Unable to remove trojan despite following read and run me instructions

hi,
I have already done steps 1 to 6 of "READ & RUN ME FIRST Before Asking for Support".

Here are the pertinant logs.

I still get popups frm symanec about a trojan.

Please help!!!!

Thanks,
KPKS

 

Download
- Pocket Killbox


Run Pocket Killbox:

Choose Tools -> Delete Temp Files and click 'delete selected temp files' wait for this to complete and click the RED X.


In the combo box at the bottom select the following processes if found one at a time and click the yellow 'end task' button

Code:

win11.tmp.exe
win2B.tmp.exe
srvjbg[1].exe

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Navigate to and DELETE the following:

(Som of the files may have already been deleted by Pocket Killbox)

Let me know if you can't delete any of these files.

Rerun Activescan and post a log.

Post a fresh HijackThis log

 

Hi,
Thanks for the advice! I followed it to a T and when I went back to delete the
files only win2B.tmp.exe was around.

Here are the latest activescan and hijack logs:

 

Did you delete it ? or is it 'Still around', your activescan didn't pick it up this time, (it only found the backups killbox made in the root of c

Do you know what martaonline is, you have domain hijacks going to addresses that resolve to mantraonline

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.



Now boot into SAFE MODE

Navigate to and DELETE the following:

 

You also no longer have any need for win32delfkil or the killbox backups

You can remove the following folders

Once you've done this run this online trojan scan to make sure theres no pesky relations to the first trojan on your computer.

 

Hi,
Thanks a lot for all your help!

Symantec hasnt complained in 2 hours.

I had to delete the asquared.ocs file from c:\windows\downloaded programs because I kept getting an access violation error when I tried to run the Trojan scanner. It is finally running now and showed some low risk files - cookies and wmdevice.exe in the launchmanager directory which I've deleted..

I have no idea who/what is martaonline. My infected laptop is on a wireless permanently-on DSL. I guess I will start with making my wireless secure.

Thanks a lot!

 

You want me to take a look at the trojan scanner logs ?

Have a look at this thread on How to protect yourself from malware

 

Hi,
I just ran Trojan scan once again, I only got some cookies! Everything else on my system was clean.

Thanks for the malware link. I m looking at it now.

Thanks a lot for all our help!

Regards,
KPKS