new avg install detects so many different trojans, downloader, bho's

Hi MajorGeeks....the pleasure is all mines....
I am frierc....I have read and followed you guys' knowledge for a few years now.

I am a member today, and I am here hoping to have my hijack file analyzed and troubleshooted.

all responses are already graciously welcomed....

I am an avid computer fan.
I really don't like internet nasties and I like long hot summer days.
....and I think I'm a bit of a major geek


I recently installed avg 8.0
My family and I have 3 computers all together connected wired and wireless.
after doing a scan with avg, avg noted many trojan,malware,downloader and etc. on two of the three computers.
I 'think' I 'healed the infections, but am not feeling very good at all.
when I first start my browser, it hangs. I'm thinking I either have conflicting spyware applications or I have uninstalled something that I need.


I am going to boot into safe mode, run a hijackthis scan and then post back
:major

 

Hi frierc,
Welcome to Major Geeks!

Your HijackThis log looks okay, but please remember, we don't rely on HijackThis. Nonetheless, see if this might work. Go to Alternate Scans and download an installation program for one of the free antivirus programs which is not AVG and save it somewhere where you can find it later. Then unplug your computer from the internet and disable your AVG 8. Uninstall it completely. Then find the installation program for the other antivirus program and install it. Plug your internet cable back in and have the new antivirus program update and run a scan. See if you are still having problems with your browser.

Let me know how this goes?
abri

 

my avg8 is running a scan. I suspect it won't be too much longer now....
I will run two of the applications from Alternate Scans and post back asap.

 

Hi frierc,

My interest in the alternate scans is not the scans, but to see if it is AVG which is causing your browser to hang. It coiuld also be that your computer still has malware. If it looks that way, I'll ask you to run the instructions in the READ & RUN ME FIRST.

abri

 

I uninstalled avg, installed a-squared, ran a quick scan. the report is attached. a-squared found something that shocked me, something :cryKazzaa? I don't know that I do file sharing programs. I haven't had one in a year or more, every since I heard the file sharing programs opens the user to all kinds of exploits. wtfunk?
I'm confused....
I am now using ccleaner; registry cleaner, emptying some temp folders, internet cookies and the like.
am running a scan with superantispyware and then will reboot and run a deep scan using a-squared. I will post the results of that scan soon.

the quick scan using superantispyware did not find anything harmful.

...by the way....windows security alert hangs in the lower right side of my task bar, telling me that it dosen't detect any anti virus software....
my browser seems to be ok
however, there is a sometime black screen that I get when first logging into my desktop, it lasts for about 3seconds

 

Hi frierc,

Sorry, I sent you to the wrong link. Please go here and download and install this:
Avast Home Edition

After it completes installing, have it update and scan your computer. If it finds anything, attach the logs.

Thanks.
abri

 

no problem.....
I have run the avast scan. It found nothing.
I wonder if avg8 was conflicting with spy-bot siteadvisor zonealarm and or windows defender. It appears that a lot of these programs have real time protection and they conflict with one another????:major

I attached the virus scan report to this post.
I turned off tea timer, the avg bho is gone and the zone alarm bho is gone as well.
I don't have crashes on start up, my cpu and memory cycles are down as well and I removed a lot of programs from automatic start up and the system seems nice and lean along with the sp3 update.

the first report attachment is a report from avast doing a scan at startup, and the second report is a scan after the system boot up.

I'll run a scan using ad aware2007 and post back asap

 

Hi frierc,

It sounds like there have been some improvements as the result of the steps you took. Your original problem was that your browser hangs. Is this better since you uninstalled AVG and installed Avast?

abri

 

yes....thanks...it's better now.
I didn't want to part with avg; maybe I'll use it sometime down the road.
do you see any concern with the things that avast found?
is there anything that you could recommend I do to stay away from trojans?
are P2p applications like limewire safe in your opinion?


thanks a million...I feel a lot better now...!!

 

Hi frierc,

What Avast found looks like a false positive to me. It doesn't like Panda.

I like AVG too. There seem to still be a few bugs or compatibility problems with their new upgrade and I expect those will be worked out in a few months. It's possible to go back to AVG 7.5.

Limewire has gotten cleaned up more recently and we no longer ask people to remove it.

What you're doing in terms of keeping your computer clean seems to be working. Check out our recommendations in the How to Protect Yourself from Malware and see if there's anything there you're missing.

Use CCleaner. Use it often. Malware files like to hang out in your temp files and CCleaner gets rid of them. You can use it whenver you close down your browsers, in any case, before you close down your computer for the day.

I'm glad things are working better.
Happy surfing.
abri

 

you guys rock:cool and everybody knows it.....
Rock on MajorGeeks.....:major
thanks for everything.....and I'm sure I will keep this site as one of my top 5 favorites....Ok Ok...number one!1

 

Thank you and good luck!

 

heyhey abri, It's me frierc, I wonder if I could ask you something....
I find myself fixing, upgrading, hardware changes, os installs, some debugging and the like for every and anybody who asks me. I am wonder what kind of training should someone seek to become better at doing what it is that you guys do. Thanks

 

Hi frierc,
My advice is to take your membership here seriously and start visiting the Software, Hardware and Networking Forums. They're a fabulous resource. For viruses and such, just study threads here if that interests you. Also, the website Bleeping Computer has a section of tutorials that is excellent.
abri

 

heyhey abri...it's me frierc...here's the logs...
I added one from silent runners/ it'll be in the next post following/ I know you didn't ask for it...please just disregard if it's not necessary...I know you didn't ask for it. I will work hard to not send you what you didn't ask for. also: I did a search and was reading about MGtools.exe being a virus...are you familiar with that rumor?

 

here is the other log plus the silent runners
I really do appreciate the help.

 

Hi frierc

Please do the following:

1) Go to add/remove programs and uninstall the below:

Viewpoint Media Player
Java(TM) 6 Update 5

2) Reboot after uninstalling the above.

3) Install the current version of Sun Java from: Sun Java Runtime Environment

4) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


5) Run C:\MGtools\analyse.exe by double clicking on it. (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


If you did not set the following restrictions, please fix them as well.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Do the following belong to programs you know or want to keep? If not, please fix them as well.

O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_32.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_32.dll

After you click fix, just close hijackthis.



6) Now run CCleaner at the default setting with the Windows tab as the top one.

I don't see anything further in your logs. When you've completed the above, please go ahead with the final cleanup instructions.

abri

 

I'm on it! Will Post Back very soon.....

 

Looks Good!!! I'll just stay away from any nefarious activity all together from now on....I need my cpu way too much to have to worry about system reliability and security.....
Wow...
out of the things that were found in the scans...what do you guys suspect I had?

 

Glad things are working better!

No suspicions, we just look for things that don't belong on your computer because they lead to problems.

Hope things continue to go well!

abri

 

things are looking better...
and I feel more confident and informed
thanks for that

...I have a question
I was told, that it is smart to do a wipe and reinstall every six months windows xp vista 2ooo. Is that right? and if and when I do a reinstall, should I allow for extra partitions for backup or recovery? other operating systems? what is 'nice safe and practical?

 

Hi frierc,

You're welcome.

I don't think any damage comes from reformatting your computer, but if you have any infected files in the data you've backed up, you will have the same problem you had before. By practicing safe surfing, making good use of system restore, keeping your programs updated and backing up your data regularly, I don't know that you stand to gain much by reformatting. You can get rid of some types of rootkits this way, but you have to wipe your partitions, so making partitions just to keep data on would defeat the purpose. I think to some degree it's a matter of what works best for you. What I found helpful in some instances was having a small second partition with a second operating system which saved me in several emergencies.
abri