I have Win Xp, All Service Packs are installed. All
updates are installed.
Names of Trojans:
Muldrop
Stpage
Win32.trojan/dialer
Dloader
Trojan.tdsserv
Win32.fasec
Win32.Trojan.gen
I turned off Systen Restore and rebooted. The
trojans were still there. I restored the computer to
factory settings, the trojans are still there.
Once a progam finds the trojans it will not find
them a second time.
All temp file have been deleted many times.
I used several online scanners.
Panda wanted money to get rid of the trojans.
Trend Micro won't load.
KAV wants one files, I can't give it a System
Volume File.
RAV says I'm forbidden to use the page.
Jotti wants a file.
Virus total wants a file.
The trojans don't show on HJT:
Logfile of HijackThis v1.99.1
Scan saved at 4:08:43 PM, on 3/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3
(6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil
Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.5072
7\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: DriveLetterAccess -
{5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} -
C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp]
stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray]
C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers]
C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray]
C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dldtmon.exe] "C:\Program
Files\Dell V305\dldtmon.exe"
O4 - HKLM\..\Run: [dldtamon] "C:\Program
Files\Dell V305\dldtamon.exe"
O4 - HKLM\..\Run: [dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk =
C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O9 - Extra button: (no name) -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
(no file)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O16 - DPF:
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}
(ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O20 - Winlogon Notify: dimsntfy -
%SystemRoot%\System32\dimsntfy.dll (file
missing)
O20 - Winlogon Notify: igfxcui -
C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: avast! iAVS4 Control Service
(aswUpdSv) - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software -
C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown
owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file
missing)
O23 - Service: avast! Web Scanner - Unknown
owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file
missing)
O23 - Service: dldtCATSCustConnectService -
Unknown owner -
C:\WINDOWS\System32\spool\DRIVERS\W32X86\
3\\dldtserv.exe
O23 - Service: dldt_device - -
C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: Java Quick Starter
(JavaQuickStarterService) - Unknown owner -
C:\Program Files\Java\jre6\bin\jqs.exe" -service
-config "C:\Program
Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
-------------------------------------------------------
I unplugged the phone line, I have dsl.
In Services I turned off all Remote Access and
Remote Call functions. My computer still has times
when it makes loud clicking noises like a time
bomb, this can last for hours if I don't unplug my
computer.
Clrav didn't find anything.
eScan: Error Detected!!! You will need to buy
Escan or this toll in order to eliminate this error
from your system. Click on BUY THIS PRODUCT
button to go to our online store...
---------------------------------
Fujack.trojan was found.
I deleted autorun.inf per instructions from:
http://www.viruslist.com/en/viruses/encyclopedia?virusid=148435
I didn't delete the setup.exe files
-----------------------
Scanspyware didn't find anything
(did I tell you I am so tired of this/these worms?)
---------------------------------
SpywareDoctor found Trojan.Agent.B!ct