Need Help Removing a Trojan that Norton can't detect

Discussion in 'Malware Help (A Specialist Will Reply)' started by burke474, Aug 9, 2012.

  1. burke474

    burke474 Private E-2

    Computer info:
    Make/model: ASUS X83Vb
    OS: originally Windows Vista but upgraded to Windows 7 (not a clean install)


    I need help removing a trojan that i apparently got back in March. My computer has been giving me numerous BSODs. The only helpful BSOD said Driver_Power_State_Failure. I've been operating my computer since March with only occasional BSODs until about 3 weeks ago. It recently got so bad that when i went to shutdown my computer it would give me a BSOD. Then i would get a BSOD upon starting my computer. So i couldn't log on at all unless i went into safe mode. I had ran the windows 7 auto repair feature and sometimes it would say it fixed something and other times it would say it was unable to. Then i restored my system to a previous state (unfortunately it was only a few days in the past so i still had the virus). I ensured Norton was fully upgraded and ran a full system virus scan but found nothing. I also cleaned up my registry with Norton. I took my computer to Best Buy to get the Geek Squad to look at it. They ran a system diagnostics and found 1 Trojan that was labeled Trojan-Agend-tdss on their diagnostics report. Again, Norton failed to find this virus. I've gotten my computer to now successfully startup and shutdown a couple of times in a row. I ran all the programs you required and attached the reports. I have two roguekiller reports b/c i fixed the 6 registry entries. I'm not sure if i was supposed to do that or not.

    Additionally, the person at Geek Squad said my memory test was good

    I'm not sure if the following issues could be causing this or not, but i figured i'd post them just for more information.

    -When i startup windows all of my desktop icons are hidden. I have to cycle my power modes (i.e. battery, balanced, entertainment) to bring them all back up.
    -I originally thought that i may have out of date drivers and they weren't gelling properly with windows b/c this seemed to happen right around the time of Windows 7 SP1 coming out. I don't think that's the case anymore b/c i've run the windows 7 automatic driver update feature and it says i'm up to date.
    -I'm not sure what programs i downloaded or torrents i may have downloaded around the time of being infected.
     

    Attached Files:

    burke474, Aug 9, 2012
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Not finding much in the way of malware. Let's just do this:

    Download OTCby Old Timer and save it to your Desktop.

    Double-click OTL.exe to start the program.

    • Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code

    Code:
    :processes
:killallprocesses
:files
C:\programdata\Microsoft\Windows\DRM\268C.tmp
C:\programdata\Microsoft\Windows\DRM\26BB.tmp
C:\Users\All Users\Microsoft\Windows\DRM\268C.tmp
C:\Users\All Users\Microsoft\Windows\DRM\26BB.tmp
:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
    • Then click the Run Fix button at the top.
    • Click the OK button.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:

    • C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Aug 9, 2012
    #2
  3. burke474

    burke474 Private E-2

    TimW,

    So i had to do a system restore to a day prior to installing all the malware detection programs b/c my computer wouldn't boot up anymore unless i did it in safe mode or told it to ignore driver signatures. So my results from the scans you requested may be a little different. I ran the OTL and have attached the text file and the MGtools log file as well. Once i ran the OTL program my computer restarted without a problem. I'm hoping it stays that way. I'll let you know though.
     

    Attached Files:

    burke474, Aug 10, 2012
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any additional malware in your logs. Let me know how things are running.

    In the meantime:

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    2. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    7. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0
     
    TimW, Aug 11, 2012
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds