Trojans and possibly more.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Tourangh, Sep 20, 2008.

  1. Tourangh

    Tourangh Master Sergeant

    Well it is my second thread in the malware area in my time here unfortunately =(
    I just want to say thanks ahead of time to whichever one of you guys help me since I know that this is something you do on your free time and yet still continue to do it.

    Well first off I am using windows vista. I am running avira for my anti virus and regularly update and run this and other scans such as spybot.

    I have ran the read and run first thread. But I seem to have a problem. This is my hypothesis at least, these scans for the most part overlook the virus as a result of something the virus does. For example when spybot is checking for win32 etc.. I get pop ups from avira saying there is a virus but spybot does not end up finding any problems. MGTools refuses to work for some reason and I have run it on the same computer in the past without a problem. I also am unable to find my vista disc so combofix was not run.

    I am not able to uninstall any previous AV in the uninstall section of control panel and I am constantly being told by avira I have a trojan of some sort(3 times during this post).

    I'll attach some loge files(Malbytes was only one to find anything) and hope for some more guidance.
     

    Attached Files:

    Tourangh, Sep 20, 2008
    #1
  2. Tourangh

    Tourangh Master Sergeant

    Figured I would throw in what avira is saying the problem is.
    Virus or unwanted program 'TR/Hijack.Explor.5165 [trojan]'
    detected in file 'C:\Windows\System32\rpcnet.dll.
    Action performed: Deny access

    Of course when I deny access it does nothing. I got to safemode and quarentine but when I reboot the virus is just in a different file in the system32 folder.
     
    Tourangh, Sep 20, 2008
    #2
  3. Tourangh

    Tourangh Master Sergeant

    Heres a HiJack this log if it helps as it seems like the previous logs are not helping.
     

    Attached Files:

    Tourangh, Sep 21, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry but we do not want HijackThis logs and you do not even have the correct version. You need to explain exactly what your problems are with MGtools. Did you follow the instructions properly for using it with Vista? Did your turn off UAC and reboot.....etc?

    It appears that you are not following all instructions in the READ & RUN ME as you have multiple antivirus programs running. I saw Avast, Avira, and McAfee in your logs. You implied you have problems uninstalling other programs. Did you try uninstalling older antivirus programs before the others were added? It is important to uninstall the first one before adding another. Not doing so just makes things worse and could lead to the inability to actually uninstall the older programs. Did you try uninstall all but one of these before starting the rest of the instructions?

    If you are having problems getting McAfee uninstalled then run the below:

    McAfee Consumer Product Removal Tool

    What exactly is Avira reporting and where exactly is it reporting the infection?

    Note: You don't need your Vista CD to run ComboFix. You only need it to install the Recovery Console which is highly recommended but not necessary. But don't run it right now. I want to first understand exactly what your real problem is. If you are just getting a warning from Avira while Spybot is scanning, it is most likely just a false positive detection cause by the Spybot scan.
     
    Last edited: Sep 22, 2008
    chaslang, Sep 22, 2008
    #4
  5. Tourangh

    Tourangh Master Sergeant

    First off with my multiple antivirus programs, I have had a decent amount of them in the past and I think with the older ones I could have possibly installed the new one before I uninstalled the previous one. I think that is most likely what happened but before I switched from avast to avira I was fairly sure that I uninstalled avast first but it seems that I have not.
    My symptoms are mostly the avira warning when no other program is running I still get the pop up giving me the warning. Also I have had avira for about a month now and the trojan warnings have just started poping up last week so I do not thing they are false alarms. I have also noticed that firefox randomly freezes since last week. This might me imagining things but I also thing I have noticed some slowness in my computer as of recent times.

    Should I attempt to run the read me again or will the previous AV problem just hinder me?
     
    Tourangh, Sep 23, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First you need to uninstall ALL antivirus programs except the one you plan on keeping. For McAfee, you need to also run the below:

    McAfee Consumer Product Removal Tool

    Now you need to try running MGtools again and make sure you are following the instructions given for running it with Vista. If it does not run, you need to explaing what problems you are having. If it does run, you need to attach the C:\MGlogs.zip file.

    Also tell me what the below is and is it being detected as a problem by your scans?
    C:\Program Files\StealthBot\StealthBot v2.6R3.exe
     
    chaslang, Sep 25, 2008
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds