Author Topic: Help removing Trojan Horse WIN32:BHO-KD[Trj]  (Read 16127 times)

0 Members and 1 Guest are viewing this topic.

clanos4

  • Guest
Re: Help removing Trojan Horse WIN32:BHO-KD[Trj]
« Reply #30 on: February 19, 2008, 02:58:38 AM »
ran both and here are the log files

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Help removing Trojan Horse WIN32:BHO-KD[Trj]
« Reply #31 on: February 19, 2008, 03:09:21 AM »
Good.






Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled.

Copy and paste all the text in the quote box below into Notepad.

Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post.


Quote
File::
C:\WINDOWS\system32\drivers\flxsgiow.vir
C:\Documents and Settings\Valued Customer\Local Settings\Temp\uckixiza.dat
C:\WINDOWS\system32\camoc.vir

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lcibmaqt]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lcibmaqt]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lcibmaqt]


This will start ComboFix again.Close  all browser/windows first. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

 
note[\b] when doing the combofix fix

A window may open with a warning. Type "1" (and Enter) to start the fix. When the scan completes Notepad will open with with your results log open. Click File,  click Exit and answer 'Yes' to save changes

clanos4

  • Guest
Re: Help removing Trojan Horse WIN32:BHO-KD[Trj]
« Reply #32 on: February 19, 2008, 03:27:52 AM »
ran combofix, here is the logfile

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Help removing Trojan Horse WIN32:BHO-KD[Trj]
« Reply #33 on: February 19, 2008, 03:38:32 AM »
Please submit these files for analysis

To submit a file to virustoal, please click om this link

www.virustotal.com

copy and paste the following into the upload a file box (one at a time if more than one file is listed)

C:\WINDOWS\system32\wininet.dll

scroll down a bit and click "send file", wait for the results and post then in your next reply.

clanos4

  • Guest
Re: Help removing Trojan Horse WIN32:BHO-KD[Trj]
« Reply #34 on: February 19, 2008, 03:50:10 AM »
Here are the results, hopefully you can make sense of this, or I can try and copy and paste to a different format


| Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano |  |  | Magyar | Deutsch | Česky | Polski | Español 
  Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File wininet.dll received on 02.14.2008 21:08:52 (CET)
Current status: finished

Result: 0/32 (0.00%)
 Compact Print results 
Antivirus Version Last Update Result
AhnLab-V3 2008.2.15.10 2008.02.14 -
AntiVir 7.6.0.65 2008.02.14 -
Authentium 4.93.8 2008.02.14 -
Avast 4.7.1098.0 2008.02.14 -
AVG 7.5.0.516 2008.02.14 -
BitDefender 7.2 2008.02.14 -
CAT-QuickHeal None 2008.02.14 -
ClamAV 0.92.1 2008.02.14 -
DrWeb 4.44.0.09170 2008.02.14 -
eSafe 7.0.15.0 2008.02.14 -
eTrust-Vet 31.3.5536 2008.02.14 -
Ewido 4.0 2008.02.14 -
FileAdvisor 1 2008.02.14 -
Fortinet 3.14.0.0 2008.02.14 -
F-Prot 4.4.2.54 2008.02.14 -
F-Secure 6.70.13260.0 2008.02.14 -
Ikarus T3.1.1.20 2008.02.14 -
Kaspersky 7.0.0.125 2008.02.14 -
McAfee 5230 2008.02.14 -
Microsoft 1.3204 2008.02.14 -
NOD32v2 2876 2008.02.14 -
Norman 5.80.02 2008.02.14 -
Panda 9.0.0.4 2008.02.14 -
Prevx1 V2 2008.02.14 -
Rising 20.31.30.00 2008.02.14 -
Sophos 4.26.0 2008.02.14 -
Sunbelt 2.2.907.0 2008.02.14 -
Symantec 10 2008.02.14 -
TheHacker 6.2.9.220 2008.02.14 -
VBA32 3.12.6.1 2008.02.14 -
VirusBuster 4.3.26:9 2008.02.14 -
Webwasher-Gateway 6.6.2 2008.02.14 -
Additional information
File size: 824832 bytes
MD5: 806d274c9a6c3aaea5eae8e4af841e04
SHA1: 5d5b0ffe315aa7a7b841153aaa3405216bf9bbfa
PEiD: -
packers: PE_Patch


 ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

VirusTotal © Hispasec Sistemas -  Blog - Contact: info@virustotal.com

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Help removing Trojan Horse WIN32:BHO-KD[Trj]
« Reply #35 on: February 19, 2008, 03:58:17 AM »
 :)  :)  :)  :) :D  :D  :D   8)  8)  8)  ;D  ;D  ;D



Now the time you have been waiting for. Clean up time.

* Click start button, run, then copy and paste the following line into the box and click ok.

ComboFix /u


* Please download
 OTMoveIt2 by OldTimer.



Open OTMOVEIT2 then click the Clean Up button. You may get prompted by your firewall that OTMoveIt wants to contact the internet -  allow this.  A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.

* Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point , click create

* Remove old restore points

- Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.


* Open an Internet Explorer (only) window and go to http://java.sun.com/javase/downloads/index.jsp > Scroll down to "Java Runtime Environment (JRE) 6 Update 4...allows end-users to run Java applications".

Click the download button on the right.

 > If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content.

 You do not have to install the Java Web Start ActiveX Control


Accept the license agreement > Click on Windows (XP,Vista, .etc) Offline Installation, Multi-language and Save the file jre-6u4-windows-i586-p.exe to your desktop; do not Run it. Do not install it yet.

When the download is complete, Open Control Panel > Add/Remove Programs:

Uninstall anything that says Sun Java, Java JRE, or similar.

Close Add/Remove Programs.

In Windows Explorer, navigate to C:\Program Files\Java <=this folder, if found. Delete any subfolders it may contain.

Do NOT delete C:\Program Files\JavaVM <=this folder, if found!

Reboot your computer.

Double-click on the saved file to install the update.

Delete the downloaded installation file after completing the above procedure  and reboot if not prompted to do so.



* Download and run this clean up utility. You can use it regularly. When it's first run, it is in demo mode to show you what it will remove. Review it and then rerun in real mode. It is configurable.

CleanUp by Steven Gould

http://www.stevengould.org/downloads/cleanup/


* If you are using windows firewall, please note that it doesn't provide outbound protection. A third party firewall will.

A discussion on free firewalls can be found here.

http://forum.avast.com/index.php?topic=30808.0


Thanks for your perseverance and great work on your end.

Take care and keep safe.

clanos4

  • Guest
Re: Help removing Trojan Horse WIN32:BHO-KD[Trj]
« Reply #36 on: February 19, 2008, 04:32:54 AM »
Completed the tasks, no words can express the appreciation for helping me thru this, thanks again for you patience and knowledge to get my daughters laptop back in working order.

Thanks again

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Help removing Trojan Horse WIN32:BHO-KD[Trj]
« Reply #37 on: February 19, 2008, 04:35:05 AM »
You're very welcome.  :D