Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant Remove Trojan-spy.win32.pophot.bko


  • Please log in to reply
1 reply to this topic

#1 ridgeman

ridgeman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 09 July 2008 - 06:59 AM

Hello. I came home to a very sick computer yesterday. My Kaspersky was informing me about the trojan-spy.win32.pophot.bko virus and i followed the usual directions. This time it hasnt gone away so easily. It has done something to my Kaspersky Program. I am getting warnings of Riskware and others things. When I rebooted I got a warning that there were too many liscence keys installed. Now it will not update. I also cannot install using my activation code. Whenever i click on the instructions to do, something does not allow me to proceed. I have tried to remove all problems with Spysweeper, Adaware and Spybot with no succes. I found the details how to remove Trojans using Smitfraud on Bleeping Computer. Now, as instructed, i am posting the log for help. Thank you.

SmitFraudFix v2.329

Scan done at 4:00:46.17, Wed 07/09/2087
Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\cmd.exe

hosts

hosts file corrupted !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\HP_Owner


C:\Documents and Settings\HP_Owner\Application Data


Start Menu


C:\DOCUME~1\HP_Owner\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


Rustock



DNS

Description: SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1AF35CCA-179B-40CA-8E15-75B08AFE918B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1AF35CCA-179B-40CA-8E15-75B08AFE918B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1AF35CCA-179B-40CA-8E15-75B08AFE918B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


Scanning for wininet.dll infection


End

Edited by Orange Blossom, 09 July 2008 - 04:55 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:33 AM

Posted 09 July 2008 - 07:49 PM

hello iwould suggest u se the tool in this topic to help u its a good malware removal tool
LINK:http://www.bleepingcomputer.com/forums/topic156663.html

Edited by fireman4it, 09 July 2008 - 07:50 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users