Author Topic: Help! Win32: Trojan gen {other} repeatedly attacks computer.  (Read 48435 times)

0 Members and 1 Guest are viewing this topic.

Katm

  • Guest
I am repeatedly getting warnings of trojans being found (usually get the message as i start up pc) I think its affecting performance of my PC and ive been moving them to the chest on each warning but obviously would really like to stop this in the first place.

Malware found is Win32: Trojan gen {other}

C:\WINDOWS\st_1241525733.exe
C:\Documents and settings\owner\local settings\temporary internet files\content\IE5\0GLIXPUJ\6244[1].exe

usually get both in 2 consecutive warnings and usually when my computer is starting up.

Im afraid im not terribly clued in with computers so please bare with me.

Hijack this log coming right up...

Katm

  • Guest
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #1 on: May 05, 2009, 02:44:32 PM »
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\ld08.exe
C:\windows\pp06.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Curse\CurseClient.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SYS32DLL.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

Katm

  • Guest
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #2 on: May 05, 2009, 02:45:12 PM »
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.skybroadband.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,C:\WINDOWS\system32\userinit32.exe,
O1 - Hosts: 82.146.46.170 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 www.myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 online.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 www.online.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 online-business.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 www.online-business.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 online-offshore.lloydstsb.com
O1 - Hosts: 82.146.46.170 www.online-offshore.lloydstsb.com
O1 - Hosts: 82.146.46.170 abbeyinternational.com
O1 - Hosts: 82.146.46.170 www.abbeyinternational.com
O1 - Hosts: 82.146.46.170 ibank.cahoot.com
O1 - Hosts: 82.146.46.170 www.ibank.cahoot.com
O1 - Hosts: 82.146.46.170 home.ybonline.co.uk
O1 - Hosts: 82.146.46.170 www.home.ybonline.co.uk
O1 - Hosts: 82.146.46.170 home.cbonline.co.uk
O1 - Hosts: 82.146.46.170 www.home.cbonline.co.uk
O1 - Hosts: 82.146.46.170 mybank.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 www.mybank.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 mybusinessbank.co.uk
O1 - Hosts: 82.146.46.170 www.mybusinessbank.co.uk
O1 - Hosts: 82.146.46.170 mybankoffshore.alil.co.im
O1 - Hosts: 82.146.46.170 www.mybankoffshore.alil.co.im
O1 - Hosts: 82.146.46.170 ibank.internationalbanking.barclays.com
O1 - Hosts: 82.146.46.170 www.ibank.internationalbanking.barclays.com
O1 - Hosts: 82.146.46.170 welcome27.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 www.welcome27.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 welcome23.smile.co.uk
O1 - Hosts: 82.146.46.170 www.welcome23.smile.co.uk
O1 - Hosts: 82.146.46.170 egg.com
O1 - Hosts: 82.146.46.170 www.egg.com
O1 - Hosts: 82.146.46.170 new.egg.com
O1 - Hosts: 82.146.46.170 www.new.egg.com
O1 - Hosts: 82.146.46.170 moneybookers.com
O1 - Hosts: 82.146.46.170 www.moneybookers.com
O1 - Hosts: 82.146.46.170 inscape.com
O1 - Hosts: 82.146.46.170 www.inscape.com
O1 - Hosts: 82.146.46.170 bankcardservices.co.uk
O1 - Hosts: 82.146.46.170 www.bankcardservices.co.uk
O1 - Hosts: 82.146.46.170 alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 www.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 cahoot.com
O1 - Hosts: 82.146.46.170 www.cahoot.com
O1 - Hosts: 82.146.46.170 icicibank.co.uk
O1 - Hosts: 82.146.46.170 www.icicibank.co.uk
O1 - Hosts: 82.146.46.170 natwest.com
O1 - Hosts: 82.146.46.170 www.natwest.com
O1 - Hosts: 82.146.46.170 nwolb.com
O1 - Hosts: 82.146.46.170 www.nwolb.com
O1 - Hosts: 82.146.46.170 mbna.co.uk
O1 - Hosts: 82.146.46.170 www.mbna.co.uk
O1 - Hosts: 82.146.46.170 businesscreditcardsonline.co.uk
O1 - Hosts: 82.146.46.170 www.businesscreditcardsonline.co.uk
O1 - Hosts: 82.146.46.170 capitaloneonline.co.uk
O1 - Hosts: 82.146.46.170 www.capitaloneonline.co.uk
O1 - Hosts: 82.146.46.170 welcome26.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 www.welcome26.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 welcome22.smile.co.uk
O1 - Hosts: 82.146.46.170 www.welcome22.smile.co.uk
O1 - Hosts: 82.146.46.170 service.citicards.co.uk
O1 - Hosts: 82.146.46.170 www.service.citicards.co.uk
O1 - Hosts: 82.146.46.170 citibank.co.uk
O1 - Hosts: 82.146.46.170 www.citibank.co.uk
O1 - Hosts: 82.146.46.170 scotwest.co.uk
O1 - Hosts: 82.146.46.170 www.scotwest.co.uk
O1 - Hosts: 82.146.46.170 secure.scotwest.co.uk
O1 - Hosts: 82.146.46.170 www.secure.scotwest.co.uk
O1 - Hosts: 82.146.46.170 partnerandaffinitycards.co.uk
O1 - Hosts: 82.146.46.170 www.partnerandaffinitycards.co.uk
O1 - Hosts: 82.146.46.170 esavingsaccount.co.uk
O1 - Hosts: 82.146.46.170 www.esavingsaccount.co.uk
O1 - Hosts: 82.146.46.170 firstdirect.com
O1 - Hosts: 82.146.46.170 www.firstdirect.com

Katm

  • Guest
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #3 on: May 05, 2009, 02:45:59 PM »
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brastia] C:\WINDOWS\system32\brastia.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sysLDtray] C:\windows\ld08.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp06.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [brastia] C:\WINDOWS\system32\brastia.exe
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE

Katm

  • Guest
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #4 on: May 05, 2009, 02:49:12 PM »
And now to make matters worse, if im browsing the internet via google, if i press the back button, it does not go back to the google page..but redirects me to this site

http://www.pieceofcakesearch.com/search?q=html%20help%20making%20a%20scroll%20box
http://www.easyfastfind.com

or http://www.pctools.com via a redir.php - all of which i have never visited before...

Im also now getting popup warnings of malicious sites.

Im worried its something my boyfriend has installed through downloading the applications for various betting sites. could kill him!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #5 on: May 05, 2009, 02:50:51 PM »
I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. (skip... already done) Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

I also suggest you clean your HOSTS file using HostsMan to replace your own Hosts file.
The best things in life are free.

Katm

  • Guest
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #6 on: May 05, 2009, 02:51:12 PM »
And one final thing ive noticed...all those banks in my log! I dont bank with any of those sites, nor does my boyfriend..to my knowledge ive never used any of those websites before in my life...

really concerned something sinister is afoot...  :-\

Katm

  • Guest
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #7 on: May 05, 2009, 02:55:23 PM »
Thanks so much.... ill get on to that immediately and get back with any findings...

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #8 on: May 05, 2009, 02:58:06 PM »
And one final thing ive noticed...all those banks in my log! I dont bank with any of those sites, nor does my boyfriend..to my knowledge ive never used any of those websites before in my life...

really concerned something sinister is afoot...  :-\
I suggest http://www.abelhadigital.com/2007/06/hostsman-3040-released.html
The best things in life are free.

YoKenny

  • Guest
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #9 on: May 05, 2009, 02:58:43 PM »
Katm, you did not post the top of the HijackThis log so please post a complete log after you have done the recovery.

By the way, Windows Defender monitors the HOSTS file in real time and alerts right away if it is modified:
http://www.microsoft.com/windows/products/winfamily/defender/default.mspx

I update Windows Defender daily by the use of its portal:
http://www.microsoft.com/security/portal
« Last Edit: May 05, 2009, 03:02:46 PM by YoKenny »

Katm

  • Guest
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #10 on: May 05, 2009, 03:01:35 PM »
Ok so ive just scanned with DrWeb and it found the virus

pp06.exe  - Win32.HLLW.Facebook.61 i selected to cure it.

micky77

  • Guest
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #11 on: May 05, 2009, 06:03:39 PM »
ive just scanned with DrWeb and it found the virus

Only the one  ;D

This is one of the worst logs I,ve seen for a while. I'm not telling you to fix any entries, just pointing out a few things.
All the 01 host entries are bad,

C:\windows\pp06.exe ( removed )  http://www.prevx.com/filenames/2775659298005311240-X1/PP06.EXE.html

C:\windows\ld08.exe  http://www.prevx.com/filenames/2483703353894347123-X1/LD08.EXE.html

C:\WINDOWS\system32\SYS32DLL.exe  http://www.bleepingcomputer.com/startups/sys32dll.exe-7580.html

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,C:\WINDO WS\system32\userinit32.exe,   http://www.bleepingcomputer.com/startups/twext.exe-23983.html

C:\WINDOWS\system32\brastia.exe  http://www.prevx.com/filenames/1775153101563708332-X1/BRASTIA.EXE.html

There are other bad entries, I think this one is responsible for your redirections R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171

If this was my pc I would wipe it clean and reinstall windows

Katm

  • Guest
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #12 on: May 05, 2009, 07:28:50 PM »
that bad is it... :(

brastia i noticed too which i googled and found it to be malicious... how come the others arent picked up in a scan? So far ive run DrWeb and its found two viruses...both the facebook ones..both i have selected to cure.

Ive also run a scan with Superantispyware and it has found 9 Adaware so far and 1 Trojan.Dropper/Win-NV

Windows defender didnt pull up anything.

Im a little unsure what to do wth Hostsman as its now found 72 bad or suspicious hosts..what do i do there now? Delete them?

Im half a mind to wipe and start again but unfortunately i have so much data on this machine and nowhere to store it :-S plus i dont want to backup some files if they are still infected so they will get transferred back when i restart fresh.


« Last Edit: May 05, 2009, 07:32:35 PM by Katm »

Katm

  • Guest
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #13 on: May 05, 2009, 08:01:14 PM »
how do i stop this one?

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171

Katm

  • Guest
Re: Help! Win32: Trojan gen {other} repeatedly attacks computer.
« Reply #14 on: May 05, 2009, 09:46:15 PM »
Thanks to all so far for the advice and links, really apprechiate your time and knowledge

Ok .....ive done steps 1-4 just run an avast anti-root kit scan and found no other malware/suspicious content.

It should be noted that prior to getting online after system reboot my proxy server was refusing to connect me online...i noticed that the proxy open was set as localhost 7171 (is this the same place i seem to be getting HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 from?)

I have set it to auto detect for now and i have gained connection back...is there anything else i can do with regards to this or is auto-setting it ok?

New HiJackthis scan coming right up....