trojans galore

[sasysusie]

ok first things first i am attaching the DSS main log and hpefully it is all in one piece this time!

[sasysusie]

I uploaded the file C:\Documents and Settings\Julia\Application Data\Microsoft\Windows\igktljs.exe to Virus Total and I really didn't get much of a result it gave me a choose file window in the top line it said Windows in the box below that it said themes and in the File name it said igktljs.exe and under file types it said all files when i click open it says igktljs.exe File not found

[sasysusie]

I very duh today even more so than normal i think.. amazing anyone would actaully ask me to help them solve this problemon their computer isn't it!  Anyway I finally relized i need to send the file which i did and the results were
0 bytes size received/ Se ha recibido un archivo vacio
Thanks
me

[sasysusie]

I did the hijack list you had me do  then i went to the next step of the combofix but incountered a problem there.. when i doubled clicked combo fix the bax came up when i clicked run i got the following message
C:\documents abd Settings\Julia\desktop\combofix.exe is not a valid Win32 application.
What should i do now?
thanks
susie

[oldman]

Boot into safe mode and try to run combofix from there.

[sasysusie]

here is the combo fix log and new hijac this log ill try to attach them!
Thank you
Susie

[oldman]

Submit these to www.virustotal

C:\Program Files\Common Files\dyt.txt
C:\WINDOWS\system32\4B6C98AF0D.sys


I can't seem to find an active firewall. When you uninstalled trend micro antivirus, did you uninstall the entire suite? If that's the case, then you best get one on that computer. Since you are a comodo pro now, that may be your best choice. If the Trend micro firewall is still installed and running, that will work too.

[sasysusie]

File dyt.txt received on 12.29.2007 06:13:03 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.12.29.10 2007.12.29 -
AntiVir 7.6.0.46 2007.12.28 -
Authentium 4.93.8 2007.12.29 -
Avast 4.7.1098.0 2007.12.28 -
AVG 7.5.0.516 2007.12.28 -
BitDefender 7.2 2007.12.29 -
CAT-QuickHeal 9.00 2007.12.29 -
ClamAV 0.91.2 2007.12.28 -
DrWeb 4.44.0.09170 2007.12.28 -
eSafe 7.0.15.0 2007.12.27 -
eTrust-Vet 31.3.5410 2007.12.29 -
Ewido 4.0 2007.12.28 -
FileAdvisor 1 2007.12.29 -
Fortinet 3.14.0.0 2007.12.29 -
F-Prot 4.4.2.54 2007.12.28 -
F-Secure 6.70.13030.0 2007.12.28 -
Ikarus T3.1.1.15 2007.12.29 -
Kaspersky 7.0.0.125 2007.12.29 -
McAfee 5195 2007.12.28 -
Microsoft 1.3109 2007.12.29 -
NOD32v2 2754 2007.12.28 -
Norman 5.80.02 2007.12.28 -
Panda 9.0.0.4 2007.12.28 -
Rising 20.24.50.00 2007.12.29 -
Sophos 4.24.0 2007.12.29 -
Sunbelt 2.2.907.0 2007.12.28 -
Symantec 10 2007.12.29 -
TheHacker 6.2.9.174 2007.12.28 -
VBA32 3.12.2.5 2007.12.26 -
VirusBuster 4.3.26:9 2007.12.28 -
Webwasher-Gateway 6.6.2 2007.12.28 -
 
Additional information
File size: 68 bytes
MD5: ba5b969307bbdebd400779a1eb4a35e8
SHA1: bc7e0360666700e9efeaadba88ad55c51506b353
PEiD: -

[sasysusie]

File 4B6C98AF0D.sys received on 12.29.2007 06:27:42 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.12.29.10 2007.12.29 -
AntiVir 7.6.0.46 2007.12.28 -
Authentium 4.93.8 2007.12.29 -
Avast 4.7.1098.0 2007.12.28 -
AVG 7.5.0.516 2007.12.28 -
BitDefender 7.2 2007.12.29 -
CAT-QuickHeal 9.00 2007.12.29 -
ClamAV 0.91.2 2007.12.28 -
DrWeb 4.44.0.09170 2007.12.28 -
eSafe 7.0.15.0 2007.12.27 -
eTrust-Vet 31.3.5410 2007.12.29 -
Ewido 4.0 2007.12.28 -
FileAdvisor 1 2007.12.29 -
Fortinet 3.14.0.0 2007.12.29 -
F-Prot 4.4.2.54 2007.12.28 -
F-Secure 6.70.13030.0 2007.12.28 -
Ikarus T3.1.1.15 2007.12.29 -
Kaspersky 7.0.0.125 2007.12.29 -
McAfee 5195 2007.12.28 -
Microsoft 1.3109 2007.12.29 -
NOD32v2 2754 2007.12.28 -
Norman 5.80.02 2007.12.28 -
Panda 9.0.0.4 2007.12.28 -
Prevx1 V2 2007.12.29 -
Rising 20.24.50.00 2007.12.29 -
Sophos 4.24.0 2007.12.29 -
Sunbelt 2.2.907.0 2007.12.28 -
Symantec 10 2007.12.29 -
TheHacker 6.2.9.174 2007.12.28 -
VBA32 3.12.2.5 2007.12.26 -
VirusBuster 4.3.26:9 2007.12.28 -
Webwasher-Gateway 6.6.2 2007.12.28 -
 
Additional information
File size: 104 bytes
MD5: 22a5be6a4be26e00e373ccacf778f14b
SHA1: 01f310ca1f842c182ba7692cc30e97e9b42617bd
PEiD: -

[oldman]

Looks good. How's the laptop running now?

Now do you have a firewall installed on that machine???

[sasysusie]

yes I do now, I added Comodo.  You mean thats it.. you think the laptop is all clean now... that was just tooo easy!
Thanks Susie

[sasysusie]

I forgot to mention.. during a couple of the scas you had me run.. one i know was the DSS scan i for  Trojan was found alert from avast right durng the scan itself.. I oved them the chest when i got the alert.. makes  think there s somethng still there somewhere. But other wise it sees to be running prtty good!
Thanks
Sasy

[oldman]

Well, let's take a deeper look

Pay particular attention to notepad's format as given in the instructions.




Download WinPFind3u.exe  to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Close ALL OTHER PROGRAMS.
  
• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  
• Under Additional Scans click the checkboxes in front of the following items to select them:
  
  NOTE: no additional scan required at this time
  

• Now click the Run Scan button on the toolbar.
  
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  

This log will be quite long.  You can either use multiple post or attach the log file if its easier.  In either case make sure the last line is < End of Report >.

Just set it like in the image in the picture in this link, except change the two dates from 30 days to 90 days


http://forum.avast.com/index.php?topic=31261.msg260811#msg260811

click the pic to enlarge

[sasysusie]

Here i go with the dumb questions again sorry.... Im trying here!
When you sasy CLOSE ALL OTHER PROGRAMS does that mean i need to turn off Avast while this is running as well.. I don't have it open but it is down on the bottom tool bar  if that makes any sense to you. Ill wait for a response on that before i go on.
Thank you
Susie

[oldman]

No, just make sure all windows/browsers are closed.