Download.Trojan

Spysheriff & now Hacktool

Hi - firstly Happy New Year!

Over the last few days I've tried all the progs to rid of Spysheriff which I think I've done. During which I've received several popups from Nortons about trojans and now a hacktool that it couldn't fix - due to it being in the system32 folder (\drivers\i386p.sys).

After the various fixes I've tried the computer won't boot in normal mode without rebooting at the desktop stage. I can only boot in 'last known config that worked' mode.

I can only think that I've taken out something I shouldn't have, but that's why I'm here...

System is XP pro, P4 3G, sp1

HJT log attached and activescan result

Cheers

 

Re: Spysheriff & now Hacktool

Done. Still can't boot successfully in normal mode as the computer reboots itself shortly after reaching desktop stage.

I have to go to safe mode options when booting and use last good configuration - all good with this option. Any ideas why it does this?

Do you want a new HJT log also now that the other scans are completed.? I still get Norton popups saying that there are download trojans present but can't delete because they are in system32 folder.

M/soft antispyware stopped C:\WINDOWS\alt.exe from executing. There's another \WINDOWS\systems32\browsela.dll which pops up a lot through N's virus alert and says it's a download trojan and of course access to the file was denied. More messages appear saying unable to repair.

 

HI guys, I've done the tests before posting, as per instructions & seemed to have rid of the spyware. But now Nortons pops up constantly telling me I have download trojans but can't delete them because they are in systems32 folder.

Still can't boot successfully in normal mode as the computer reboots itself shortly after reaching desktop stage.

I have to go to safe mode options when booting and use last good configuration - all good with this option. Any ideas why it does this?

System is XP pro, P4 3G, sp1

Any help appreciated

 

thadude,

I have merged your threads together so please post in here from now on. D3m3nt3d will be with you when time permits. Please be patient

 

Cheers, my girlfriend has been on me about my 4 day attempt to fix these increasing probs...doh! Hey I'm learning though...

 

Having problems running ewido as every time I click on the desktop icon a Nortons alert popup appears saying C:\WINDOWS\system32/browsela.dll & that it can't repair it and access denied.

I used killbox to get rid of it on reboot and I was able to run it once before it appeared again....hopefully full scan results to follow

 

Cool, 1 small plus was that I was able to boot the computer in normal mode without it crashing at the desktop stage.

Ran ewido in safe made mode and log attached with HJT log. The download trojan(sys32\browsela.dll) popped up again as a Norton alert.

Thanx for your help so far, it feels like there's some light appearing.

Cheers

**Should I run the Vundo fix & VX2 removal as well?

 

No volcano chat installed intentionally, don't know where that came from.

The VX2 and Vundo idea was just a thought as the alerts keep popping up and I'm still not sure what's causing it.

I ran everything as per instructions but as I used killbox on C:\WINDOWS\system32\browsela.dll, a Nortons[download.trojan] popup appeared like before saying can't delete or access etc in several popups at once (sometimes 8).

I noticed in the HJT log that this line "O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll" is still there.

1 nasty trojan....

 

Not nice, I tried to run killbox in safe mode and it wouldn't work - poo! I remember trying it happening before but I thought it was a 1 off.

The Nortons popups warning me of the unfixable 'download.trojan' are at an all time record - 18 times at once then 4x every 2minutes.

Anyway I'd love to hear those other ideas you have...

Need any more logs?



**there's been no Vundo warnings, it was just that I'd tried every other test so I thought I might as well try that 1 as well

 

I clicked on your link but it kept going to M/geeks homepage so I searched and downloaded from softpedia instead. Hope that was ok, the site looked ok but Spydoctor asked to approve something which I denied...anyway here goes

 

Cool, downloaded then ran in safe mode. Did the unlock a few times, when I hit the del key on num pad the computer went black and rebooted.

Back in normal mode the popup from Norton came back - not as regular though.

SHould I try the same thing again? Have run Ccleaner in safe mode too

 

Tried the Unlocker again in safe mode, got to the delete stage then it said that it was being used by other applications and to close them first.

Ccleaner froze when i tried to use it and killbox still wouldn't work - all in safe mode

 

Thanx guys, your help has been appreciated so much. It's been a real learning curve for me.

I think things are ok though spydoctor (after a recent reboot) told me I had more stuff but I had to register($) to clean them out.

I forgot to load the registry fix till after the .dll kill and HJT log, I hope that was ok.

If things are truly ok, will the current scans be enough to keep the computer safe or is it worth subscribing to spydoctor? The microsoft antispyware is running along with Nortons and I really don't want this to happen again.

 

The last spyware scan said there was 22 infections still - Trojan.Spambot (12), Spbot.B (3), Startpage.GEN, Startpage.AW, Downloader.PassAlert & some tracking cookies.

Should I be worried about these? Is there another scan I can try to get rid of them?

 

It was SpyDoctor, I got it off the M/Geeks site somewhere but you have to pay to remove.
Here's the report, I did a cut n paste job.

Maybe I can use HJT to fix them?

 

Looks like more problems still, according to the Panda activescan.

Any ideas?

 

Also, when is it safe to enable system restore again? After I'm happy with results or leave it off?

 

Hi guys, nothing major has happened over the last few days - well nothing I couldn't get rid of without the basic scans.

Should I turn the system restore back on now?

Most importantly I want to thank you for all your help and & patience with the problems I've had. I would love to buy you a beer down at the local but unfortunately we're in different continents. So much appreciation is extended your way, thanks again.
Cheerz
Brett