Download.Trojan & SpySheiff

Last week I was infected with a few viruses that I think I have removed mostly from support from Symantec. My OS is Windows XP Home and I run IE 6.0. Based on advice learned here, I downloaded HijackThis and have the attached file to post in hopes of someone reviewing it and letting me know if I am now virus free. My major issue was Download.Trojan and the browsela.dll which I have removed. I was also getting a message that C:/windows/system32/kernels64.exe couold not be found. Based on a similar thread found here I used HijackThis to correct this problem I think. Other issues I had were with SpySherriff but I think I got that removed. Can someone review this HijackThis and let me know if I have any remaining issues? Great forum, thanks

 

Welcome to MajorGeeks.com!

Please follow forum guidelines and perform cleaning steps in the sticky thread before posting HijackThis logs.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

OK, I have followed all of the steps you asked with the exception that I had to run Panda in Normal Mode in order to be able to click the "see report" button because the fint was so big is Safe Mode and the window could not be expanded. I seem to have quite a bit oif spyware left and remnants of the Trojan virus. I am posting the BitDefender, Panda, and HJT files. What do you think?

 

Empty your Norton Quarintine folder.

Scan with HijackThis and fix the following:

Download
- Pocket Killbox
- ExplorerXP

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Follow the directions for Running Ewido Security Suite.

Post both the Ewido log and a fresh HijackThis log.

 

I followed all of the instructions and have a HJT and Ewido file attached. Everything seemed to go smoothly. The only issue I had was that I accidentally stopped my 1st Ewido scan and it removed 3 issues.

C:/!Killbox/unum_exe..............Spyware.Altnet
HLKM/Software/Classes...........Spyware.MiniBug
HKLM/Software/Classes...........Downloader.Delf.aeo

These were removed but won't show up in the scan I attached as they were removed prior to the actual finished scan. The scan I attached is the 2nd scan I did.

Please review and let me know if you still see any issues. Thanks for all of the help.

 

The logs didn't attach.

 

Here they are

 

Scan with HijackThis and fix teh following line:

Post a fresh HijackThis log.

 

Tried to fix it several times but it won't disappear from the log. I rebooted just to see if it would go away upon reboot but no luck. What next?

 

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
On the page that opens, scroll down to ASEService ... right-click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config' button, and then the 'Misc tools' button ... select 'Delete an NT Service' ... copy/paste the following into the box that opens, and press 'OK':

ASEService

 

Done, it looks like it worked. Here is the HJT file. I don't see anyhting else, do you? Thanks for your help

 

Your log is clean,

Disable System Restore and then enable System Restore. This will flush all your restore points and create a new clean one for your system.

System Restore

How to Protect yourself from malware!