| Other > Viruses and worms |
| Problem with win32:trojan |
| (1/3) > >> |
| bowrez:
My laptop has been very slow of late, especially when bringing up Firefox. I scheduled a boot scan with Avast and it returned a Win32:Trojan. Could someone please take a look at my HijackThis and provide some advise. Any help would be much appreciated. - Thanks |
| polonus:
Hi bowrez, With HJT fix this: O4 - HKCU\..\Run: [dll] rundll32 dll32,sm MBAM, download from here: http://www.malwarebytes.org/mbam-download.php After a scan on reboot it will probably delete the following if HJT not already fixed it: Memory modules infected: C:\WINDOWS\system32\dll32.dll (Backdoor.Bot.Q) -> Delete on reboot. You apparently do not have an active software firewall there running, so you are more vulnerable online, polonus |
| DavidR:
You don't appear to have an active firewall - It should be capable of blocking unauthorised outbound Internet Connections. - What is your firewall ? FIX: O4 - HKCU\..\Run: [dll] rundll32 dll32,sm First find the dll32.sm and check it out, see below Other than that I don't see anything obvious. #### Check the suspect file/s at: VirusTotal - Multi engine on-line virus scanner and report the findings here in the topic, the URL in the Address bar of the VT results page. Send the sample to virus@avast.com zipped and password protected with the password in email body, a reference to this topic (give URL) and undetected malware in the subject. Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that. Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done. Run HJT again (close any other windows except HJT), tick the box to the left of the suspect entry you wish to fix, click the Fix Selected Button. #### |
| polonus:
Hi bowrez, @bowrez - Twice more or less the same advice, must be convincing. @DavidR - you have some more postings to go to outscore poor old Tech, but he is still has some more, polonus |
| bowrez:
First off, Thanks for your help as I am rather inept with these issues. 1.) I fixed the issue (O4 - HKCU\..\Run: [dll] rundll32 dll32,sm) with HJT as suggested by polonus. I did this prior to seeing DavidR's post, my apologies. 2.) Ran MBAM but only fixed first sections as allowed by free trial version. There were additional problems reported by this program that were not fixed by the scan. I am not sure if this will correct my issues or if I will need to purchase full version, please advise. 3.) Currently performing boot scan with avast, I will post anything additional. Polonus: what do I need to do to for your suggestion (i.e. where would I find this or using which program) "Memory modules infected:C:\WINDOWS\system32\dll32.dll (Backdoor.Bot.Q) -> Delete on reboot" In response to DavidR's question: I have just the Windows XP firewall turned on, if there is a free or inexpensive version that you could suggest I would appreciate it. Again thank you for your help and I apologize for my ineptitude. |
| Navigation |
| Message Index |
| Next page |