Many trojans and downloaders, please help!

Download.Trojan infection, all directions followed w/no luck, please help

Hello all,

I have this annoying "download.trojan" infection that keeps coming up everytime I do a Norton virus check, I've tried fixing it in safe mode, didnt work. Came on this forum, followed all the steps as directed to remove it and just cant get rid of it. Here's my Hijackthis Log, please help!

• Edit by bjgarrick: Unrequested, Inline HJT log removed!

Thanks in advance!!

 

Re: Download.Trojan infection, all directions followed w/no luck, please help

Sorry about posting the Hijackthis log on the previous post (didnt read THOSE directions, sorry).

This Download.Trojan thing is really annoying!

After reading the Hijackthis page I fixed what it recommended, so I'm ATTACHING my log.
Thanks so much!

 

Hi. I've followed all the steps in the Read and Run First Sticky, but I still cant get rid of these Trojan.download and other trojans. Included are my logs from HJT, Kaspersky. I have a BitDefenderScan log, but I cant attach because I already posted the maximum of two attachments.

Anything else you need for me to do, please let me know!

Please help. Thanks!

 

Please stay in one thread with your problem, I have merged your threads together so please post in here from now on.

Please see the below thread on how to install and run Spy Sweeper.

Running Spy Sweeper...

 

Sorry about that, I just thought I was being skipped over. Ok, I've did SpySweeper and my results are attached, along with a fresh HJT log.

What next?
Thanks!

 

Please see the below thread on how to install and run Ewido Security Suite.

Running Ewido Security Suite ...

 

Ok,
Ewido Scan and HJT log are included...

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Spy Sweeper

Now scan with HijackThis and Check the Boxes for the following:

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you comlpete the above, reboot and let me know how things are running.

 

OK, I did as directed.

The Ad-aware and Spybot checks came up negative with zero infections.

When Norton ran a virus check it found 1 threat, "Download.Trojan" again.

Anything else I should do?
Thanks.

 

Let me know the exact file and location of the detection. Update your definitions and run a full system scan and remove all found infections, then clean the quarantine.

 

Norton wouldnt let me quarantine or remove it for some reason it just kept failing to do so. Here's what the log from earlier today of Norton said:

Source: Manual Scanner
Risk category: Virus
Click for more information about this risk : Download.Trojan
Action taken: Delete failed
Description: Affected areas:
1 Files:
loadadv458.exe within ?????? within C:\Program Files\Common Files\Wise Installation Wizard\WISCDEBF9E7BCEB43A7986CE66377C28ABC_1_0_0.MSI - Delete failed

I will now run a full scan, remove all infections and then clean the quarantine as you suggest.

 

Let me know the results of the scan from Norton.

 

I ran the Norton scan, the same Trojan.download item came up (at the same location), nothing else. Wouldnt let me delete or quarantine it, so the risk remains.
Then I went ahead and deleted all the files that were in the Quarantine as you suggested.

 

Download Pocket KillBox

Now, Copy and Paste C:\Program Files\Common Files\Wise Installation Wizard\WISCDEBF9E7BCEB43A7986CE66377C28ABC_1_0_0.MSI into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, run the below online scan and attach the log. Also, see if Norton still detects the previous file.

Panda ActiveScan

 

I used the Pocket Killbox program to delete that file. A side note: When I clicked on that "X" to delete, a Norton window popped up and warned about a trojan.download that was trying to access that file, and that Norton had denied it access.

I did get to delete it, and I rebooted.

I tried to run the Panda ActiveScan, but when it was going to start the scan, I got an error message and it said that Internet Explorer needed to shut down. I attempted this about 5 times with no luck.

I will run the Norton scan, takes over an hour or so to complete. I will post the findings of that scan when its finished.

 

What version of Norton do you have?

Click on the link below and run the online scan...

Kaspersky Anti-Virus Online Scan

• Click on "Kaspersky Online Scanner"
  
• Click Accept to procede...
  
• If you get a popup askiing if you want to Install Kaspersky's ActiveX Control, click Yes to install it.
  
• If you get a Security Warning popup asking if you want to install and run kavwebscan_unicode.cab, click Yes to install it.
  
• After all updates are downloaded, click NEXT to continue...( Note it will take awhile to download these updates based on your connection speed).
  
• Click Scan Settings and select extended and make sure both boxes are checked at the bottom, Click OK to continue.
  
• Now click on My Computer and let it run!
  
• This scan may take a while but it is very thorough. After the scan is complete save the log as a txt file and attach it to your next post.

 

I just purchased the 2006 Norton Antivirus software ever since this whole trojan.download thing first appeared last week. When I do the full system scan it takes actually 2 hours (i have about 36 Gbs used on my hard drive).

I just stopped the scan when I read your post and it had picked up one infection at the time, again it was trojan.download in the same location, and it couldnt delete it. Here's what I copied from that log...

Source: Manual Scanner
Risk category: Virus
Click for more information about this risk : Download.Trojan
Action taken: Delete failed
Description: Affected areas:
1 Files:
loadadv458.exe within ?????? within C:\!KillBox\WISCDEBF9E7BCEB43A7986CE66377C28ABC_1_0_0.MSI - Delete failed


Now I'll do the Kaspersky Scan and attach the log to the next post I post.

 

Just manually delete the folder C:\!Killbox, it's the backup of the file we previously deleted.

 

OK just deleted the C://Killbox folder. Kaspersky is scanning and I'll post the log as soon as its done.

Thanks BJGARRICK, I really do appreciate you hanging in there with me!

 

No Problem!

I will check the log in a bit, for now a little rest!

 

Alright here it goes...
Norton scan picked up NOTHING (which was a sight for sore eyes not seeing that "trojan.download" anymore!).

Kaspersky did pick up a few things but I'm assuming that they're not as bad as the trojan.download... attached is the log for kaspersky....

Thanks again BJGARRICK!

 

I just did an Ad-aware and SpyDoctor full scan and both showed up with the run of the mill cookies type of infections, and cleared them right up. No trojan.downloads or anything else. Norton came back clear... Am I safe to assume I'm good to go?

Thanks BJGARRICK, you rock!

 

Your system appears to be clean, the Kaspersky detections are the installers for Ares, you can delete these if you like but I will leave that up to you. It shouldn't hurt anything to leave them if you choose to.

If your not having any further problems, I recommend your seeing this thread on How to Protect yourself from malware!

Surf Safely!

 

THANKS BJGARRICK! You're a life-saver!

I definantly have to be more careful in my internet surfing!

Have a Merry Christmas!

 

You too!

Surf Safely!