Good Grief, What A CF!!!

Hi Everyone,
You've helped me in the past. I sure need it now... Long story short, I've got major Trojan trouble. I've been trying to clean this up for several hours, now. I did everything in Major 'Tude's "READTHISFIRST" string. A number of Trojans were deleted through those steps. I remain infected though. I know of 2 backup files for Hijackthis, that are infected. I can't manually delete them. The several programs suggested couldn't delete them either. I just rebooted from safe mode. Ran Ad Aware SE, & crossed my fingers. It STILL came up w/9 Registry hits.
Please help me.
Kenny.

 

Hi Chaslang,
Thanks for coming to my aid. You've helped me once before. That was nothing compared to this, though. Jeeze, what a mess it was. I've spent several, LONG hours on this current headache.
I had an older version of Hijackthis, yesterday. I was running it directly from the zip file, in my briefcase (WinXP). The READTHISBEFOREPOSTINGHJTLOGS Thread says don't do this. It also says backups might not be created. Lastnight, I had 2 infected files remaining (out of 10). They were both backup files for HJT. I tried all the utilities in the READTHISBEFOREBOTHERINGUS Thread. They couldn't delete these 2 files. I couldn't even find them manually, either.
So, I ran Ad-Aware SE upon booting up today. I was expecting the usual 9 Registry hits. They weren't there (?!). I then nuked my HJT.zip file, & downloaded a new one. I downloaded directly to a newly made C:\Programs\File. I still get a prompt I don't understand. It says I should save it directly to its own folder... I thought I just did.
My first annoying, humble Query is, then. How do you properly download & establish HJT?
I later ran Win Task Manager, before starting IE. I stopped a few questionable looking .exe files, before opening IE. Perhaps an illusion, but I'll take it. Yesterday gave me a headache.
Thanks again. Kenny.

 

Good Morning Chaslang,
Happy Weekend . Here are the logs. Log#1 was done after running Ad-Aware SE. Log#2 was done before running A-A SE.
I think somehow HJT is now starting when I bootup the system. I saved it the way you said to.
Those 2 HJT backup files that are infected. They're a problem, no? Should I not disable the HJT backup option?
Thanks again for your help. You guys are great here!!!
Kenny.

 

Ahh... Hi Again Chas',
I haven't been able to reply to you. Hell, I haven't been able to do much of anything. Except to curse the punk-assed kid who wrote this freakin' virus! I'd love to get my hands on him.
I've Win XP, home ed. I did what you suggested in your last e-mail. As I said before. I've already followed the instructions in the DOTHISBEFOREBOTHERINGUS Thread. Everything was fine for a few days. The scans came up clear. All I could find infected, were those 2 backup files for HJT. The ones I can't even find MANUALLY. All of a sudden, BAM. A-A SE came up w/several new registry intruders. I started going through the clearing processes listed here. Then I noticed on a Norton Systemworks Sensor. Crap, 100% of my cache is being used, 100% of the time!!?!
The past couple of days, I haven't been able to type a reply here. Nor have I been able to log into my hotmail acct. The log on screen won't load. The screen remains blank, although stating "Done." There's curious URL type writing across the very top of the screen for this page, too. I go to common vendor pages (BestBuy, etc.), & things just don't work. I click a link on a page, & nothing happens.
I'm severely pissed-off by all of this. @this point, I'm hoping I can manage to install a new DVD Burner I just got. I've many pix stored on this PC, from many trips I've taken. Some are irreplaceable, including a once-in-a-lifetime trip from last Summer. Then I guess I'll have to nuke the whole damn thing, buy a new HD & memory, & start all over again.
Kenny.
P.S.: Thanks again for your help, Chas'.
P.P.S.: Did I mention I'd like to severely injure the rat **ck who wrote this thing?

 

Hi Chaslang,
I did delete the 4 files you'd listed. I also tried, but was unable, to delete the 2 files w/Win Exp. After nuking the 4 files, I saw no change. When I do full system scans w/Ad-Aware, or Avast!! I come up empty (no infection). I know it's there, though. I know because:

A) IE is totally "Screwed."
B) Norton Systemworks shows me that my cache is 100% full/used, 100% of the time...

I'm a Nurse by profession, Chaslang. I enjoy technology. I actually spec'd & built, my current PC. It Tain't my biz, though. I'm well over my Head, here. I'm going to reboot in Safe Mode, do some scans, & post the results.

