counter.cab/counter.exe

Hi - Followed the instructions in the read this file and here are my scan reports. I seem to be able to get rid of most malware using regular scans, but can't seem to get rid of the counter.cab/counter.exe trojan. Its been on my computer for months. Thanks.

 

additional scan reports.

Note 1: the counter.exe program is noted in the bit defender log (attached to the first post).

Note 2: I had trouble uploading the original activescan log, which I think was because it was over 9mgs. This was because there were something like 67,000 deleted spyware cookies hanging out in the nprotect bin in the root directory. I'm not sure why these weren't deleted ever, especially by ccleaner. Anyway, I left one in, so you can see what they looked like and deleted the rest from this edited version of the active scan log.

I have a feeling these are not part of the problem because I assume they don't have any function and are just trash that I can delete manually. If you need to see them all, let me know and I'll put them in a few different files and upload them. Alternatively, if it is safe to just delete them entirely, let me know and I'll do that.

Note 3: By the way, I don't use Norton AV, and would love to get rid of the norton protected files bin. Advice on how to do this is also appreciated.

Thanks! Chad

 

Right click on the recycle bin and select properties. you will see an option to set Normal Recycle Bin or Norton Protected. Select normal and apply.

Now empty your recycle bin in the normal manner by right clicking on it and selecting empty.

You need to be careful using P2P applications like below. They often come bundled with malware and even when they don't, much of what can be download from these servers is often infected or incorrectly labled.

• Azureus
• æTorrent

Please uninstall the following programs before continuing

• J2SE Runtime Environment 5.0 Update 6

You have not installed ShowNew correctly. Please extract all the files from the zip file to a folder on your computer. DO NOT RUN SHOWNEW FROM THE ARCHIVE. Please fix this and post a new ShowNew Log.

YOUR PC IS IN SELECTIVE STARTUP MODE using MSconfig, which we tell you not to use in step 7 of the READ ME. Please fix this and post a new HJT log.

 

1. I think I rid my computer of the norton protect issue--there was no "normal recycle bin choice" but I did uncheck "enable protection" under the norton protection tab and then deleted the files. This seems to have worked.

2. uninstalled j2se 6

3. As for shownew, I downloaded the zipped file again and extracted all the files, but I'm getting a dos error whenever I try to run shownew. The error's title is: "16 bit ms-dos subsystem" text is: "c:\windows\system32\cmd.exe. c:\windows\system32\autoexex.nt. The system file is not suitable for running ms-dos and microsoft windows applications. Choose 'close' to terminate the application." Nevertheless, if I hit close enough times it runs and generates a report, which I've attached. hope it's better. I had forgotten, but this happened the last time too. new log's attached.

4. Ran a new hjt scan in normal mode. Log’s attached.

Thanks! Chad

 

No thats not better.

Using ShowNew

Please REread that, it explains the error you are getting and provides details of how to fix it.

 

OK, I'm a loser. (But at least I'm honest.) I'm STILL having problems with shownew. I downloaded the file referenced at "using shownew" to fix the XP home files. The problem is, when I download the xphomefiles.exe file, it downloads as just a zipped file containing the files command.com, autoexec.nt, and config.nt.

There's no self-executing program which attaches or cleans these files, so when I click on them, nothing happens (except with command.com--with that one I get a similar error message as when I try to run shownew.)

I have a feeling I'm supposed to install these files somehow, or replace the existing ones with these. But I'm wary about doing this as I understand these are important files and I don't really know what to do.

So, the question is--I've downloaded XPHomefiles.exe....now what??? I see no instructions for this on the "using shownew" page.

Thanks again for all your help. Chad

 

I had extracted them to a different folder. It turns out the autoexec.nt file was missing from the system32 folder and so adding it (and copying over the other two with the files from the xphome download) seems to have fixed things.

Here's the shownew log. Thanks.

 

Posted a new shownew log in my last reply. Any more advice?

 

Sorry--I tried to follow the instructions but am only semi-computer literate so I'm sure I made mistakes. Now I've uninstalled viewpoint and updated spybot. I had deleted Norton AV a while ago but left some of the other tools. I didn't think they'd conflict with BitD. So I just uninstalled the rest of the suite per your instructions. I also uninstalled the old java.

Reran spybot s&d in safe mode and rebooted in normal mode. (per read me directions)

ran wareout and hjt. logs are attached.
downloaded current shownew and ran new log. Its attached.

Spysweeper: I can't remember exactly if this is a free trial that came with bit defender or if I had paid for a 3 month license that expired. In any event, its expired now. I've been meaning to get rid of it since there seem to be good freeware options and spysweeper slows my startup down so much.

Thanks again for your help, Chad

 

In addition to the work you requested, I also ran a new bd scan. Results attached. The counter.cab trojan is still there.

 

Yup you may as well get rid of spysweeper,

Have you knowingly set up any proxy servers ?

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following:

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


REBOOT to Normal Mode.

Post a fresh HijackThis log and fresh bitdefender log

 

I think you did it! The counter.cab trojan is gone and bd found no others. Both the bd and hjt logs are posted. Thanks a LOT.

About the proxy servers: I'm in greece and my isp set one up (8080), it seems to work, so I've left it. The only other thing I've done is to temporarily open ports from time to time if I'm downloading large files. I think those only last until I reboot. Is there a problem there too?

Everything else look ok? If so, thanks again for your help. I'll definitely recommend majorgeeks to friends.

Chad

 

Sorry for the delay with the reply.

You logs certainly appear clean now!

If you are having no more problems you should work through this: How to Protect yourself from malware!