Downloader trojan, pop ups, Near the end of my line!

Hi all thanks for looking. I have followed all the directions from this thread http://forums.majorgeeks.com/showthread.php?t=35407 3x now(including section 8). I looked over this section http://forums.majorgeeks.com/showthread.php?t=74501 but I didn't see anything similar to my issues. Kasperky's says I have a Downloader trojan, Bit Defender says Backdoor.Hacdef.BO (some under system volume which I am unable to access to delete). After going through the directions I will still get pop ups and I am just about ready to reformat and reload this system. I will post a Hijack this Log in anticipation of it being needed.

• Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

Thank you so much for reviewing my post Bj. I ran the spysweeper and it found a lot. My computer seemed to freeze in the middle of the fixing process. I took the following logs after restart.

Sorry for the paste, but I was unable to upload the notebook file, it was too large.

Inline log attached!

 

Since it found so many things, go back and run it once more in Safe Mode then attach a new log with a fresh HJT log.

 

Thanks for the fast response BJ, Here are the scan results in safe mode.

 

Download this trial version of Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will have a window come up. One of the buttons on the left is to Update. Click the Update button.and then Start the Update. The update will start and a progress bar will show the updates being installed.
• After it completes the update, click the Scanner button

Now exit Ewido. Now print the below instructions or save them locally because I want you do have no browsers opened and also have no connection to the internet (unplug your cable) while doing the below.

Okay, reboot into safe mode and follow the steps below. (If you have any problems at all trying to get into safe mode to complete these steps, just run them in normal boot mode and make sure you tell me when you come back.)

Open up Ewido and do the following:

• Click on Scanner
• Then click Settings
• Under What to Scan? Select Scan every file
• Then click OK
• Click on Complete System Scan and the scan will start.
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop or anyplace you will be able to find it to upload here.

Reboot into normal mode and reconnect to the internet.

Come back here and post the Ewido Scan Report along with a fresh HJT log.

 

Here is the latest. Ewido in safe mode with no connection to lan or wan. Thanks again for looking.

 

Scan with HijackThis and Check the Boxes for the following:

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you complete the above, reboot and let me know how things are running.

 

Fixed, cleaned, ran adaware and spybot, all seems to be working well. Went to about 3 of my trusted sites that used to end up with pop ups, now no pop ups at all. Thanks a million BJ.

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!