Please help remove a TROJAN

I have tried to delete this file C:\WINDOWS\system32\hgGyyaXN.dll

My desktop disappears after 3 minutes of use. I cannot start explorer.exe

 

Hi kashmid,
Welcome to Major Geeks!

You have more problems than just that one file. Please go through the instructions in the READ & RUN ME FIRST and attach the requested logs. (We don't use inline logs here - you can attach them using the Manage Attachments button down a bit under the reply window.) You should find some relief from the symptoms you're having as you work through the instructions. If something doesn't work, make a note of what happens and then continue on until you've completed the instructions. After we get your logs, we can better help you. If nothing works at all, please tell me that as well.

Thanks.
abri

 

Abri,

I am attaching all files per the instructions.

I did not have a log for Malwarebytes.

Prior to your email, I had run numerous other scans that helped a little. I think I am in much better shape.

Thanks,

Kerry

 

Hi kashmid,

I have a question about the following entries. Do these need to be in your trusted zone? If not, I recommend running HijackThis and fixing them. Most entries like this don't need to be in the trusted zone for the connection to work. There are a few exceptions.

O15 - Trusted Zone: *.olivegarden.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://learn.vt.edu

The other files which are noticeable are the following. If you don't know what they are, I would simply delete them. They came in on Oct. 4th last year. If you want to delete them in such a way that there will be a backup, then ask me to give you the instructions for this. They can be deleted with a backup using Combofix but there are certain instructions for this. Alternatively, you can rename them by adding .zzz to the end and seeing if this results in any problems for your running programs. If you don't notice any problems, you can delete them after about a week when you've had a chance to use your computer without them.

C:\WINDOWS\GndGGGg.dat
C:\WINDOWS\KndKKKg.dat
C:\WINDOWS\nGdGGfg.cfg
C:\WINDOWS\nKdKKfg.cfg


And finally, what is in the following folders? You can open the folders, but don't click on any of the files. For more information about the folders or any files they contain, you can right-click on them and look at properties:

C:\WINDOWS\Crystal
C:\Program Files\Common Files\e.World


I'll wait for your reply.
abri

 

Hi Abri,

I fixed the following with HijackThis:

O15 - Trusted Zone: *.olivegarden.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://learn.vt.edu

I just deleted the following files:

C:\WINDOWS\GndGGGg.dat
C:\WINDOWS\KndKKKg.dat
C:\WINDOWS\nGdGGfg.cfg
C:\WINDOWS\nKdKKfg.cfg

The following folders were related to a program that converts your Outlook Contacts to an ACT DB for Handhelds. I deleted the following folders:

C:\WINDOWS\Crystal
C:\Program Files\Common Files\e.World

I then emptied the Recycle Bin.

Thanks Kerry

 

Hi kashmid,

Please go ahead with the final cleanup instructions:

abri