Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Avast Found Trojans..help?

  • This topic is locked This topic is locked
6 replies to this topic

#1 Brittney78


  • Members
  • 5 posts
  • Local time:01:57 AM

Posted 12 April 2008 - 05:49 PM

I have Avast&Xoftspy on my computer. I run on Windows XP. Recently I have been getting multiple pop ups/banner sites. Yet when I try to close them out it takes forever for them to close and/or when they do finally close, it seems like another one pops up in its place. As you can imagine, it is slowing things down as well. Avast has said that trojan horse(s) have been found, the names were win32:spyware-gen [trj]&win32:purityscan-Q [trj]. Then when I run a scan with Xoftspy it comes up with low (risk) items but the ones that said moderate or severe (risk) was redirect cookies and vundo trojan. On Avast and Xoftspy both, when these trojans come up I hit 'delete' and it acts as if its gone. Yet when I scan again, or restart the computer they are still there. I've tried looking up how to remove these but have had no luck. Can someone please help me out with removing them? Thanks.

Edited by Brittney78, 12 April 2008 - 05:50 PM.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,440 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:02:57 AM

Posted 12 April 2008 - 08:54 PM

Hello Brittney78, have you scanned with Avast from safe mode?
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.
Do whatever tasks you require and when you are done reboot to boot back into normal mode.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs
In the resulting list ,look to see if these exist. If so click on them and and select "Remove".
Cowabanga by OIN
ipwindows / ipwins
MediaTickets by OIN
Outer Info Network
PurityScan by OIN
Snowball Wars by OIN
TizzleTalk by OIN
Yazzle by OIN
Yazzle ActiveX By OIN
Yazzle Cowabanga by OIN
Yazzle Kobe :filtered:! By OIN
Yazzle Picster by OIN
Yazzle Sudoku by OIN
Yazzle Snowballwars by OIN
Yazzle Kobe Balls! by OIN
Zolero Translator
or anything similar with OIN, Outer Info or Yazzle in them.
Reboot when done.

NOW: Go to Start > My Computer>C:\Program Files and again go thru the above list ,delete any of the program folders IF they exist.

IF there isn't an icon for OIN or (program) by OIN in Add/Remove Programs, then download and run the Purity Scan uninstaller.

Save the Uninstaller to your desktop.
Double click on the OiUninstaller.exe icon on your desktop.
Click on "Run".
Enter the four digit code that is displayed and click on "Uninstall".
Click on "Ok" and reboot your computer.

Click HERE for Instructions with screenshots if needed.

Note: OiUninstaller uses UPX (ultimate packer for executables), an advanced file compressor and a method for compressing executable files to reduce their size to save space on a disk and download time. Some anti-virus programs such as Avast and Kaspersky may detect it as malware when attempting to download or unpack the compressed file.
Courtesy Quietman7
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Brittney78

  • Topic Starter

  • Members
  • 5 posts
  • Local time:01:57 AM

Posted 12 April 2008 - 11:28 PM

Alrighty, so I followed all of the instructions you gave. There ended up not being any of the weird type programs you listed in my add/remove programs list nor in my programs folder. However, (and this may be nothing.. but I wouldn't know), in my add/remove programs list there was the following: microsoft compression clientpack 1.0 for windows xp, microsoft international domain names for mitigation APIs, microsoft national language support downlevel APIs, microsoft use-mode driver framework feature pack 1.0, and network monitor. Now, I don't know a lot about this sort of stuff but all those that I just listed didn't look familiar to me. But as noted, maybe they are normal things I should have...

I used the uninstaller like you said, etc. Rebooted, etc. I'm not sure if you will be telling me any further instructions, but so far after all of that, still the same results, still the trojans:(

#4 DaChew


    Visiting Alien

  • Members
  • 10,317 posts
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:57 AM

Posted 12 April 2008 - 11:31 PM

Boopme was asking you to go into safe mode and run a scan with one of your programs

Avast would be a good choice, post a log please

No. Try not. Do... or do not. There is no try.

#5 Brittney78

  • Topic Starter

  • Members
  • 5 posts
  • Local time:01:57 AM

Posted 12 April 2008 - 11:47 PM

Oh, shoot I didn't know I was supposed to be posting a log. Sorry if it's a dumb question but how would I do that? I did however put it in safe mode (previous to writing this post of course) and I did run the scan... But I guess I need to do that again so I can post a log.

Also, I thought it might be relevant to add that I now also have the trojan horse called Win32:Rootkit-gen [Rtk], Avast just alerted me.

Thx for your time!

#6 Brittney78

  • Topic Starter

  • Members
  • 5 posts
  • Local time:01:57 AM

Posted 13 April 2008 - 11:35 AM

I had made a previous post inquiring about some help to remove some trojans that are just taking over my computer. I have windows XP, and have Avast&Xoftspy. Anyhow someone replied to my previous post wanting me to post an Avast log after scanning in safe mode. However, I don't know how to post a log in order to recieve help. Can someone explain it to me?

#7 TMacK


  • Members
  • 4,672 posts
  • Gender:Male
  • Location:B.C. Canada
  • Local time:11:57 PM

Posted 13 April 2008 - 12:06 PM

Hi Brittney78,

I moved your HijackThis log to the appropriate forum.
Here is the link: http://www.bleepingcomputer.com/forums/top...tml#entry795578

Please, DO NOT make another post in the HijackThis Logs and Malware Removal forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might think someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

Also, don't make any changes to your system, as that could change the results of the posted log, making it more difficult to properly clean your system.

Since you now have a HJT log posted, I'm going to close this topic.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users