Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

10 Trojans Even With Avg


  • Please log in to reply
6 replies to this topic

#1 xpebblesx

xpebblesx

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 31 May 2006 - 07:54 PM

I have at least 10 trojans on my pc, all generic downloaders, AVG heals them and also quarentines them, but I still get more, and numerous pop ups, I don't know exactly what to do, considering I also have system mechanic, aol spyware. I've deleted offline internet files, I've done a run on clean manager, I 've run a scan about 5 times and it automatically scans each morning too. How do I stop them from re-appearing?? How do I stop pop ups?

FYI, I'm a new user here and don't exactly know much , still reading up on stuff and searching for other answers... :thumbsup:

BC AdBot (Login to Remove)

 


#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:43 AM

Posted 31 May 2006 - 10:00 PM

Download, install and run A˛ - Free from http://www.majorgeeks.com/download4281.html . Run it, click Search for Updates, then click Scan.

Then run the following two scans:
Sygate Trojanscan
http://scan.sygatetech.com/pretrojanscan.html


Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp


AV programs are not designed to remove trojans. The above are.

After you do what I listed above Run both Adaware and Spybot Search and Destroy from safe mode, updating each program’s malware definitions before you scan and allowing both to fix what they find.

If you do not already have these freeware aps installed on your computer, you can get them at the following sites:

*AdAware SE: http://www.majorgeeks.com/download506.html

*Spybot S&D: http://www.safer-networking.org/en/index.html

Following that that I suggest you post a “HijackThis” log for expert assistance with your malware infection.

Read the pinned post in our “HijackThis” forum,
here
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Carefully read and follow all directions explicitly, especially those about installing Hijack This on your root drive, not on your desktop or in a temp folder.

Following instructions create a HJT log, and POST THE HJT LOG YOU CREATED IN OUR HJT FORUM – not in this forum,
at this link.
http://www.bleepingcomputer.com/forums/posthjtlog.html
Include the specs for your computer (ie, processor, amount of RAM, brand or motherboard, etc, and briefly describe the problem you are experiencing.)

Unless you are expert at editing the registry, Do not use the Hijack This program to try to fix anything by yourself as even what may seem to be a small mistake can render your operating system inoperable.
Some files when in the correct folder for them may be fine while in another may be malware hiding.


A member of our expert HJT Team will analyze your log, make recommendations and offer assistance, walking you through the complete repair process.

It may take a period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Please be patient as this team is manned by volunteers. They will help you in order received as soon as possible.

NOTE
Once you have posted your HJT log, please DO NOT make any additional posts in the HJT forum thread you created until you get a response from a member of our HJT expert team, and do not make any changes to your system (changes, including any attempted repairs, will make your computer to be different than displayed in the log you posted and therefore make your log inaccurate).

The first criteria the HJT Team has when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having 1 reply.
A team member, looking for a new log that requires help might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, post your HJT Log in our HJT Forum (not here in this forum) and wait for a response from a HJT team member.

#3 xpebblesx

xpebblesx
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 01 June 2006 - 10:55 AM

so this is what I found so far....


Scan started: 6/1/2006 11:27:07 AM
Scan finished: 6/1/2006 11:51:48 AM
Scan duration: 0h 24min 41sec
Scanned files: 66520
Infected files: 6

Object Diagnosis
Key: HKEY_LOCAL_MACHINE\software\realtime gaming Trace.Registry.RivieraGoldCasino
C:\WINNT\Downloaded Program Files\popcaploader.dll Riskware.Downloader.Win32.PopCap.b
C:\Documents and Settings\usr1\Cookies\usr1@lop[1].txt Trace.TrackingCookie
C:\Documents and Settings\usr1\Cookies\usr1@sympatico.msn[1].txt Trace.TrackingCookie
C:\Documents and Settings\usr1\Cookies\usr1@sympatico.msn[2].txt Trace.TrackingCookie
C:\Documents and Settings\usr1\Cookies\usr1@adknowledge[2].txt Trace.TrackingCookie


Do I still need to go to hijackthis?? Or can it be fixed with replies? :thumbsup:

I tried the trojan finders, but the sygate one wouldnt let me finish, I took off zone alarm, but it still said it couldnt finish due to firewall. The other windows one I couldnt get into at all.


The spybot seems ALEXA related...
I ran adaware and I deleted at least 69 critical objects, from here on , I'm not sure entirely what to do.

Edited by xpebblesx, 01 June 2006 - 12:10 PM.


#4 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:43 AM

Posted 01 June 2006 - 11:57 AM

I suggest you use the Hijack This forum because the HJT log must be analyzed by an expert who can help you to make the necessary registry changes. We have such experts available to help you.

What you showed there is only a partial picture. Malware can hide almost anywhere and it takes an expert to detect what is malware and what is not, and then to make the adjustments to repair the problem without causing others.

Post your complete HJT log here:
http://www.bleepingcomputer.com/forums/posthjtlog.html

Except for the first two, of which one is a popup generator, the critical objects Adaware finds are most likely to be low risk cookies. I usually just have Adaware just delete whatever it finds.

Look through the list and see if you recognize any as from a site you go to such as a game site from which you may want to retain the cookie that stores your login or such, but most are just low level tracking cookies.

The results from Spybot will be a little different. But in any case, in normal mode (not advanced), allow it to clean what it finds but let it do a backup when it offers you the chance before it starts.

After you have run both and allowed them to delete what they found, create a new HJT log and post it.

Edited by Enthusiast, 01 June 2006 - 12:07 PM.


#5 xpebblesx

xpebblesx
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 01 June 2006 - 01:07 PM

It seems now that I've downloaded and scanned , my pc is running slower now. My main concern to set up the hijack this question is what exactly do I need to put in there? The results from the scans? Each trojan I have? The spybot that is ALEXA related, is that of major concern? Lastly, to be notified by email, I cannot seem to find the link he is referring to, I am running Win 2000 Pro and cannot find the email link in my control panel...Another thing, I only have about 38% space left on my disk and I'm not sure how much more I can download!!!! :thumbsup:

Hopefully I don't have to go to a repair shop where they charge you an arm AND leg!!! :flowers:

#6 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:43 AM

Posted 01 June 2006 - 01:18 PM

Email????


Read the directions in my previous post and go to the links I provided which give explicit instructions about how to get the Hijack This Program, what to do with it, where to install it, how to produce a HJT log and where to post it in our forum.

Did you try to use the Hijack This program yourself?
What email link?

Edited by Enthusiast, 01 June 2006 - 01:21 PM.


#7 xpebblesx

xpebblesx
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 01 June 2006 - 01:52 PM

Ok, I think I may have found what I need to post the hijack this, I will try and see... Thanks for your help thus far :thumbsup:

Mod Edit: Topic moved to a more appropriate forum - QM7

Edited by quietman7, 04 June 2006 - 06:31 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users