Help I'm stuck with 3 Trojans

I have followed your advice (no hijack logs before reading this!) have loaded and ran spyware doc, spybots, adaware +plvx2, Macfee Stinger, CWShredder, HS remove & still have trojans picked by by AVG - Dialer.11.AY and Downloader.Mediket.A also when every I open any file I get a message from AVG Trojan Backdoor.Agent.AB.

What can I do next? I am only a beginner (well after all this prob a bit more than a beginner now!!) thank you

 

go here: http://www.pandasoftware.com/home/default.asp
go down to the lower left side to "panda active scan" and do a online
scan.
good luck.

 

give us a log
Hijack This Tutorial And How To Post Your Log File

 

Re: Help I'm stuck with 3 Trojans,(log now attached)

Hope I have done this correct & log is attached

(thank you mellowman - ran pandasoftware but the trojs are still here)

 

Re: Help I'm stuck with 3 Trojans,(log now attached)

Ok, boot to safe mode and find this directory and delete it
C:\WINDOWS\inetfih\

Next, look in add/remove for spywarenuker and uninstall it. Then reboot and run HiJackThis removing the following lines below AFTER you have closed ALL browser windows inlcluding the one you're reading this in right now.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetfih\services.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.nuker.com/products/swn2004/installers/default/SpyWareNukerInstaller.exe


O2 - BHO: (no name) - {80E11773-48F9-4FF5-B1C2-121D282C4B58} - C:\WINDOWS\System32\ffhmoba.dll (file missing)


reboot again and let us know how it goes.

 

Re;stuck with 3 trojans - they are still here

Followed all instructions, rebooted ran AVG and they are all still here. What do suggest?

 

Re: Re;stuck with 3 trojans - they are still here

have you tried the alternate scans listed in the READ ME FIRST tutorial?
post another log. I want to see if it mutated. .

 

Yes, tried all the alternative scans, cwshredder,kill 2 me,HSremove were the last three I ran from the list they all said system clean/no signs of infection
But AVG is picking them up but unable to delete them.
I do appreciate the help you are giving me, log attached
Thanks

 

where does it say the trojan is located? and does it have a file name ?

 

BackdoorAgent.BA is located on c:\windows\system32\comca.dll
(a friend said comca doesn't exist but this is the message as it appears!)

trojan Dialer.11.AY is on file
c:\documents and settings\iangodsiff\localsettings\temporaryInternetFiles\content.IE5\BX4KKFZ3\explorer23[1].cab:\explorer.exe

and trojan Downloader.Mediket.A is on file
c:\documents and settings\iangodsiff\localsettings\temporaryInternetFiles\content.IE5\K9670H2N\ied_s7m_23[1].cab:\ied.exe

Thanks

 

delete your temporary internet files.

go to start.. run.. type

regsvr32 /u c:\windows\system32\comca.dll
hit enter and ok , take note of sucess or failure in unregistering. Then try

start.. run.. type

del c:\windows\system32\comca.dll
hit enter..

take note of success or failure.

also, if you have more than one user profile on your machine , i.e. you and your husband have a user account on the same machine, then you will need to run our tutorial for his and each user account that is on the machine.

 

Have deleted temporary internet files

failure with regsvr32 /u c:\windows\system32\comca.dll message stated "...was loaded but the DllUnregisterServer entry point was not found. This file can not be registered"
(i ran the intrustruction in normal mode too and all I got was Access is denied)

failure with del c:\windows\system32\comca.dll message stated "windows can not find del

tried running the file name on its own but got message " windows can not open this file "

What can we do next?

will go through process of running all scans on husbands account in morning, don't think I can stay awake for much longer! )

 

start. ..run..type CMD
enter

type

Del c:\windows\system32\cmoca.dll

 

Message comes up ....."access is denied"

 

Re: Help I'm stuck with 3 Trojans - I've done it!!!!!

I've clear it - trojans have gone, finally managed to delete comca.dll file after changing its properties away from read only!

Just wanted to say a big thank you to Kodo, its good to know there are experts out there you will give help and support to those of us that aren't as computer confdent as yourselves so thank you Kodo and thankyou MajorGeek.com!!!

PS - wishing you a fantastic birthday on Friday. x
Astelia

 

Re: Help I'm stuck with 3 Trojans - I've done it!!!!!

Excellent! and thank you for the b-day wish

You may now want to peruse this
How to Protect yourself from malware!