Can't Delete "one" Spyware

Discussion in 'Malware Help (A Specialist Will Reply)' started by RightGirl, Jan 14, 2005.

  1. RightGirl

    RightGirl Private First Class

    I would like to post a HijackThis log.
    Can someone please tell me what to delete?
    I was working on a PC that I was able to delete (using Adaware, Spybot, Windows Anti-Virus) all of the ad/mal/spyware from it, but in the process "released" what seems to be a virus.
    AVG, Trendmicro & Panda all say there is no virus, but this keeps popping up:
    c:\winnt\bokja.exe
    I finally gave up and tried to just delete it, but it would not let me, even in safemode.
    He said that he used to see it all the time until a tech came in and "made it stop popping up".
    The second I opened Windows Explorer (which he never uses) it popped up and now is agonizingly frequent.
    In addition, his System32 folder keeps opening over and over and over.
    It's driving him nuts.
    I asked him to send me his HijackThis log.
    Can someone please take a look at it and advise what I should delete to make these 2 pop-ups (Bokja message and System32 folder) cease and desist?
    Thanking you in advance.
    Linda
    Here is the log (I have never seen one with HTML code in it before):

    Edit by chaslang: Very long inline log deleted

    :rolleyes:
     
    Last edited by a moderator: Jan 14, 2005
    RightGirl, Jan 14, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    HijackThis is not the first step and we have guidelines about when and how to post them. Please read the sticky threads. You have a lot of problems and need to follow the steps below. Please do not post HJT logs inline and only post them when requested. Also, please follow guidelines on how to install and run HJT too.

    You also appear to be running more than one antivirus application. You MUST ONLY run one. Uninstall the other.

    Something has messed up your registry by adding a whole html file into the autoload (at startup) area of your registry.

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


    After doing ALL of the above if you still have a problem:

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    Last edited: Jan 14, 2005
    chaslang, Jan 14, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds