I've got a trojan VRT?

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide


Note: If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

 

You should have a login and password if you wish your PC to be more secure. Not requiring a login and password is like leaving your keys in your running car with the door open in the Bronx, NY.

 

Yes but the whole internet and every program you run has full access to your PC that has no password. This means any hacker and any piece of software can have full adminstrator rights to do anything on your PC.

Please download and use the version of MGtools given in the READ & RUN ME and attach a new log. You do not have the correct version of the program.

Please attach the logs from SUPERAntiSpyware and Malwarebytes anyway. It is the only way I know that you used the correct versions of the programs.

It is possible that the files you are mentioning are from your own Virgin software but since your logs did show infections being remove, the infections could be the problem. ComboFix removed a bunch of malware. I'm surprised that SAS and MBAM found nothing.

 

Okay once you get the new logs and attach them, we can continue to check things out.

 

Uninstall the below old version of software:
J2SE Runtime Environment 5.0 Update 15

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {8C6DF778-B72B-4F12-BBDC-D145C4F925E0} - C:\WINDOWS\system32\cdosy.dll
O2 - BHO: (no name) - {D2AEDDEA-089A-49DD-9233-EECC641112A2} - C:\WINDOWS\system32\cdosy.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKUS\S-1-5-18\..\Run: [neos] C:\WINDOWS\neos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [neos] C:\WINDOWS\neos.exe (User 'Default user')
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} -
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: LPTRDC server (LPTRDCsrv) - Unknown owner - C:\WINDOWS\ctfmon.exe

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Michael Coates\Local Settings\temp

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Sorry to hear you had to format. You actually had quite a few problems there that were quite nasty. It was not just one infection.

Since you have a freshly formatted system, you should follow the instructions in the below:

How to Protect yourself from malware!