Jump to content

I need help, rascally trojans...nothing will update


Recommended Posts

I have been fighting this for a few days now and am ready to throw in the towel. My malwarebytes will not update like so many others are having issues with, I have had two anti-viruses crash on me and now it will not allow me to re-install them. It says there is no internet connection just like with malwarebytes. Before my embarq antivirus crashed, it was detecting two trojans, W32.small.bxz and W32/Delf.DRM, but would not remove them. I am at my wits end. Here are my hijackthis logs and driver32 logs. I hope someone can help, at least I know from the posts here I am not alone.

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:45:18 PM, on 5/14/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

Driver 32 logs:

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32

Class Name: <NO CLASS>

Last Write Time: 5/1/2009 - 6:52 PM

Value 0

Name: midimapper

Type: REG_SZ

Data: midimap.dll

Value 1

Name: msacm.imaadpcm

Type: REG_SZ

Data: imaadp32.acm

Value 2

Name: msacm.msadpcm

Type: REG_SZ

Data: msadp32.acm

Value 3

Name: msacm.msg711

Type: REG_SZ

Data: msg711.acm

Value 4

Name: msacm.msgsm610

Type: REG_SZ

Data: msgsm32.acm

Value 5

Name: msacm.trspch

Type: REG_SZ

Data: tssoft32.acm

Value 6

Name: vidc.cvid

Type: REG_SZ

Data: iccvid.dll

Here is the log I get when trying to download AVAST:

14.05.2009 19:53:46 general: Started: 14.05.2009, 19:53:46

14.05.2009 19:53:46 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [service Pack 3]

14.05.2009 19:53:46 system: Memory: 51% load. Phys:446468/916848K free, Page:2367632/2760856K free, Virt:2062288/2097024K free

14.05.2009 19:53:46 system: Computer WinName: SCLORE

14.05.2009 19:53:46 system: Windows Net User: SCLORE\Stephanie Clore

14.05.2009 19:53:46 general: Old version: ffffffff (-1)

14.05.2009 19:53:46 system: Using temp: C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\_av_inet.tm~a03004 (23932M free)

14.05.2009 19:53:46 internet: SYNCER: Type: use IE settings

14.05.2009 19:53:46 internet: SYNCER: Auth: another authentication, use WinInet

14.05.2009 19:53:46 general: Install check: Program folder does NOT exist in registry

14.05.2009 19:53:46 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 0

14.05.2009 19:53:47 general: progress thread start

14.05.2009 19:53:47 general: Destination: C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\_av_inet.tm~a03004

14.05.2009 19:53:47 general: Starting download: http://www.avast.com/go.php?verb=get-avast...&langid=eng

14.05.2009 19:53:48 general: Download finished from server download706.avast.com, result: 0x20000004, server response: 501

14.05.2009 19:53:48 general: Stats download706.avast.com, server response: 536870916

14.05.2009 19:53:48 general: POST result: 0x20000006, server response: 40

Link to post
Share on other sites

  • Root Admin

Please try the following.

From within Internet Explorer go to Tools/Internet Options/Advanced and click on the RESET button.

Then restart IE and again go to the Tools/Internet Options/Connections tab and on the LAN and Dial-up settings

remove ALL PROXY settings unless you specifically set them yourself. Also remove any DNS Server entries unless YOU specifically set them.

Then click on START - RUN and copy / paste this into the RUN line and hit the OK button.

CMD /C ATTRIB -R -S -H C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

Then click on START - RUN and copy / paste this into the RUN line and hit the OK button.

CMD /C DEL C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

Then click on START - RUN and copy / paste this into the RUN line and hit the OK button.

CMD /C RD /Q /S C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\

Now see if you can visit and update Malwarebytes or your Anti-Virus and let me know.

Rename the Hijackthis.exe file to something else like SPOAZ.EXE and do another Scan and post back the log.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.