Vincent Vega

Trojan assistance appreciated

Recommended Posts

Hi,

Hopefully I've attached these logs correctly. Thank you in advance for your help.

When I ran A squared, it informed me that two trojans could not be removed. I removed all others prior to reading this forum.

These trojans are both [3512}c:\windows\system32\olepro.dll:

Hopefully, I've done this correctly, I am not very proficient with computers.

Here are the logs:

Share this post


Link to post
Share on other sites

The HiJackFree Analysis report is not one of the logs I need. I need the HiJackFree HJT Compatible log.

Share this post


Link to post
Share on other sites

The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u16 available from Sun Microsystems.

-----------------------------------------------------------

Using Add or Remove Programs in the Control Panel; uninstall the following:

Java 6 Update 10

-----------------------------------------------------------

These all appear to be False Postives.

[3512] C:\WINDOWS\system32\olepro32.dll 	detected: Trojan.Win32.Patched!IK
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe 	detected: Riskware.RiskTool.Win32.Reboot.f!A2
C:\Program Files\Mozilla Firefox\SmitfraudFix\WS2Fix.exe 	detected: Trojan-Downloader.Win32.Agent.chqe!A2
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062753.exe 	detected: Riskware.RiskTool.Win32.Reboot.f!A2
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062765.exe 	detected: Trojan-Downloader.Win32.Agent.chqe!A2
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062771.bat 	detected: Trojan.WinREG!IK
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062772.exe 	detected: Riskware.Hacktool.NirCmd!IK
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062773.bat 	detected: Trojan.BAT.Agent!IK
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062774.bat 	detected: Trojan.BAT.Agent!IK
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062776.exe 	detected: Trojan-Downloader.Win32.Agent.chqe!A2
[code]C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP331\A0062777.exe 	detected: Trojan-Downloader.Win32.Agent.chqe!A2
C:\WINDOWS\$hf_mig$\KB834707\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB867282\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB873333\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB885250\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB887742\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB888113\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB890047\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB890175\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\ServicePackFiles\i386\olepro32.dll 	detected: Trojan.Win32.Patched!IK
C:\WINDOWS\SoftwareDistribution\Download\2538a73647c2cf3775a4933c545ee213557c8a57/spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\SoftwareDistribution\Download\398f0c45cd46f045925de8cfce3ac8c4\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\SoftwareDistribution\Download\95cf6eb04c28d6c2d66103e61d5c5b6d\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\SoftwareDistribution\Download\cb54485933aa009855d78885e4c31c64\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\SoftwareDistribution\Download\e255a894a26bb0cc45b21ddb5c1c5e28\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\SoftwareDistribution\Download\f9caa54645105c608ede060e87d38098\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK
C:\WINDOWS\system32\olepro32.dll 	detected: Trojan.Win32.Patched!IK
C:\WINDOWS\system32\WS2Fix.exe 	detected: Trojan-Downloader.Win32.Agent.chqe!A2
D:\1f06d2dbb18a650422829f566bf38aa1\spuninst.exe 	detected: P2P-Worm.Win32.Bacteraloh!IK

Share this post


Link to post
Share on other sites

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{56071E0D-C61B-11D3-B41C-00E02927A304}]

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

-----------------------------------------------------------

Other than what I noted in my previous post, your system does not appear to be infected.

What issues, if any, are your experiencing?

Share this post


Link to post
Share on other sites

Thanks-

I,ve merged that with the registry. The issue that I am having is sluggish performance. Also, occasionally my computer freezes with whatever I am using displaying "x not responding".After about 5 minutes or so, it becomes operational again.

I wonder if it is just a matter of not having enough ram (512mb).

Share this post


Link to post
Share on other sites

Thanks-

I,ve merged that with the registry. The issue that I am having is sluggish performance. Also, occasionally my computer freezes with whatever I am using displaying "x not responding".After about 5 minutes or so, it becomes operational again.

I wonder if it is just a matter of not having enough ram (512mb).

The amount of system ram and available HDD space, will effect system performance. Though XP will run fine on 512mb of system ram you should have 1gb or greater installed. Your hard drive should have at least 4gb of free space.

Share this post


Link to post
Share on other sites

Hi Vincent,

I hope that ShadowPuterDude will comment on that but regarding the performance in addition to the above

1) You have Ad-Aware / SuperAntiSpyWare and AVG

The services for 1st two mentioned are running. Do you have the residents active?

If so, that is redundant and could definitely impact performance.

2) It seems that you have to revise what is running on Windows Startup and other services you are using as a whole. It looks like all programs ever installed there are getting in there.

You most likely don't need that and can access them from Control Panel when necessary.

Practically all I can see there are not needed. And in situation where you have limited resources (just 512MB of RAM) you definitely should take care of that.

I even prepared a list with descriptions, but that is not a matter to discuss in this section. You are welcome to create a new OffTopic thread if you want advices from experienced users

My regards

Share this post


Link to post
Share on other sites

Hi Lynx-

Thanks for your input. How can I tell what is running continually? Task manager doesn't indicate that they are, but is that accurate?

I do know that AVG's Resident Shield is always active and your comments on Adaware and Super Anti Spyware make sense. Is it reasonable to have all of these three as protection?

Thanks

Share this post


Link to post
Share on other sites
....I do know that AVG's Resident Shield is always active and your comments on Adaware and Super Anti Spyware make sense. Is it reasonable to have all of these three as protection?
Vincent,

If you have AVG resident all others should be just on-demand only scanners (no real-time guards).

As for other questions unfortunately that could be long discussion - not for this section as it was mentioned.

My regards

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude or Lynx to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.