help...me...

[Friedrich]

 Every day when I log in on net I m attacked by virus Trojano 302 (trj).
Well Avast detect it and i always put him in the chest an delet him,but he always reappear when i m on the net.It is happening last few days....Even now when i m writening this message avast is working and detecting that virus in various files.
And when i m not on the net i scan my system and avast find nothing.
I m very confused and i dont know what to do.
I would like if someone can tell me how can i remove him without .....that unpopular format C:
Best wishes to u all.........

[inthewildteam]

Welcome to the forums,

Some more detail about o.s
path to the file etc would be helpfull.

as a first course, have you tried AdAware S.E. and Spybot on your system as this might be caused by installing some software such as WeatherBug

Do a search to see if any of these files are on your system

C:\WINDOWS\system32\addwj32.exe
C:\WINDOWS\system32\iexw32.exe
C:\WINDOWS\system32\mfcde32.exe
C:\WINDOWS\winbl32.exe
C:\WINDOWS\System32\bbbfr.exe

[Eddy]

Click on the link in my signature, follow the steps on that page to clean and protect your system properly.

[Friedrich]

its very aggressive.............its open portals to porno sites and my comp
opens unknown number of Expl.
I have windows XP.......help.............

[Eddy]

Have you already done as I suggested?

[Friedrich]

I have pic up shredder ...it found nothin but i m still attacked.......i remove with ad -aware some possible hijack,but it always appear when i m on the net.
here some files from chest:
C\windows\appde32.exe
c\doc. and sett\in secure class loader
c\windows\netul.exe
c\windows\ntjh32.exe
c\windows\system32\sdkgq32.exe

and they are different all the yimes

[Friedrich]

how to disable system restore?
you mean to read that black letters......
where can i find firewall?

[Eddy]

Get and use at least the applications I mention in the first table on that page.

You can find links to everything you need (applications) on that page, as well as links to information like "how to disable system restore"

- Read the entire page.
- Follow the directions given there.

Take your time. Better slow and spend some time on it now, than later feeling sorry.

[GF]

its very aggressive.............its open portals to porno sites and my comp
opens unknown number of Expl.
I have windows XP.......help.............

I had an identical problem a couple months ago.  It was caused by a dirty mcc.exe process and was not picked up by any AV or anti spyware at the time.  Check in task manager to see if you have this process running, but don't kill or delete it yet because it can be legit.  Don't want advertise for them but if you give me a hint of the sites it's opening I can confirm if it's the same problem I had.

[Eddy]

GF, if it is as you suspect, HijackThis will pick it up and be able to deal with it.

[Friedrich]

Well.tahnx Edddie....but I think after all day battle with that virus i think i m losing my pation to do   format C:
I do everything what you say on your site...and ....nothing helps because i have problem with that "process".

First I shout down at system restore monitoring.That was good.

Then I went to safe mode and try with Avast to find virus...and i found it.
Now ..........i couldnt delet it because it was in the that fil was in use by another process.......Tha i remember that u said to turn of in task manager process.....Now that is problem.....wich one??
I try to switch off all process......and normally i shout down comp.


Now i have new window till i write this.....wait a second......listen

C:\windows\system32apiip.exe                     file name
                                                                 
                                                              executable file viruses
avast! will try to repair the file according to teh Virus Recovery Database.Files with no database record cannot be repaired.

                                             Repair               Cancel

What should i do???  I will do repair....and lifes go on

Cannot be repaired....  
Now i have that window with alarm.....cannot delete cannot move to chest   cannot repair
I m lost

[whocares]

Hi,
please post the HIJACKTHIS-Logfile here, and we'll try and help you...
 
If you can't find the link: http://hjt.klaffke.de/en
 

[Eddy]

Yup, post the HJT log here. Don't worry, we will get you through this.

Remember, the easy way (format, clean install of everything) isn't the best way. If you learn how to handle a thing like this, you will have learned and may benefit from it later

[inthewildteam]

Perhaps getting the programmes Eddy suggests downloaded first and printing out the page of suggestions, then physically removing your internet connection, by unplugging the cable so your machine is not connected during the clean up process might help?

[lhearn]

exactly the same problem with trojano 302...is there someone who knows how to get rid of this?