infected with trojan proxy agent nci

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

4 Pages

« < 2 3 4

infected with trojan proxy agent nci, redirected by the team at virus removal

Options

thewall View Member Profile	May 22 2009, 06:57 PM Post #46
Forum Addict Group: HJT Team Posts: 4,380 Joined: 19-June 07 From: Florida Member No.: 137,685	Ok, let's see if we can do an on-line scan now. Click on Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. -------------------- If I have helped you then please consider donating so I can continue the fight against malware All donations go directly to the helper

gclubo View Member Profile	May 25 2009, 09:52 AM Post #47
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068	here is the report KASPERSKY ONLINE SCANNER 7.0 REPORT Monday, May 25, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Monday, May 25, 2009 07:38:40 Records in database: 2239234 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ Scan statistics Files scanned 97300 Threat name 1 Infected objects 0 Suspicious objects 1 Duration of the scan 01:57:33 File name Threat name Threats count C:\Documents and Settings\Owner\DoctorWeb\Quarantine\RUHBEWCA.NQF Suspicious: Trojan.Win32.Patched.dy 1 The selected area was scanned.

thewall View Member Profile	May 25 2009, 11:16 AM Post #48
Forum Addict Group: HJT Team Posts: 4,380 Joined: 19-June 07 From: Florida Member No.: 137,685	That looks good. Is everything still running OK? -------------------- If I have helped you then please consider donating so I can continue the fight against malware All donations go directly to the helper

gclubo View Member Profile	May 25 2009, 11:37 AM Post #49
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068	yes everything looks ok but cant print anything message says unknown error occurred, dont no if that is related and the task bar keeps changing from xp to classic style apart from that all is running well.

thewall View Member Profile	May 25 2009, 12:11 PM Post #50
Forum Addict Group: HJT Team Posts: 4,380 Joined: 19-June 07 From: Florida Member No.: 137,685	You could have some file damage which would not be surprising with the infections you had. It might be worth your time to start a new topic in the XP forum and get some input from them. That is more along the lines of what they do. Other than that it appears all of our work has paid off. I don't see anymore signs of infection on your computer. You hung in there and this was quite involved. I would like to give credit to the excellent assistance and coaching I had from Carolyn one of our HJT Team Coaches on this topic. Her help was invaluable. Normally we would uninstall ComboFix at this stage but if you are going to try and get some help at the other forum I would like to wait. I am still going to give you some suggestions on how to keep your computer clean but I will not close this topic for a few days. If you will please come back and let me know how everything is going because I do want to get it off of your computer. Below are some steps to follow in order to dramatically lower the chances of reinfection You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented You are in need of a firewall with outbound protection While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers I therefore strongly recommend that you install one of the following free firewalls: *PC Tool Firewall Plus or Zonealarm See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC. If you choose the PC Tools Firewall Plus and you are asked to install ThreatFire do not do so. Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office* Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC Go here to check for & install updates to Microsoft applications Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install Keep your non-Microsoft applications updated as well Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. Install SpywareBlaster & make sure to update it regularly SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer. If you don't know what activex controls are, see here You can download SpywareBlaster from here Install and use Spybot Search & Destroy Instructions are located here Make sure you update, reimmunize & scan regularly Make use of the HOSTS file included with Spybot Search & Destroy Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy Run Spybot Search & Destroy Click on Mode, and then place a tick next to Advanced mode Click Yes In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File Click on Add Spybot-S&D hosts list Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue Click Start > Run Type services.msc & click OK In the list, find the service called DNS Client & double click on it. On the dropdown box, change the setting from automatic to manual. Click OK & then close the Services window For a more detailed explanation of the HOSTS file, click here Install a-squared Free & update and scan with it regularly a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date If you have any other questions or issues feel free to ask as I will be checking back on this topic. thewall -------------------- If I have helped you then please consider donating so I can continue the fight against malware All donations go directly to the helper

gclubo View Member Profile	May 28 2009, 02:19 PM Post #51
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068	hello again just to let you know that since monday and your last post everything has been running GREAT, not one problem to report. I have d\loaded and installed the programmes you recomended. I would also like to take this opertunity to thank you and all the team who helped get me get my machine clean, we really do appreciate all your hard work and effort to help us not so techie minded people with our problems. So once again thank you for all your work GCLUBO

thewall View Member Profile	May 28 2009, 04:04 PM Post #52
Forum Addict Group: HJT Team Posts: 4,380 Joined: 19-June 07 From: Florida Member No.: 137,685	Great, that is really good to hear and you are very welcome. We can now uninstall ComboFix: Go to Start > Run - type in ComboFix /u (case insensitive) >>OK I believe that wraps everything up. Best of luck to you in the future. -------------------- If I have helped you then please consider donating so I can continue the fight against malware All donations go directly to the helper

thewall View Member Profile	May 28 2009, 09:34 PM Post #53
Forum Addict Group: HJT Team Posts: 4,380 Joined: 19-June 07 From: Florida Member No.: 137,685	Since this issue appears to be resolved ... this Topic has been closed. If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread. Everyone else please begin a New Topic. -------------------- If I have helped you then please consider donating so I can continue the fight against malware All donations go directly to the helper

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

4 Pages

« < 2 3 4

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 07:05 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides