=291574. Wait for Tech's translation and explanation.

greets,

polonus

[Spiritsongs]

  Give the good and FREE anti-trojan "Ewido", available at
    www.ewido.net/en a try .

[Lisandro]

This is what I found: http://forum.clubedohardware.com.br/index.php?showtopic=291574. Wait for Tech's translation and explanation.

Polonus, there isn't any other great deal there then running HijackThis (http://216.180.233.162/~merijn/files/HijackThis.exe), run and clean.
Besides, the user recommends scanning after booting in Safe Mode (pressing F8 while booting) and the use of CCleaner (http://www.filehippo.com/download_ccleaner.html) and on-line scanning with BitDefender (http://www.bitdefender.com/scan8/ie.html).
Nothing that different than any other cleaning and removal procedure we can see here.

[DavidR]

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
OR HiJackThis Log file - On-line Analysis 2

[Storzek]

After 5 scans width avast , avast delete svchosts.dll and now is ok. I just nead to found were can I plagout popup windows.....

I found in Internet options -> Programs -> "manage adds" (or samthingh like thet (I have slovenian language instaled on W XP). There was edd HomePageBHO dat. mshtml.dll wich replace home page to sequriti center. I desable it and this is now OK.

Best regards from Slovenia

[DavidR]

Welcome to the forums.

[Storzek]

Oh SHIT !!!

Baluns width System Alart : Adwere and Spaywere was here again I think I beet them, SHITT...

Best regards from Slovenia

Have enybody Idea for this?

[Storzek]

Hi Storzek,

This is what I found: http://forum.clubedohardware.com.br/index.php?showtopic=291574. Wait for Tech's translation and explanation.

greets,

polonus

I do not speak espaniol language!!!

[DavidR]

Try using HiJackThis as I mentioned in a previous post (you can post the contents here, see the tutorial links also) something has to be running in order for it to keep coming back or you are visiting the same sites and getting reinfected.

[Storzek]

Ok I'll try HiJackThis I we will see.

I thont check sides, becouse I was only on avast sites,...so this is all time on my competuter,,, oh...THENKS!!!

[Storzek]

I think this is problem:
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hpFBF8.tmp

Bat I delete this in safe mode width HiJackThis and after reboot it is here again...

I do not know what to do...

Best regards from Boštjan - Slovenia

[Lisandro]

I do not speak espaniol language!!!

It's not spanish but Brazilian Portuguese.
Anyway, I've tried to translate the most important parts... Did you read what I've posted or it was useless...?

[Spiritsongs]

   Sounds like you have SPYWARE on your computer, not a
      virus; best to ask the Experts on the forums of your
      antiSPYWARE provider or www.geekstogo.com .

[Storzek]

Hello!

Jes it is adwere no virus..

I know thet is not eanglish or doutch so I do not speak this languageand I think thet is espanian, Sorry ...

Yes I try HijackThis, ccleaner, a'll now try scan8. To this time are nothing....

Ad-Aware ES do not recognise this .... UH....

Best regards from Slovenia

[FreewheelinFrank]

HomepageBHO

A variant of SmitFraud or PSGuard:

http://castlecops.com/tk23849-HomepageBHO.html

There is a removal tool for SmitFraud:

http://noahdfear.geekstogo.com/

PSGuard uses a rootkit to protect the registry key:

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094829

If this is what you have, that could be why you can't delete it.

Again, Noahdfear's tool should remove it.

Good luck!