Hi Pokey86,
Give me a bit to check out your newest log and I will get back to you ASAP.
Judy
Administrator
Hi Pokey86,
Give me a bit to check out your newest log and I will get back to you ASAP.
Judy
Administrator
Ok Pokey86, I have gone through your latest logs and while they do look better you are still showing the Trojan.Smitfraud on your system. This can be hard to remove but let's try again.
Be certain that you have Enabled the Viewing of Hidden Files and Folders
You are going to have to use that same smitRem Removal Tool again.
I stress here that this MUST BE USED IN SAFE MODE
Restart your computer in safe mode, logon to the user account that is infected, open the smitRem folder and double click the RunThis.bat file to start the tool. Follow the prompts on screen and allow disk cleanup to complete. Upon reboot, you can reset your desktop background. Note: XP users using the XP theme may experience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.
Once you have rebooted to NORMAL MODE then please go to the
Panda Active Scan Site
and run their active scan to find and remove anything which may be left behind by the fix done in SAFE MODE. Please have the Panda Scan fix anything found and please save the log.
Reboot the machine again in NORMAL MODE and run a new HJT scan. Post that log, along with the new Panda Active Scan log here.
Member
I have re-run Smitrem ON Safe mode & all above requirements have been met.
It ran fine & went through, but then something peculiar happened. After smit rem finished & the disk cleaner started running, shortly after it just disappeared & ALL icons & EVERYTHING disappeared & wouldn't come back. (I mean every possible thing on the desktop, startbar, icons etc etc) I was still able to "Alt, ctrl, Del" then run msconfig to reboot to normal mode. But i'd have expected the Disk cleaner to have some kind of ending statement (It did something similair last time, it just disappeared)
Also i have run the Panda active scan which is also enclosed, i can't disinfect yet as i don't have any money in my account yet (Get paid this friday)
Sorry for all the enconveniences, you guys are great people
HJT log & PAS log attached
Administrator
Don't worry about paying for the Panda Scan to clean. We are just using it to see where items are. There are other free ways we can remove these items found.
First thing please download and install CCleaner
Next, update the AVG/Ewido program.
Reboot to SAFE MODE.
Run run ONLY the default scan (Windows Tab). Do Not “Scan For Issues” Click the Analyze button and let it scan. Once it finds everything then click the Clean button. It will ask are you sure, say yes.
Next again run the AVG/Ewido scan and again do the Full System Scan. Allow it to clean everything. Save the log.
Reboot to normal mode.
Then go to My Computer and double click.
Then go to "C" drive and double click.
Then in "C" drive go to \Documents and Settings\Debs\Cookies\ and delete ALL the cookies if any remain. Next, still in "C" drive go to \Documents and Settings\Keith\Cookies\ and delete all the cookies if any remain.
Run another HJT scan, save the log and post back here with the Ewido log and HJT log.
Also, don't worry about the disappearance of the desktop following the running of smitrem...this is ok.
Last edited by jholland1964; 11-05-2006 at 11:40 AM.
Member
OK all above tasks have been done please note i ran ad-ware just before you posted your last post. then i followed all of your steps
Enclosed is the Ewido & HJT logs
Administrator
Pokey, why didn't you have the Ewido scan fix those items?
These for sure should have been fixed
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Ignored.
C:\WINDOWS\system32\opnolij.dll -> Adware.Virtumonde : Ignored.
C:\WINDOWS\system32\__delete_on_reboot__w_i_n_w_l_ y_3_2_._d_l_l_ -> Trojan.Agent.vg : Ignored.
C:\WINDOWS\system32\cool.exe -> Trojan.Dialer.qs : Ignored.
I am "on the fence" about these as they do point to a real program however there have been some flaws with it which could allow a hijacker onto the computer if you are running an unfixed version.
C:\Program Files\RealVNC\VNC4\vncconfig.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4 : Ignored.
C:\Program Files\RealVNC\VNC4\vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4 : Ignored.
C:\Program Files\RealVNC\VNC4\wm_hooks.dll -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4 : Ignored.
Here is some info about this problem from eTrust Spyware Encyclopedia;
VNC is a non-malicious Remote Access tool, that can be uninstalled using Add/Remove Programs. It is a useful application with many valid purposes, however trojans exist which utilize VNC's code base. Such malware may covertly install VNC and automatically configure a VNC server password, that can be used by an attacker as a backdoor into the system.
Last edited by jholland1964; 11-05-2006 at 08:32 PM.
Member
Originally Posted by jholland1964
Though AVG suggested i "Ignore" them i changed the setting to delete on reboot. So they should have been deleted
Administrator
Reboot. Run the AVG again and see if they still show up. Also run a new HJT scan to see if they still show there. Post both new logs.
Member
Something strange is happening, everytime i boot to safe mode, whatever user i go on to, there are no icons, no taskbar, no start bar... Absolutely nothing. Only thing that works is alt + ctrl + del Any idea what's going on?
Administrator
Does this happen in normal mode also?
When you are in safe mode do you have a cursor? Right click anywhere on the desktop and choose Arrange Icons By and make sure that Show Desktop Icons is checked and make sure that Lock Desktop is NOT checked.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote