Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cannot get rid of this Trojan
- Thread starter renemac
- Start date
Download hijack this from the link below.Please do this. Click here:
to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.
Download AVG Anti-Spyware
* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition files.
* On the main screen select the icon "Update" then select the "Update now" link.
* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select "Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.
* Click here to download ATF Cleaner by Atribune and save it to your desktop.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.
* Click here for info on how to boot to safe mode if you don't already know
how.
* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in
safe mode:
Run AVG Anti-Spyware!
# IMPORTANT: Do not open any other windows or programs while AVG is scanning as it may interfere with the scanning process:
# Launch AVG Anti-spyware by double-clicking the icon on your desktop.
# Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
# AVG will now begin the scanning process. Be patient this may take a little time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
# Close AVG and reboot your system back into Normal Mode.
reboot to normal mode and run a few online scans!
Note: this is a stand alone, it doesn't install to start/programmes.
Download Mwav,
double click on it and it will extract to C:\kaspersky. Click
on the kaspersky folder and click on Kavupd, a black dos window will open
and it will update the programme for you, be patient it will take 5-10
minutes to download the new definitions. Once it's updated, click on mwavscan
to launch the programme.
Use the defaults of:
Memory
startup folders
Registry
system folders
services
Choose drive , all drives and, click scan all files
and then click scan/clean. After it finishes scanning and cleaning post
the log here with a new hijack this log.
Note: this is a very thorough scanner, it might take anything up to an hour
or more, depending on how many drives you have and how badly infected your
pc is.
Highlight the portion of the scan that lists infected items and hold
CTRL + C to Copy then paste it here. The whole log with be extremely
big so there is no way to copy the whole thing. I just need the
infected items list.
post another hijack this log, the AVG Anti-Spyware log and the Mwav scan log.
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.
Download AVG Anti-Spyware
* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition files.
* On the main screen select the icon "Update" then select the "Update now" link.
* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select "Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.
* Click here to download ATF Cleaner by Atribune and save it to your desktop.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.
* Click here for info on how to boot to safe mode if you don't already know
how.
* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in
safe mode:
Run AVG Anti-Spyware!
# IMPORTANT: Do not open any other windows or programs while AVG is scanning as it may interfere with the scanning process:
# Launch AVG Anti-spyware by double-clicking the icon on your desktop.
# Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
# AVG will now begin the scanning process. Be patient this may take a little time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
# Close AVG and reboot your system back into Normal Mode.
reboot to normal mode and run a few online scans!
Note: this is a stand alone, it doesn't install to start/programmes.
Download Mwav,
double click on it and it will extract to C:\kaspersky. Click
on the kaspersky folder and click on Kavupd, a black dos window will open
and it will update the programme for you, be patient it will take 5-10
minutes to download the new definitions. Once it's updated, click on mwavscan
to launch the programme.
Use the defaults of:
Memory
startup folders
Registry
system folders
services
Choose drive , all drives and, click scan all files
and then click scan/clean. After it finishes scanning and cleaning post
the log here with a new hijack this log.
Note: this is a very thorough scanner, it might take anything up to an hour
or more, depending on how many drives you have and how badly infected your
pc is.
Highlight the portion of the scan that lists infected items and hold
CTRL + C to Copy then paste it here. The whole log with be extremely
big so there is no way to copy the whole thing. I just need the
infected items list.
post another hijack this log, the AVG Anti-Spyware log and the Mwav scan log.
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
Also do this!
Run hijakc this and find this entry and click the box in hijack this and click FIX, close all open programs and browsers! i take it is C:\windows etc ?
windows\system32\xxfgmy.dll
Whilstin safe mode run the file through the killbox using the guidelines below!
Download the pocket killbox
Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
In the Full Path of File to Delete box, copy and paste each of the following
lines one at a time then click on the button that has the red circle with the
X in the middle after you enter each file. It will ask for confirmation to
delete the file. Click Yes. Continue with that same procedure until you have
copied and pasted all of these in the Paste Full Path of File to Delete box.
Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.
C:\windows\system32\xxfgmy.dll
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
Run hijakc this and find this entry and click the box in hijack this and click FIX, close all open programs and browsers! i take it is C:\windows etc ?
windows\system32\xxfgmy.dll
Whilstin safe mode run the file through the killbox using the guidelines below!
Download the pocket killbox
Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
In the Full Path of File to Delete box, copy and paste each of the following
lines one at a time then click on the button that has the red circle with the
X in the middle after you enter each file. It will ask for confirmation to
delete the file. Click Yes. Continue with that same procedure until you have
copied and pasted all of these in the Paste Full Path of File to Delete box.
Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.
C:\windows\system32\xxfgmy.dll
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
- Thread starter
- #4
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question