Hijackthis log

I started out yesterday with the trojan-spy.html.smitfraud.c virus that also contained the Antivirus Gold software. At first, my entire computer was down. No access to the Start Menu at all. As a last resort, I unplugged the computer, rebooted and was able to right click Start to run McAfee.

I read the "Do this First" list and have done all I can. I have AOL, so I could not register a2.

I do still have a Trojan or two. OLEADM.DLL infected by Spy Agent-h. WININET.DLL infected by W32/Alemod.b.dll

Any assistance would be appreciated. I'm running WIN 98 SE on a Sony VAIO

Taylortoons

 

Lets start by running these online scans:

Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan
Panda Online Scan

After you complete the above online scans, reboot and post a fresh HJT log.

 

Done. The Panda Online scan seemed to be the deepest. It found 5 Adware, 1 Spyware and 1 virus, below:

Virus:Trj/Downloader.DJT Disinfected C:\~WRF0409.tmp

The RAVANTIVIRUS had a launch problem, so it didn't run.

Here is my new HiJack log.

Thanks for your help.

Taylortoons

 

The first thing I would like to point out is XOFTSPY. Earlier versions of this software were added to the list of rogue/suspect antispyware programs for false detections. This has now been addressed, however I recommend this be uninstalled because there are WAY better antispyware prorgrams available. It's up to you whether you uninstall or not.


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;

O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD0.DLL
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\SYSTEM\NZDD0.DLL

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

Ok. Done. SpyBot S&D removed an Antivirus Gold file left over from the smitfraud.c invasion. That's good. It also removed a doubleclick function and some Microsoft relays relating to IE.

One of the Hijackthis fixes from the previous post stopped my antivirus software from loading automatically, but I'll reconfigure. Also, I get an error message with Real Download at boot up that prompts to reinstall the software. Maybe, maybe not.

I haven't decided on the Xofsoft issue, yet. What is your suggestion for the best alternative?

Here is my log.

Thanks
Taylortoons