1st post - Have Trojan - Have HJT log file and no clue

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by joe_C, Jun 23, 2005.

  1. joe_C

    joe_C Private E-2

    Ok, Command Antivirus is giving me this:

    instafin.dll (destructive program)
    lmf32v.dll W32/backdoor.po (infected)
    lmf32v.dll W32/backdoor.po (infected)
    Xhrmy.exe W32/Agabot.DZZ (infected)
    Xhrmy.exe W32/Agabot.DZZ (infected)

    Please advise -

    My email is lewix18@yahoo.com if that helps later on in the thread
     
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    After doing ALL of the above if you still have a problem:


    [​IMG] Download HijackThis 1.99.1

    [​IMG] Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    [​IMG] Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

    [​IMG]Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    [​IMG]Run HijackThis and save your log file.

    [​IMG] Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

    [​IMG]Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
     
  3. joe_C

    joe_C Private E-2

    Thank you for responding... I am in safe mode now and I cannot get Trend Micro's scan to work.

    I let it install the active x controls, but it shuts down the browser after it starts to scan


    I have tried ten times rebooting and all into safe mode and it's not working (trend micro scan)
    I have downloaded all the spyware tools on the "Do this first Page"

    but I can't get past this step
     
  4. joe_C

    joe_C Private E-2

    I cannot get Symantec's scanner to run either... what should I do next? - - - Still in safe mode
     
  5. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Download the following two files, create a folder on your desktop, call it TSC. Save these 2 files there!

    Sysclean Package

    Pattern.zip

    Once you have these downloaded into the folder you just created, double click the file sysclean.com

    When the system cleaner loads, click SCAN to start the scanner. After the scan is complete reboot and attach your log along with a fresh HJT log.
     
  6. joe_C

    joe_C Private E-2

    sysclean finished, I rebooted and am in Normal mode (winxp pro w/restore temp disabled)

    I think I have attached the logs

    Thanks for the help.
     

    Attached Files:

  7. joe_C

    joe_C Private E-2

    Adware spy says it fixed 417 problems
    Ad-aware says it fixed 67 problems
    Spybot search and destroy found a bunch of problems
    list goes on
     
  8. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    joe_C,

    Attach a fresh HJT log and we will pickup on the cleanup procedure.
     
  9. joe_C

    joe_C Private E-2

    Well, That last attachment was my latest HJT log - But now I am back where I started. Here is latest info: - I was able to run other spyware busters in safe mode (as mentioned before) - that seemed to help because I was able to then run the online scans - ran all the spywares again and rebooted (they caught stuff) - (repeated everything) Then command was able to delete the infections I mentioned earlier.

    Everything ran faster, smoother - no spywares - virus etc.

    PROBLEM SOLVED.

    But no...

    My Radeon 9800 bit the dust :( I have just installed the latest and greatest wally-word GeForce 128 :p

    As soon as I reconnected all the cables and booted-up I Saw that command detected these same files again!

    instafin.dll (destructive program)
    lmf32v.dll W32/backdoor.po (infected)
    lmf32v.dll W32/backdoor.po (infected)
    Xhrmy.exe W32/Agabot.DZZ (infected)
    Xhrmy.exe W32/Agabot.DZZ (infected)

    Adware caught like 47 objects when it booted up as well.


    So where did I go wrong? On of the first steps that I followed was the instructions to disable windows restore... but it seems that for some reason - Windows still restored itself??

    - I think it did this because when the video card died, the system crashed and went back to an old restore point. (gut feeling guess)

    Pls advise - I have missed a step or not done somthing correctly. I had it! - was soooo close :)

    In the meanwhile, I am going to start back through all the procedures until I hear word from you. - Thanks for helping!
     
  10. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    It probably wouldnt hurt to run the READ ME again since you have been restored. In the meantime run the below and see what is found.

    Download Spy Sweeper 4.0.3.363 and install it.

    After you install make sure you get the updated spyware definitions. Then do a full sweep removing all infections. After you remove the infections with SpySweeper, reboot and attach a fresh HJT log.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds