corrupted archive files? trojan?

[mythrainbow]

I just recently had some stranges signs of spyware, explorer.exe flashing in and out, websites connecting by themselves in IE. 

Naturally I ran scans from a few different programs, Spyware S&D, Ad-Aware 2007, (I am downloading AVG now).  And I checked the applications list on the sygate firewall.

I also ran a boot-time scan, and enabled the scanning of archives, I wasn't sure exactly what that meant but I wanted to scan everything.  I left the computer as it booted up and scanned, I came back to "error" corrupted archive file, and it listed files from programs like the H&R block Taxes program and a few other harmless ones. It didn't give me any options and avast doesn't seem to pick up anything (I am thorough scanning right now). Unfortunately I didn't get to right down the error number.

Ad-aware has detected a Win32.dialer.trojan but can't seem to do anything about it as it comes up everytime I scan.

I was going to do a Panda scan but avast kept detecting it when installing the active X and I'd rather not turn avast off just to use Panda.

I've got my runner log and my Hijack log, and AVG is running now so I will see what it finds.  I tried running combofix, but Avast found a trojan in it so it stopped and had Avast delete it. I will update Ad-aware and see if that helps.  Things are already getting better, IE no longer goes to websites by itself, and explorer.exe flashes much less frequently but still does.

[CharleyO]

***

Welcome to the forums, mythrainbow.   

This trojan, Win32.dialer, is listed in SpyBot-S&D database.

Are you sure your version of Spybot is up to date?

Also, have you checked to make sure this has not been excluded (check marked) from scanning by Spybot?

 


***

[skysecret]

A  suggestion

Run AVG anti-spyware in system safe mode after update.

In my opinion, avast does not suit to delete spyware,althought it can detect trojan.

[Lisandro]

I would suggest:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

7. After you're clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.