A) If you can help get rid of this **it, great!
B) If you can't. Please advise me. My (Memory) Cache is full 100% pretty much @bootup. If I have to "NUKE" everything... Do I have to buy a new Hard Drive & Memory? From my ignorent perspective, the Viri are present in the RAM, correct? Also, unless I want to buy a program to totally over-write my HD. It's possible that old code could infect me, anew.

As Always, Chaslang, I thank you greatly, for your help. I'll now reboot, & post the results.

Thank You, Babe .

Kenny.

 

OK, Here it is.

 

Hi Chas',
I've a P4 @2.4GB, W/256MB of 2700_DDR RAM.

I'd had a minor Virus problem, some months back. I thought I'd accidentally deleted a needed file for Norton Systemworks (things weren't working). So, I deleted/re-installed the SW programs. I'd nuked Norton Systemworks, but not the Firewall. When I subsequently contacted Norton's support ctr , somewhere in India... Some Guy named Rajnish, told me I must remove all Norton Apps together, & re-install again As One. He said that was why LiveUpdate wasn't working.
Rajnish was wrong... I did what he said. Liveupdate still doesn't work. I tried switching to another AV Program, but NAV is still detected by the newer programs. I'm unable to delete NAV. That's why my Norton files are confusing.

Do I need QuickTime, & ViewManager? I don't know. I defer to your better judgement. I originally loaded QuickTime to download/view "Snippets," from Bike Sites. I thought it was an application. One that is only used when called for. Was I wrong about that?

I thought ViewManager to be a part of the OS (i.e.: Task Manager). So, I'd be afraid to have messd w/it. The OS wouldn't have let me, anyway. Again, I ask your opinion.

I'm guessing that you actually enjoy this stuff. I guess that I might, too (were I not a Nurse). But "I.T.," isn't my Biz. To me, this is just a big hassle, & a waste of my time.
If I should just install my new DVD Burner, & back-up my irreplaceable Pix. Please tell me now. If I should tough it out, OK. You could say that too.

Thank You as always. Kenny.

 

Hi Chas',
Who's quitting? I just don't want to lose my pix.

You say to nuke Norton? I like my Norton Utilities. Do you think one of the Norton files is infected?

I already hate AOL. They're a crooked company. ViewManager is as good as gone.

I'd tried running MicroTrend's online AV scan from Safe Mode. I did it before IE gave up the ghost. It again found the 2 infected backup files from HJT. A prompt said I couldn't delete the files because they were currently in use. Hmmmm..... I wonder if I tried that through Firefox. Would they STILL be occupado?? Yeah, that's worth a shot.

To be continued...

 

Hi Chas',
"Happy Friday," to you!! After E-Mailing you last Night. I managed to get Micro-Trend's online scan, to "Nuke," the 2 HJT files I'd mentioned. You were right. You cannot get that App. to run in Safe Mode W/Networking (W/FireFox, anyway). I had to do a full boot up, & then run it. The Java screen wouldn't let me see the full file name. It looked right, though.

My happiness was short-lived, of course. Something is still wrong. My RAM remains far too taxed... W/WIN_TaskManager. I've tried stopping certain processes. So far, my memory remains over-extended.

Unlike when I began (several yrs. ago, w/an illegal PC). I'm now 100% legal. I can nuke, & reload anything. All I really need to save is my Pix_N_Films. I've a brand new DVD Burner just waiting to be installed.

You know a whole lot more than me, regarding maliscious Code. The Pix, & Films I've saved. They're all that matters to me. The rest is easilly reproduceable.

Again, I'm not quitting. All I need though, are my Pix/Films. Why beat your Head against a Wall? Espescially when it's not necessary?

So, here's Tonight's query to you, Chas'.
Can I install,& copy my "PixNVids" to my DVD Burner now? OR, should I wait until I've ridden myself of this current infection?

Like I've said. I'll "Nuke" ANY FILE I need to. I've all the Originals!!!

What Say You Now, me Lady?!?!

 

Hi Chas',
OK, I think I did it right. I don't know if it was a part of it or not. Avast! prompted me w/a virus warning while this program was scanning. It was a Trojan in a system dll. Flushing out the Birdies? Here's the log.
Kenny.
P.S.: I was in bed all weekend, sickNworthless. So, I didn't put the DVD Burner in yet.

 

Hi Chas',
Everything seems to be working fine, now. I just don't use IE anymore. The apps I use seem to run as quickly as before. I like my Norton utilities. Unless you tell me it's a mistake. I think I'll just let it be for now.
This was the second time you've helped me out. I remain grateful.
Thanks.
Kenny.