Trojan.Klone.H, Win32:Dialer-gen13 or Trojan.Downloader.Small.CML

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by lanche, Oct 29, 2006.

  1. lanche

    lanche Private E-2

    Hey, guys, first of all thanks for all the kind and unselfish help you are giving us, poor people, desperately in need of clensing! Take me, for instance, this struggle is going on already for 10 days, I thought I will learn through your posts and will be able to help myself, but I arrived nowhere. So, I am opening this new thread.

    I am under Windows XP SP2, have Avast anty-spy, and Spyware Doctor & CounterSpy as a spyware protection. All was well until, 10 days ago, I think my kid (13 years) downloaded something nasty (I think through Internet Download Manager or torrent or some similar software) and since that day - when we are on the Internet (first it was IE 6, than 7 and finally Firefox) every 15 minutes Avast is popping up with the sound-siren telling me I have a Trojan Win32:Dialer-gen13 [Trj] that is trying to connect (I suppose to some site?) and I reject that connection, but in 20 min it's all over again. Since then, we got a lot XXX pop-ups and explicit images during browsing, with xxx sites even finding out the country we are living in so is now they are offering me a "Mate or Friend" in my hometown, or similar stuff.

    I cleaned with Avast many times but it obviously cannot kill it permanently. Spyware doctor tells me he removed it (although calling it Trojan.Downloader.Small.CML), but next time I start the Internet browser the Avast finds it again.

    I went through your READ & RUN, and did all the necessary steps except the stage 6B (GetRunKey & ShowNew) because, although this is my Home PC, as of 3 days ago I don't have Administrative privileges, and I cannot run this two programs ("Registry editing disabled by your Administrator"). So, I skipped that and went straight for HijackThis. Needles to say that after all that cleaning in SafeMode, etc. - it's still there.

    Will attach 3 files now and PandaActiveScan and HijackThis in next message.

    Please, help if you can, I obviously cannot do it myself.

    Thanks a lot in advance!

    LANA
     

    Attached Files:

  2. lanche

    lanche Private E-2

    See attached logs.

    Thanks!
     

    Attached Files:

  3. lanche

    lanche Private E-2

    Figured out, by reading your HijackThis explanation, how to enable running GetRunKey and ShowNew (I let HJT fix my O7 key), so am attaching those two now with fresh HJT log.

    Lana
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are not showing any real major malware issues. There are a couple of minor things to do (I will give steps below) however I see no obvious malware. If you are getting reports of infections you need to give a log that show exactly what and where it is being found. The Trojan.Klone.H showed in your BitDefender log but it was in a CounterSpy Quarantine and BitDefender deleted it anyway. The other report for Klone.H was in System Restore and can only be remove by toggling System Restore off then back on.

    Is your copy of Spyware Doctor a paid or free trial version?

    Now Copy the bold text below to notepad. Save it as fixWLK.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    After clicking Fix, exit HJT.

    Paste the below file list into the program given in this procedure: Using GetDetails
    Then attach the log that is created back here as an attachment.
     
  5. lanche

    lanche Private E-2

    Hi Chaslang! Thanks a lot for your help!

    After doing my READ & RUN routines per instructions, my PC allready got a lot better - the annoing dialing from the Trojan Dialer stopped, although the xxx ads and pop-ups still remained. Still sluggish, though.

    I got quite desperate while waiting for your reply, guys, and since I didn't want to BUMP I tried few more things, namely the Kasperski Online scanner (didn't find much), and also flushed my restore points and created a new one.

    Now, I followed your instructions and am attaching GetDetails report together with new HJT log. Also adding Kaspersky log FYI.

    Thanks a lot for all the help that can be given!

    Lana
     

    Attached Files:

  6. lanche

    lanche Private E-2

    Forgot to tell you that Spyware Doc is not a paid but a trial version. Am only running the CounterSpy full version along with Avast Home Edition. Also am planning to add Zone Alarm after we clean the PC as per your instruction. Also please suggest which antyspyware programs to uninstall, if necessary. I have Spyware Blaster, Spyware Doctor, SpyBot, CounterSpy, AVG Antyspyware, AdAware SE Personal, SUPERAntySpyware Free. A lot of it I downloaded just recently, while fighting this beast.

    Thanks for helping me!

    LANA
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Since CounterSpy is a paid version you should uninstall the below:

    AVG Antispyware
    Spyware Doctor
    SuperAntiSpyware

    Keep the others!


    Your logs are clean. Are you having any current malware problems?
     
  8. lanche

    lanche Private E-2

    Hey, everything seems to work fine now, consider it SOLVED!

    Many, many thanks to you, guys, for your kind and promt help!!! Hope you'll keep up helping people in the future.

    All the best!

    Lana
     
  9. lanche

    lanche Private E-2

    Hi, there is one more thing... Altought my logs are clean and Avast AntyVirus did not warn me of anything new lately, my PC is still sluggish, often CPU 100%, Task Manager reports 6 instances of svchost running simultaneously, and God knows what else. Also, when I reboot or shut down there is (almost always) dialog box: Ending program explorer.exe (This program is not responding), and I have to click End Now in order to reboot or shut down. Sometimes it says the same for Word, or Internet Explorer or Connections Tray and other programs that I am trying to close.

    Maybe you'll spot something from my new HijackThis report?

    Thanks a lot, once again, for realy quick & kind help!!!

    Edit by bjgarrick: Inline log attached!
     

    Attached Files:

    Last edited by a moderator: Nov 5, 2006
  10. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    lanche,

    Have HJT fix the below entry. Once you complete the removal, run CCleaner to cleanup any junk files. Once completed, reboot and let me know how things are running.

     
  11. lanche

    lanche Private E-2

    Thanks BJGARRICK for your help. Did as per your instruction. Things are running bit better and faster now. Hope this PC problem is solved!

    Best regards,

    LANA
     
  12. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds