trojan-downloader-conhook & other Malware Infections

The issue that brought me to this forum is that SpySweeper found "trojan-downloader-conhook" in these 2 locations:

HKLM\software\microsoft\dstr5
HKLM\software\microsoft\rasap2k

It also found 2o7.net cookie and ask cookie.

My Dell Inspiron 6400 system configurations are:

WinXP Media Center Edition, ver. 2002, SP2
1.66 GHz CPU
80 Gig HD
512 Gig RAM
Symantec Client Security with current definition files

I followed all the steps in "READ & RUN ME FIRST Before Asking for Support". Following are some notes while performing some of the steps:

Section 0: Preliminary House Cleaning: I removed SearchAssist and Url Assistant. I'm not sure if they are a problem but I removed them anyway.

Section 5: Cleaning Malware: No problems found, however, I ran Spybot before starting these instructions and it found Wild Tangent and was removed successfully.

After running the on-line scanners, more problems were found and I've attached the requested logs. I hope I've followed the directions sufficiently and apologize if I've overlooked anything. I really appreciate any help you can provide. My daughter is taking this laptop to college next month and I want to ensure it's problem-free when she goes. Thank you very much!


Inline HJT log converted to attachment

 

BitDefender found:
C:\WINDOWS\system32\pmnlmml.dll

Panda only shows cookies, these are of no real concern. You can delete them if you wish.

Boot to Safe Mode.

Open Windows Explorer; navigate to C:\WINDOWS\system32\pmnlmml.dll <<== Delete the file. Close Windows Explorer.

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh BitDefender Online log and a log from SpySweeper.

 

Hi, Did a search of C:\WINDOWS\system32\ but did not find the file: pmnlmml.dll.

I ran the BitDefender Online SpySweeper and have posted the logs as requested. Thank you very much for your help.

 

Sorry for the double-post, it seems I didn't attach the logs correctly.

 

Download
- Registry Search Tool

Unzip to your Desktop and double click on regsrch.vbs
(if you have script protection, please allow this to run)

In the dialog that opens enter the following:

Press 'OK'

The search will run for a while then alert you when it is finished.

Press 'OK' and copy the contents of the WordPad window and post in this thread

Repeat teh process for dstr5.

 

Hi there, here are the 2 logs as requested. Thank you!

 

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop. DO NOT run it as this time we will do that later in Safe Mode.

Close Notepad.

REBOOT to Safe Mode.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

REBOOT to Normal Mode.

Do a scan with SpySweeper. Does SpySweeper still find those keys.

 

Hi, I followed the directions, ran SpySweeper, and the keys were not found. Just some spy cookies were found. Does this mean the issue is resolved? If so, that's great! I thank you very much for your expert help. Is there anything else I should do from this point?

 

Post a fresh HijackThis log, let's see what that looks like.

 

OK, here's the log - I hope we're good to go!

 

You have 2 instances of winlogon.exe running.

Follow the directions for Running WinPfind by OldTimer.

Post WinPFind.txt when finished.

 

I posted a new thread for a different issue on a different computer. The thread titled "Trojan-Downloader-Conhook & Other Malware Infections" that was affecting a laptop.

The thread titled "Possible Trojan - System Running Slower Than Usual" is an issue that is affecting a desktop computer.

I'm sorry for any confusion this may have caused. Thank you!

 

Hello - Here is the WinPFind log for the desktop. Thank you!

 

WinPfind did not sow me what I wa looking for.

How is your computer running?

I have re-opened your other thread and will be responding after I have reviewed the logs.

 

The laptop seems to be running better now. I have Symantec Client Firewall and Anti-virus installed on it. Should I continue to use it or do you recommend another firewall/anti-virus program?

I also have PestPatrol, Ad-Aware, Spy-bot, and SpySweeper installed. Is this overkill or do any of them cause a conflict with my Symantec Client software? I just want to have the best possible tools to protect against future malware.

Thank you for all your help!

 

Symantec is a bit resource intensive, and can cause performance issues.

Spybot, Ad-Aware, SpywareBlaster, Windows Defender, a firewall, and 1 AV applivation should be sufficient. SpySweeper is an excellent product. If you have a current subscription keep it.

With both Symantec and SpySweeper on your system, you will experience performance issues.

Flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.