please help..trojan attack i cant get rid of

can someone tell me how to get rid of this trojan? the trojan is exploit-URLspoof.gen mcaffee finds it but it cant delete it or quarantine it... anysuggestions?

anyone have any idea on how to get rid of this trojan? i cant seem to delete it forever!

thanks
cristine

 

Hi Cristine,

Generally, it is a good idea to start with the Cleanup Tutorial HERE:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’ve been tied up with work lately and cannot visit this forum too often these days, but somebody will try to take a look when they get a chance.

Best luck
PP

 

i have done the other and the onlythong that showis is my mcaffe virus scan that stated the file is write protected and cannot be deleted. my hijack this file is attached. hope this helps.


casue i need it as this is driving me crazy!!!

 

ihave done the other and the onlythong that showis is my mcaffe virus scan that stated the file is write protected and cannot be deleted. my hijack this file is attached. hope this helps.


casue i need it as this is driving me crazy!!!

the hijack this log is attached below

 

I will get you started in removing the things that I see that are definately nasties.

1. Make sure that if you are using WinXP or WinME that you have system restore disabled (per Read Me First).
2. For all OS types make sure viewing of hidden files is enabled (per Read Me First).

Now open Hijackthis and click "Do A System Scan Only" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\b.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\b.bin\MWSOEMON.EX

Again these are the ones that I can tell right off that are nasties and if there are any others then I am sure someone else will give you more to delete/remove.
After you have HJT fix those attach a new HJT log and we will go from there. Also let us know if you still have the problem or not after doing the above.

As always if you have any questions or unsure of something feel free to ask before doing.

sw

 

Thanks for the head start, Shewolf! I've been a bit overextended lately!

Cristine - In addition to the items SW mentioned, I wonder about this one: O4 - HKLM\..\Run: [sysobj.exe] sysobj.exe You should probably fix this as well with HijackThis. Then, use Windows Explorer to find sysobj.exe and RightClick it and RENAME it sysobj.BAD. That way, if it turns out to be something that you need, you can change the name back.

Also, DELETE the MyWebSearch Folder. C:\Program Files\MyWebSearch

PP

 

ok here is the log.. and when i ran mcafee virus scann online. cause now the one i have loaded on my pc wont run and i cant uninstall it(another prob) it found this: how can i get rid of this?


List of Infected FilesFile NameVirus NameC:\Documents and Settings\...\%68%70[1]Exploit-URLSpoof.gen

 

Hi Cristine,

Your Log did not attach . . .

Did you try navigating to that file and deleting it manually?

PP

 

sorry computer is driving me NUTS!!! have been working on getting rid of this virus since last thursday and i cant get rid of it!!! getting a but frusterated.. i am not sure on how to delete manually?

 

That log looks OK!

Try downloading Pocket KillBox and feeding that file to it and deleting with Standard File Kill.

Also, run CCleaner from the Cleanup Tutorial afterward.

Since nothing shows in your log, what symptoms are you having?

I'll check back when I can.

PP

 

it cant find the file %68%70[1]Exploit-URLSpoof.gen. now my antivius wont run and i cant uninstall and reinstall. yet virus scan onlune for mcaffe finds the file. i went to the virus removal on mcafee.com and i dont understand what they want me to do for the removal

and when i do a search with the file name (including the registry) nothing is found

 

It may be a false positive. Especially if you cannot find it. Did you try some different online scanners to see if they find it as well?

Not sure what to tell you about McAfee . . . There are some better and Free alternatives here at MGs (AVG, AVAST) that are easy to use and very effective. Perhaps you should check them out . . . Assuming, of course, that you can remove the McAffee. I'm not too familiar with McAfee - I suppose that, if you decide to replace it, you can feed the bits that do not want to uninstall properly to Pocket KillBox.

PP

 

ok so the new pro is i cant get rid of the this: http://default.home/ it keeps hijacking my home page and also on the other users on this computer the homepage gets hijacked by something ca\lled "your search page" how can i get rid of this? as i said i am going NUTS with this and am ready to take a HAMMER to this computer


also now that i have installed the new anti virus (AVAST) i cant read any of my emails. (using incredimail)

 

your search page and various versions.... also http://default.home....how can i get r

now need help getting rid of

 

Hi Cristine,

How many different active User Accounts are on your machine?

Please attach fresh HijackThis logs from normal Windows boot for EACH user account. Please note that there is a new version of HJT.

HijackThis v1.99.1

Also, what error message do you get with the E-mail problem?

PP