please help with p2p

Hi, my name is Liza and I don't know much about computers except that they are a pain.Anyways I seem to have trojans, I have been trying to get rid of p2p networking.exe and cant. I have read the forum( read me before.....) and did everything step by step.Downloaded all that it says, and still is on the hjt log. Please help me to get rid of it.Let me know if you want me to post a hjt log, since I know I am not supposed to post it until asked.

Thanks ahead,
Liza

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

here is the attachment as you asked of the hjt log. thank you for your prmpt response.

 

Is this log from Safe Mode? It appears to be, if so please attach a fresh one from normal mode.

 

this was in normal mode.

 

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe

Make sure All Browser Windows are Closed when you Click FIX.

NOW:
Search for the file p2pnetwork.exe and delete when found.

Chances are it will be located in the C:\WINDOWS\SYSTEM32 or C:\WINDOWS directories.

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

ok, first of all, when I was in safe mode, scanned with hjt and p2p did not appear in safe mode. scanned like you said.Did everything step by step.Did the search and did not find the p2p.Now when I ran it in normal mode, hjt found once more the p2p.Ok, one question, when I scaned with hjt before I was erasing the backup file.Could it be that.Now, why did it find it in normal mode and not in safe mode.


Here is the new log,

thanks,
Liza

 

Thie file is part of the W32.Alcra.A WORM. Lets try a few things!

Download Pocket KillBox


Now, Copy and Paste C:\WINDOWS\SYSTEM\p2pnetwork.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.

Now, Allow Killbox to reboot your system. After you have rebooted, post a fresh HJT log. Also, follow the steps on this site below and see if you find anything mentioned. Let me know the results!

http://securityresponse.symantec.com/avcenter/venc/data/w32.alcan.a.html

 

ok, I did all that said in symnatec and then scanned with hjt.Here is a new log.

 

You had the right version of HJT the first time. Please attach a fresh HJT log using version 1.99.1

 

sorry, this is the new log

 

Your HJT log is now clean!

Are you having any further problems?

 

yeah, it seems to be working fine now.Thank you so much bjgarrick.You have been very , very helpful.

 

Good!

You should see this article on How to Protect yourself from malware!

 

ok, thanks for the help.bye

 

Your Welcome!