Author Topic: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!  (Read 8448 times)

0 Members and 1 Guest are viewing this topic.

Deltaboy

  • Guest
A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« on: January 06, 2008, 01:51:11 AM »
I have this annoying program that wont go away no matter what!! I have followed the instructions with combox so far but i jst need to send the information. Would someone pleeeeease help me as the Trj seems to be making it easier for other viruses to attack my computer!! :'( I have the log file ready to send! Pls reply.

galooma

  • Guest
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #1 on: January 06, 2008, 06:06:41 AM »
I think the first step has to be you attaching or including the log file (HJT) in your next post.

There are many others with the same infection lately .You may well find the fixes are fairly common as well

Deltaboy

  • Guest
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #2 on: January 06, 2008, 02:24:49 PM »
Now i don't know whether it was divine intervention but after i ran combox then avast before and after system startup, it seemed to have finally managed to delete the file with the Trj in it. Just in case it is playing possom, to be sure, i've attached the log file for you to see.

P.S. The Trj was in the file: C:\WINDOWS\system32\dfrgre.dll

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33973
  • malware fighter
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #3 on: January 06, 2008, 02:29:40 PM »
Hi Deltaboy,

You are a fast learning adept, fixing this problem yourself on general instructions. Come and join us here, you have the talent for it. Just post a hijackthis logfile to see your comp is really 100% clean. Welcome to our forum,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #4 on: January 06, 2008, 02:31:58 PM »
Hi there it appears that most of it has gone - so lets get rid of the remnants

Download WinPFind3u.exe  to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
      Reg - BotCheck

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Attach the log to your next post

Deltaboy

  • Guest
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #5 on: January 06, 2008, 02:49:09 PM »
Thanx  Polonus  ;D  I have not run the (HJT) program yet but i may do so after i run the WinPFind3u.exe program posted by essexboy. I'll post the results immediately after and await further instructions.

Deltaboy

  • Guest
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #6 on: January 06, 2008, 03:07:47 PM »
That was much quicker than i expected.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #7 on: January 06, 2008, 03:20:23 PM »
Found a dialer and a few other bits

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Quote
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> sud.exe -> %SystemRoot%\sud.exe
[Win32 Services - Non-Microsoft Only]
YY -> (SU-DC) SU Daemon (Didier CASSEREAU) [Win32_Own | Auto | Running] -> %SystemRoot%\sud.exe
[Registry - Non-Microsoft Only]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YY -> {315108E4-E3AF-460F-B264-F2ACC9E1ACEB} [HKEY_LOCAL_MACHINE] -> %System32%\Adssite_sidebar.dll [SE Sidebar]
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_05]
[Files/Folders - Created Within 30 days]
YY -> Adssite_sidebar.dll -> %System32%\Adssite_sidebar.dll
[Files/Folders - Modified Within 30 days]
YY -> Adssite_sidebar.dll -> %System32%\Adssite_sidebar.dll
YY -> Adssite_sidebar_uninstall.exe -> %System32%\Adssite_sidebar_uninstall.exe
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a newHijackthis log .

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Deltaboy

  • Guest
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #8 on: January 06, 2008, 03:41:21 PM »
After the fix ran, it prompted a reboot of the computer. The results (i think) which was in a new moved files folder is attached.

I have run a search for hijackthis but obviously it has found nothing since i haven't run that program before.

P.S.The only thing i have noticed is that the computer is running a little smoother :)

Hope it is ok.

Deltaboy

  • Guest
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #9 on: January 06, 2008, 03:51:34 PM »
Mind you...the internet is running a little rough unlike the rest of the computer as far as i can see.

Just thought i'd inform you.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #10 on: January 06, 2008, 03:59:31 PM »
Looks a lot better now - If I could just have a Hijackthis log to confirm

As for speed up you could try this

Prefetch is clickable for more information

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Click start then all programmes, accessories, system tools to run defragmenter

Download, install and run
Tune Up 2007 Trial

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable the anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor



Deltaboy

  • Guest
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #11 on: January 06, 2008, 04:15:57 PM »
I have no idea where to get the (HJT) results.

Could you please reply with a path so i can run the scan?

P.S. I already ran TuneUp Utilities straight after avast destroyed system32 bho-kd [trj]. I also ran Ad-Aware 2007 (as a little pre-emptive strike always before running avast) and also Spybot Search & Destroy which must have helped.

I will run TuneUp again once the hijack results are acquired.
« Last Edit: January 06, 2008, 04:26:03 PM by Deltaboy »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #12 on: January 06, 2008, 05:57:54 PM »
Here you go

  • Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.



Deltaboy

  • Guest
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #13 on: January 06, 2008, 09:15:41 PM »
Here is the Hijackthis logfile attached as requested.

Thanx a million for your assistance ;)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: A WIN32 BHO-KD [Trj] PROBLEM!!! Pleeeeeeeease help!!
« Reply #14 on: January 07, 2008, 12:53:23 AM »
Now the best part of the day ----- Your log now appears clean  :thumbsup:

You may now delete all the tools


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe  :wave: