Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Need Help


  • Please log in to reply
3 replies to this topic

#1 the-virus-adoption-agency

the-virus-adoption-agency

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 23 April 2007 - 03:14 PM

It's taken me over an hour to get my computer on, and send this ...

Particularly the problem is

C:\WINNT\system32\ycsrdb.sys

and qo.sys

AVG detects it but can't do anything about it, and pops up a note about it every 30 seconds.

I also have a hijacker sending me to gambling websites
www.888.com
www.pacificpoker.com
and others
fortunately its not stopping my search engine or redirecting my websites, just popping up extra ones.

My computer is very slow and i'll reformat it as soon as I can but the next few weeks are going to be the most important of my studies to date - and I can't get rid of my work until then.

It also wont boot up in safe mode - it stays on the screen loading drivers

And i'm not going to pay for anything while my computer is like this, I dont fancy putting my bank details up for adoption lol

Thanks, LawrenceAttached File  hijackthis_log_23_04_07.txt   6.24KB   10 downloads

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 23 April 2007 - 05:36 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum the-virus-adoption-agency :thumbsup:

You’ve got AVG7 Antivirus and Sophos Antivirus installed.
Not a good idea to have more than one antivirus program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.
You should uninstall one or the other as soon as possible,then restart your pc.

***********************************

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Please then reboot your computer into Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode, right click the SDFix.zip folder and choose Extract All,
* Open the extracted folder and double click RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.
* Also post a new Hijackthis log directly into this topic,please don't post your replies as attachments,thanks.
Posted Image
Posted Image

#3 the-virus-adoption-agency

the-virus-adoption-agency
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 24 April 2007 - 09:07 AM

Sorry I will include the log in the post next time.

I started with AVG and that wouldnt remove it, so I looked up specific files that boast they remove/fix ycsrdb.sys and they told me to download their fixer, so I did, they didnt work.

It's like hiring john McClaine and when confronted with terrorists he just sits down and eats a doughnut.

I have now removed the others.

I removed Sophos because it is generally rubbish and would make my computer run slower than the viruses would. So I just have AVG, Ad-aware & Spybot S&D.

My computer cannot boot up in safe mode. It simply stops at the screen loading drivers.

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 24 April 2007 - 09:28 AM

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.

*Note*
Don't forget to re-enable your antivirus program.

***************************

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Post both the above and a new Hijackthis log directly into this topic please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users