trojan horse collected.5.l

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by manonamission, Jun 13, 2005.

  1. manonamission

    manonamission Private E-2

    i cant get rid of this trojan ...it keeps coming back even when i delete it in safe mode.....its probably in a file called msdirectx.sys...ihave HJT could post u the log file ...please help
     
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    After doing ALL of the above if you still have a problem:


    [​IMG] Download HijackThis 1.99.1

    [​IMG] Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    [​IMG] Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

    [​IMG]Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    [​IMG]Run HijackThis and save your log file.

    [​IMG] Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

    [​IMG]Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
     
  3. manonamission

    manonamission Private E-2

    hi i have HJTin a seperate folder.....this is the log that i got
     

    Attached Files:

  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


    Now scan with HijackThis and Check the Boxes for the following:

    Make sure All Browser Windows are Closed when you Click FIX.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

    F2 - REG:system.ini: UserInit=userinit.exe,setup32.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    (This was added from Spybot S&D or Ad-Aware, this needs to be removed)

    Again, make sure All Browser Windows are Closed when you Click FIX.

    NOW:
    Navigate to and DELETE the following if they should remain:

    D:\WINDOWS\System32\setup32.exe

    C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

    NEXT:
    Run CCleaner and Spybot S&D and have Spybot fix what it finds.
    Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

    Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin


    And Click OK.


    Reboot to Normal Windows , Scan with HijackThis and attach the new log.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds