I have been working to clean out some trojans and a smith attack, and today found that I can't sometimes select the first one or two topics of a google search, i get redirected, i had a heck of a time getting the latest install of Sun JAVA today, and had to come here to find a good link, as all the links i tried including SUN's i got redirected. So i suspect a virus is trying to protect itself from being cleaned.
I run AVG all the time and Outpost firewall and have been running Spybot and AdAware several times a day and also the AVG scan, i get hits sometimes and yesterday i cleaned out ALL the reported bad files from the AVG list including several in the SUN Java folders, and ended up with a weird error message saying a memory address could not be read.
the instruction at "0x13141d4e" referenced memory at "0x131424e".
The memory could not be "written".
Click on OK to terminate the program
Click on CANCEL to debug the program
I thought i had better uninstall JAVA and did and reinstalled it and that error seems to have gone but I got an error report and a Generic Host Process Alert after re installing JAVA and it said:
Generic HOst process for Win32 Sesrvices encountered a problem and needed to close
This error occured on 1/12/2008 at: 11:40:03AM
EventType: BEX P1:svchost.exe P2:5.1.2600.2180 P3: 41107ed6
P4:svhost.exe P5:5.2600.2180 P6:41107ed6 P7:00001d4e P8:c0000005
so something was trying to get out....
I have the main tools still installed as you guys have saved my compy before, and I am soo grateful. I am willing to do whatever i can to try to get the pesky stuff out, but at this point it is not showing up easily in the bug scans. Can you help me?
I have an AMD 3400 running at 2.6 ghz, 400 GB Hd Drive, 2.5 GB RAM, XP Pro SP2, and am somewhat comp saavy so can follow your instructions pretty well, just need to know exactly where to look for what is hiding in my system.
As i was just running a Spybot scan about 20 mins ago, i got an alert from AVG that there was a Trojan Backdoor Generic c_AEW Object name smtpdrv.sys, in C:WINDOWS\system32\drivers\ as i had scanned earlier and it has not showed up i dont knwo how it got there but i moved it to the virus AVG vault.
The AVG scan also found a cs2fg53311.exe Trojan horse Sheur.ALOS in C:\WINDOWS\system32\ and that is in the vault too. I am hesitant to try to go looking for infected files and moving them by hand into trash and deleting them after that problem that happened with the SUN Java infected files that caused the error yesterday.
Soooo, can you help? I will do all the scans and steps you suggest and await instructions. I will go ahead and do a Hijack This log and follow the intructions over there, after reviewing that section again (it has been a while since i did a session here) i realize i need to post my help request over there. thanks.
Edited by CrisGer, 12 January 2008 - 07:36 PM.