Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojan/adware Issues I Just Can't Get Rid Of


  • Please log in to reply
6 replies to this topic

#1 Chup

Chup

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 19 January 2006 - 03:50 PM

I got a trojan on the 18th, and since then I think it has downloaded other things to my computer while I've been trying to remove them.

Basically, the one I originally got was showing up in AVG as Startpage.21.BI and I don't think I've been able to remove it yet if that is what I have. AVG does not take care of it, only deletes one DLL file when it shows up, and the startpage removal instructions on Symantecs web site did not work because I did not have the registry keys they said to delete.

A little bit after getting that one, I got another which I believe was Smitfraud-C since Microsoft Anti Spyware detected SpySheriff and my desktop was highjacked. Since this was the most obvious problem I followed this sites instructions for removal of Smitfraud-C and now my desktop is fine again so I believe it is gone.

My issue now is my computer is still coming up with the same dll file that AVG keeps deleting, my IE is constantly having it's homepage hijacked and search page changed (I use firefox but open IE to get a feel for how my computer is doing since everything affects it) and every once in a while a system tray icon I could post a picture of pops up and flashes telling me I need to protect my system, and I also occasionally get a dialog box from "Windows Security Center" asking me if I want to learn how to protect my computer since it is at risk, which I also have a picture of. I have always clicked no obviously, but once I hit yes to see what website it would take me to so i could perhaps figure out what I had off that and it sent me here: search4help.net/search.php?pin=10001

The icon in the system tray goes away whenever I end the process crwt.exe

Other things AVG has named that I may have were these trojans:

Generic.DGV
Generic.NOZ

But I couldn't find any information for them at all. I'm using Windows XP Home edition SP1

Can anyone help? This is becoming very frustrating as no matter how many times I run AdAware or Microsoft Anti Spyware or AVG or ewido even in safe mode I cannot get those to go away. I have an ewido and a hijackthis log if they would be of any help...

Many thanks in advance

Edited by KoanYorel, 25 January 2006 - 04:13 AM.


BC AdBot (Login to Remove)

 


m

#2 Chup

Chup
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 19 January 2006 - 03:59 PM

My hijackthis log is located here in case anyone needs to see it:

http://www.bleepingcomputer.com/forums/t/41662/spywaretrojan-issues/

I will post the ewido one if anyone thinks it will help.

Thanks.

#3 Chup

Chup
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 20 January 2006 - 12:25 AM

anyone at all?

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:12:03 AM

Posted 20 January 2006 - 12:29 AM

You'll just have to be patient. The HJT forum is extremely busy.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 Chup

Chup
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 20 January 2006 - 12:21 PM

Ah, alright sorry I did not know that.

#6 Chup

Chup
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 25 January 2006 - 01:29 AM

Been a while, anyone able to help?

A slight update is that after removing crwt.exe from my computer, the new process that the warnings come from is named apphb32.exe

Also the dll I refered to earlier that AVG picks up occasionally and deletes is kbwsn.dll

#7 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:12:03 AM

Posted 25 January 2006 - 04:15 AM

I see you've updated your HJT log. Let's wait for analysis of that before
proceeding further in this thread.

I'm going to put a reference back to your first post here in your latest HJT log.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users