Major confusion, trojans, no trojans?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by zlaser84, Feb 22, 2006.

  1. zlaser84

    zlaser84 Private E-2

    Hey guys,

    First post here, be gentle...so, I've been researching some malware removal processes, and I stumbled on to this website. I read through the whole removal process in that one sticky "READ & RUN ME FIRST..." and I attempted to go through the whole process myself with some success. However, when I got the HJT logs and how to decipher them, I was a little confused.

    I looked more into it and most of the stuff made sense to me, but see, my problem isn't with deciphering the HJT log codes, it's with my own system.

    After running through the whole process, I found that I had 1 spyware instance according to one scan, 95 according to another scan (Panda online), and the most consistent one I've come to believe is my BitDefender scan: a file "BehavesLike:Win32.RemoteInjector", and 12 instances of "Trojan.Downloader.Small.BKE" and "Application.Adware.NewDotNet.B.Dropper".

    Now, I'm not too sure what's wrong with my system since I'm not really experiencing any problems, but I'm concerned that these trojans have infected my system without me knowing. I don't know if these are some sophisticated trojans or just some everyday plain trojans...I'm confused.

    I figure if these files were meant to cause some harm, I would have experienced some sort of problems by now, but I haven't. Am I worrying over nothing, or is there something severely wrong with my system that's got 12 trojans but I just don't know it yet?

    Please help me out, I'd greatly appreciate it. Thanks guys, later

    -JJ
     
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Welcome to MG's!

    Please attach the two logs from the online scans along with a current HJT log.
     
  3. zlaser84

    zlaser84 Private E-2

    Hey bjgarrick,

    I've attached what you asked for, but I thought you should know that the first time around after I ran HJT, there was a line in the log with "Accoona" in it. I forgot what it was, I think it was within the first 10 lines or so, but I ran HJT again after that and it didn't show. Does HJT fix certain obvious malware automatically, or did the "Accoona" file run off and hide itself somewhere in my system?

    At any rate, here are the logs, I hope they reveal what problem(s) I may have. Thanks again, later

    -JJ
     

    Attached Files:

  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    The Bit Defender log, can you attach the HTML for it so I can see what exactly the infections are?
     
  5. zlaser84

    zlaser84 Private E-2

    I don't know what you mean. Did I save the file in the wrong format, or is there another way I can save it, say as a .html file? I don't remember the online BD scan showing all the infections.

    If it helps, I'm attaching a current scan of the files that are infected. I've already located them and every time I scan them, they can't be disinfected. I downloaded some new themes for my system that work with ThemeXP a long while back, and when I ran a full system scan with BD, they popped up; I moved them to a folder on my desktop so I wouldn't forget the location. Then, I was going to delete them from my recycle bin, but I didn't know if that would delete them from my system completely. This is where I turned to you guys.

    I hope this helps. Thanks, later

    -JJ
     

    Attached Files:

  6. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Before we start, the folder below, is this yours or what exactly is it?

    C:\Documents and Settings\JJ\Desktop\Remove these
     
  7. zlaser84

    zlaser84 Private E-2

    Yeah, that's where I placed the files to be removed
     
  8. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Okay! Delete that folder, reboot and attach a fresh HJT log.
     
  9. zlaser84

    zlaser84 Private E-2

    Will that completely delete the trojans I've got in my system, though? That's where I got confused originally. Won't there still be traces hidden somewhere in my system?

    I guess I'm just worried about one day waking up to find my stuff gone after starting up my computer. I don't like knowing there may be something wrong with my system and there's nothing my antivirus software can do about it.

    All right, well I'll try that as soon as I get back to my system, I had class at 2:30 and I won't be in front of my computer till about 9:00 tonight. I've got a few more questions, though; what did the scans reveal about my system? Did I rid my computer of spyware completely? Is my registry safe now? I guess reformatting my drives is last resort, but do you think I'll really need to do that in this situation?

    Thanks again bjgarrick, later

    -JJ
     
  10. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    I understand your concern but you must be patient and follow my instructions. We can only do things one at a time so please be patient.

    Start by attach a fresh HJT log.
     
  11. zlaser84

    zlaser84 Private E-2

    All right, I'm back in front of my computer and I just finished running HJT. Here's the log you wanted. Thanks again bj, later

    -JJ
     

    Attached Files:

  12. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

  13. zlaser84

    zlaser84 Private E-2

    All right, here's the WinPFind log you asked for, bj.

    -JJ
     

    Attached Files:

  14. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Your logs look good, however there is one last thing we need to clean.

    Be sure you have the viewing of hidden files and folders enabled and the box next to "hide protected operating system files" unchecked.

    After you do the above, navigate to the folder below...

    C:\RECYCLER

    Delete everything in this folder, reboot and let me know how things are running and if anything is being detected.
     
  15. zlaser84

    zlaser84 Private E-2

    All I see in that folder is the "NPROTECT" folder and a recycle bin with a long numbered name. Do I delete the NPROTECT folder altogether, or just the contents of it, or do I just leave it alone? Do I delete the NPROTECT folder and the recycle bin icon? I don't want to delete something I'll regret, thanks, later

    -JJ
     
  16. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Delete everything in the folder "NPROTECT".
     
  17. zlaser84

    zlaser84 Private E-2

    Bj,

    I tried getting rid of all the files but there's one that just won't go away; it's a MS Office Outlook config. I scanned it and BD didn't find anything wrong with the file. But when I tried Ccleaner, this file just wouldn't get deleted.

    It's still in my recycle bin and I can't seem to delete it. I still haven't rebooted yet, but after I reboot, I'll run another scan with BD and CC and see what comes up. Think this is gonna be an annoying problem? Let me know, thanks, later

    -JJ
     
  18. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Reboot into Safe Mode and delete everything in the C:\RECYCLER but the "NPROTECT" directory.
     
  19. zlaser84

    zlaser84 Private E-2

    It worked, thanks bj!

    So am I done cleaning out my system, or are there a few other things I've gotta do? Let me know, thanks again, later

    -JJ
     
  20. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

  21. zlaser84

    zlaser84 Private E-2

    Thanks for everything bj, I greatly appreciate it!

    Now, I do have a few more questions, though. It takes my system a good minute after start up to load up a webpage. I know BD takes a little bit to load, and so do a few other programs. But what can I do to speed up my system other than upgrade (I'm running a 1.7Ghz/1G system)? And if the upgrade is the only answer, what combination mobo/chip/ram would you recommend?

    Again, thanks for everything, later

    -JJ
     
  22. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    The BD and Windows Defender takes a lot to load and run. The Windows Defender is most likely what's bogging you down so bad. It can be a number of things. Windows XP runs best with a minimum of 512 MB RAM.

    If you like you can post in the Software Forum and those guys may have a few suggestions for you.

    Good Luck!:)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds