Trojans and Toolbar problems etc

Discussion in 'Malware Help (A Specialist Will Reply)' started by ccwiztech, Jan 6, 2008.

  1. ccwiztech

    ccwiztech Private E-2

    I have been working on this problem for a week cleaning and removing problems at different times and new problems developing.

    Initial Complaints and progress:

    Possible Google and Ebay toolbar hijacking. Ebay had to reset my password many times. After digging and running scans, several Trojan viruses were found attached to files that were downloaded over a year ago, so these buggers were buried deep.

    Google’s Gmail Notifier program stopped working and will not reinstall properly. I tried to install the Google Talk program instead from the web page, but clicking on that button does nothing and gives me the “Done with errors on page” message in the lower left message bar. Perhaps something got installed or corrupted which prevents me from installing these. Help.

    Both toolbars have been uninstalled. Found a Comcast toolbar and removed it as well. I need the Ebay toolbar and Gmail Notifier back when computer is clean. It’s business.

    McAfee Security Suite - Real-time and email scanning is being disabled intermittently. Opening the Program and selecting Fix did not fix anything. After rebooting, the program comes back as “normal”.

    Computer taking longer to start up. Internet Explorer taking MUCH longer to start up and web pages taking long to load.

    Is it true that a lot of bookmarks can slow down the browser?

    Unable to view some items on some pages and getting the white box with the red X. Message in lower left bar reads: “Error on Page” or “Done, with errors on page”. I don’t know what settings to use in the Zones anymore after all this confusion. Could use a screen shot or reference page.

    I had removed MS Java sometime ago and installed Sun Java. It’s updated. I also did windows critical updates a few days ago. I don’t know if that put the MS Java back on my machine, but it was there and I removed it again.

    Trojans found so far: Trojan_Spy.Win, catchme, Backdoor-AWQ (lots of them), New.Malware.hl, and VTool/rych

    Malformed Archive keeps coming up but from what I read, it is a conflict with Trojan Hunter running while McAfee is in the background. Please confirm.

    I am out of options or ideas and at a potential dead end.

    I have just re-run all your suggested programs and attached them to this post. Actually some won't attach so I will try and put them in the next edit.

    Your help is VERY MUCH appreciated. Thank you!
     

    Attached Files:

    ccwiztech, Jan 6, 2008
    #1
  2. ccwiztech

    ccwiztech Private E-2

    I don't understand what this means:

    Manage Attachments - Upload Errors

    The files are all the right types and sizes

    FINALLY GOT IT..!!

    Thanks.
    ccwiztech
     

    Attached Files:

    Last edited: Jan 6, 2008
    ccwiztech, Jan 6, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    No! To give you an example, due to all the things I do here fighting malware and all the other things I do, just my IE Favorites which is the same as bookmarks are 2042 files in 830 folders and take up 9.3 MB of disk space. Most of these were also imported into FireFox as Bookmarks.

    Are you sure it was really Microsoft Java?

    By what? Do you have a log. Catchme is not even an issue, it is part of ComboFix since it install it to look for rootkits.

    I don't know what you are referring to. Where is it "comining up"?

    Why does your PC show very few startups loading? Did you delete all of your startups youself? Are you controlling them with some kind of startup manager? None of your applications like McAfee, Google Toolbar, Gmail, or similar are going to work properly if they are not being loaded as required at startup. What did you do to everything???? Even AVG Antispyware that you just installed is not showing in your startups so you must be doing something.

    There is no malware showing in your logs. The only thing wrong is what I have stated above and that looks more like something you did. Possibly by what ever you have been doing with all of the below that you just recently installed
    Code:
     "C:\Program Files\"
A-SQUA~1      Dec 29 2007              "a-squared Free"
A-SQUA~2      Jan  1 2008              "a-squared HiJackFree"
A-SQUA~3      Jan  1 2008              "a-squared Anti-Malware"
GRISOFT       Jan  2 2008              "Grisoft"
HIJACK~1      Jan  2 2008              "HijackThis"
MCAFEE        Dec 30 2007              "McAfee"
MCAFEE.COM    Dec 30 2007              "McAfee.com"
REGSCR~1      Jan  2 2008              "RegScrubXP"
TRENDM~1      Dec 28 2007              "Trend Micro"
TROJAN~1.0    Dec 28 2007              "TrojanHunter 5.0"
ZONEDO~1      Dec 28 2007              "Zoned Out"
 
2008-01-01 01:14 --------- d-----w C:\Documents and Settings\RJ Garrett.RJ-6E12EC91BB72\Application Data\WholeSecurity

    Are the below things you recognize?
    O24 - Desktop Component 0: (no name) - C:\Documents and Settings\CCC\Photos\Dogs\017_14.JPG
    O24 - Desktop Component 1: (no name) - C:\Documents and Settings\CCC\Photos\Eyes\Laurel Eyes.bmp
    O24 - Desktop Component 2: (no name) - C:\Documents and Settings\CCC\Catahoulas\Zoe w Stick BW.jpg
     
    Last edited: Jan 7, 2008
    chaslang, Jan 6, 2008
    #3
  4. ccwiztech

    ccwiztech Private E-2

    Thank you chaslang for your reply.

    That's good to know about the Favorites as I have over 2000 as well.

    Yes. I am "pretty" sure it was MS Java I removed. I reviewed merijn's script (for removing MS Java VM) and the files and registry keys were in the Microsoft locations. If this was incorrect please let me know.
    http://www.merijn.org/uninstmsjava.html

    I checked it and removed it because I have been having browser problems for a week BEFORE I started installing all the Malware programs you've noticed below. Since they were both there I was hoping the removal would stop the problem. It didn't.

    Initially I was only running McAfee Security Suite, Spybot and Ad-Aware. When finished I will only keep the best of each category and delete the rest.

    McAfee first caught the Backdoor-AWQ. Since then I downloaded Trojan Hunter and a-squared and ran them at separate times. They each found a different Trojan. I don't have logs from those. These are notes I have been taking as I went along.

    Earlier in the week I completely removed McAfee and reinstalled a clean copy.

    I also re-installed IE 6.0 SP1 but nothing changed.

    Malformed Archive - when I ran Trojan Hunter, McAfee kept popping up (red box) with the Malform Trojan virus. Then it began popping up with the green boxes saying it was blocking that trojan, about 8 times. I read somewhere (??) that this was a conflict between TH and McAfee but I have not been able to verify that with a second source. This trojan is not reported in a-squared or any other program.

    Yes I have downloaded and run a lot of software this week, trying different things. Some of them I have uninstalled so they wouldn't use resources or conflict with any programs I needed to run from your list or any programs you might need me to run later.

    AVG Spyware should have stayed in the background running. I missed that one.

    I do manage my Startups with Spybot-System Tools-Startup or disable programs from their own menus.

    I uninstalled the Google and Ebay toolbars to help isolate the problem. I did not know if I had been hacked through the toolbars, which I log into. How possible IS that?

    It IS VERY possible that I messed up the IE browser somehow or even the operating system, although it didn't seem to have a problem until the trojans started popping up (in McAfee).

    I am GLAD there is no malware in the logs now. I did something right at some point. Also, McAfee hasn't been disabled in about 48 hours, another plus.

    The last time I ran a-squared it came up clean.

    The three Desktop items are valid.

    So, if I have no malware, then I can load the toolbars back on?

    -which brings be back to my remaining problems:

    1. The browser loads very slowly and sometimes not at all (Page not found), 2. or loads with "errors on page".
    3. Some banners won't load and won't allow click-through "Done, with errors on page".

    Another note - I have the same problems whether I use IE or Firefox.

    4. The Gmail Notifier program installs but will not run. I was advised to install Google Talk instead, but as stated earlier, THAT button has no click-through either so I can't install it. This is why I thought there was some bug involved with Google and removed every google program.

    Do you think you can help me fix these problems?

    Maybe it is something simple now that I am not seeing. It all starts to look the same after a while.

    Could it be a Win2K problem? If so, can I re-install it without re-formatting and have it fix the errors??


    Thank you very much for your time and effort - and for reading through my lengthy posts.
     
    ccwiztech, Jan 6, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Once it is rmoved it does not come back. Microsoft stopped supporting this and installing it a very long time ago.

    I would not keep A-squared installed if you are going to keep McAfee.

    This is just one on many reasons why we say only have one antivirus program installed. In reality, Trojan Hunter is probably overlapping some of what McAfee does and McAfee is not going to like seeing Trojan Hunter running. And they will more than like conflict which is what you may be seeing. Did you purchase Trojan Hunter? If not, the choice is easy.....uninstall it. If you did, the choice is really the same if you are going to keep McAfee.

    This can be a dangerous practice unless you are a very experience user and know how to verify that all traces of previous programs are uninstalled before installing another similar program. Right now your registry is loading with information from every program you have installed and uninstalled. No programs (well almost none) ever uninstall completely all the junk they put on your PC. Antivirus programs are one of the worst offenders.

    I don't know what you are referring to.

    Well it would be better if you undid this now and attached new logs because your logs look very bad the way they are now. It looks like you deleted things you need.

    Doubt it.

    Too many conflicting protection programs can wreak permanent problems on a PC.

    That's up to you. Personally I don't install or recommend toolbars but if you need them, that's your decision. They are not malware issues, just performance issues.

    None of these appear to be related to malware problems and are therefore not topics for this forum where we are way too busy to deal with non-malware issues.

    Everything can always be cure by starting over. ;) The key is to not make the same mistakes the next time. Don't install to much junk you don't need. Don't install conflicting programs.
     
    chaslang, Jan 7, 2008
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds