Removing Downloader.Generic.ywm

Hello Guys.

I have been Running scans and resurching for days now. I was just about to run HJT and submit a log file. I think I finnaly got rid of this frigging thing !!!

I have a few questions if you don't mind.

I performed all the cleaning steps from the website. GREAT info by the way. But I ran into a few problems.

1) Spybot found 3 Command Services.

1) HKEY.local.machine\system\controlSet003\services\cmdservice

2) The SAme With "controlSet001"

3) HKEY.local.machine\system\controlSet\services\cmd

Spybot detected these as Malware and said they were resident and wanted to restart when computer starts. Running XP in Safe Mode. But Spybot wouldn't come up and finnish the job when restart in Safe Mode.

Only would come up when restarting in Normal. Then would find the three files again and want to restart again.

Q. Why didn't Spybot start up in safe mode when it asked me ?

Spybot also asked me to go to the Windows folder and look for the Command.exe file and delete the folder that it is in. I didn't do this because it said to do it after the files were removed. Since it didn't remove the files I did not delete the folder that the Command.exe file was in.


Q. I couldn't get Bitdefender to work. It said that Service Pack 2 was detected and to click on the information bar and select Active X Control. The information bar did not show up.

I also followed some instructions to enable an add on in explorer that they sugested. That didn't work as well. Any insight on that would be great.

One last thing here.

I was originally was running Norton 2005, but uninstalled it and downloaded AGV. On my initial scans it was detecting the "Trojan Downloader.Generic.ywm" (drsmartload.exe ).

The computer was poading the "ABoxlnst_int13[1].exe to Documents and Settings\My User Profile\......Temp Internet Files.

I don't expect you to solve any of my problems with that information. I just needed a bit of help with the cleaning procedure.

Being the only user on my pc when I restart in Safe Mode there is an administrator account and my profile. Do I run all the cleaning procedures on both profiles ? and does it matter which one first.

Thanks a million in advance.

Tomas

 

Just go ahead and finish the scans from our tutorial, and post the logs. Ideally you will want to run the cleaning procedures from all user accounts. For right now you can do them from an account with adminstrative privlileges. We will deal with what ever is found after I look at the logs. If Spybot is finding Command Services as bad they will most likely show in your HijackThis log.

 

Hello SPD. Just got got back from seeing "The White" Led Zep tribute band....very load !!!! very good !!! Needed to vent after 4 days of killing this Trojan....Not sure if it is gone here.

I run a DJ service and Photography Company and am swamped for the next 4 days. I will run the scans and post the logs ASAP. Should I post here or start a new thread.

Thanks for the reply. I know you are very busy and I appreciate it. Keep up the great work.

Tomas777

 

Post the logs in this thread, no need to start a new thread.

 

Hello SPD. Thanks to the cleaning instructions in the forum here I'm virus free. I'd be lost without this site.

Cheers

Tomas

 

Go ahead and post at least teh HijackThis log and I'll take a look, just to make sure. Sometimes, there are things in there that aren't found with the other scanners.

 

Hello SPD. Here is the log file. Thanks for taking a look at it.

Tomas

 

Fix this line in HijackThis:
R3 - Default URLSearchHook is missing

Otherwise your log is clean.