Is it safe to delete this Trjn?!

[zkaterboy]

i ran i schedule boot time scan for an hour ago, and Avast! found an Trojano-522[trj] in the folder G:\windows\system32\06wu29rd.exe

(G:\ is my local hdd.. C:\ i have another OS on..  )

the question is: is it safe to delete that file?! i know i can do nothing but to delete trojans(or move/rename) so my guess is, that im in really big trouble..  

waiting for expert help  

[Eddy]

That file is part of the "ABetterInternet" adware. Also known as VX2, Binet, VX2.ABetterInternet, StopPop, stop-popup-ads-now.com, My PanicButton

Removing that file will not completely removed the infection. You also have to remove things from the registry and perhaps even more. leas post a HijackThis log here and let us have a look at it.

[zkaterboy]

Allrighty then.. i´ll just download HijackThis and then u can have the log... thx for your interest in helping me  

[zkaterboy]

Here it is then:

[Eddy]

Have a look HERE and fix everything that is marked as nasty. Than create a new log and let us again have a look. And please use the latest version of HijackThis 1.98.2 since 1.98.0 has some issues. You can get it from HERE

[zkaterboy]

Have a look HERE and fix everything that is marked as nasty.

FIX.. what do you mean by fix?! Delete?! please define FIX...

and the file that is infected, can i delete that or what did you say?

thx for the support.. you are gr8!  

[Eddy]

I mean "fix" cause that is what it is called in HijackThis.

[zkaterboy]

OKay then.. one more question: Fix(repeating myself eeh? ) what do you mean by FIXXXXXXXX... how do i FIXXX a file..  

[zkaterboy]

yes. i am a newbie..   and i just found out what you meant.. sorry..  

[Eddy]

Run HijackThis, put a checkmark in front of the things reported on the site I gave as being nasty, then click on "fix checked", rbeoot after doing so.

Then create new log with HijackThis and post it.

[zkaterboy]

yup.. i did what i was told. SIR..  

well.. it seems like this little fellow:

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

(and yes, it is copied from the txt file, it is listed 5 times  
those files just wont disappear, i´ve tried several times, to "fix" them, but they wont get away.. so, here is the log..:

[Eddy]

Those things are Winsock hijackers, that can be fixed with LSPFix.

[zkaterboy]

Yeah... lets download that for windows XP... Ooh no.. somthing appeared.. its a box that is telling me:

File Requested does not exist, download aborted.
URL: http://Http://members.shaw.ca/techch/winsockXPfix.exe

and i dont think i repair utility for windows 95/98/WME would fit XP right..

the link doesnt work..   sp what do i do?!

[Eddy]

I don't know how you got to that URL, but that is not the one I gave you to get lspfix. http://www.cexx.org/lspfix.zip is the one you need. The correct link is at about 1/3 from the top of that page on the left site.

[zkaterboy]

the signature you have, i pressed it and pressed a link to lspFix and i got into that site and just pressed: "LspFix for XP". i dont know how i got that URL too, but thanks for the correct link. i have an internet download speed tester that tells me that all the FTP sources with LspFix on cexx.org are "almost dead"(running 1kb/s or so) hehe.. so its gonna take a while..