possible infections (trojan/s?)

hi i am just concerned my computer may be infected with something.
i ran a spybot scan a week or so ago after being helped here for virtumonde and winlogonhook problems and it picked up a trojan, i deleted the problem and ever since my computer has played up.
have ran online scans such as kas,nod32 etc as well as my own virus and spyware scanners with all coming back clean.
so i guess i'm hoping someone could have a look and confirm this.
i have ran the scans required please find them attached
many thanks in advance.
hoopea

 

Hi hoopea,
Welcome again.

I see in your add/remove programs that you have both Norton 360 and BitDefender Total Security 2008. Please decide which one of these you want to use and completely remove the other one. If you decide to remove Norton, you may wish to verify at the Symantec website that uninstalling their software via add/remove programs will actually uninstall their programs. There is also the Norton Removal Tool (SymNRT) which we advise people to use to remove other Norton software, however, I'm not sure it works on 360. Symantec also has automated removal tools at their website.

Let me know how this goes.
abri

 

hi abri
thanks 4 taking another look at my computer.
just ran the norton removal tool although i thought i had unistalled 360 before installing bitdefender as i know they would of clashed.
computer has not done anything silly since.
were my logs clear?
the trojan that spybot picked up was Win32.Small.azl, to be honest i have not been doing much on the computer because of the past infections and was thinking about formatting and starting again.
do you think this is necessary?

 

Hi hoopea,

I don't see any signs of malware at this time, but I would like to see if the Symantec entries are still in there. Also, you may want to try uninstalling SpySweeper via add/remove programs and see how your computer works after that. The problems you're suffering right now may be the result of too much software rather than too little.


1) Please disable your guest account if this has not already been done.

2) Go to add/remove programs and uninstall the below:

- Java(TM) 6 Update 4

3) Reboot after uninstalling the above.

4) Install the current version of Sun Java from: Sun Java Runtime Environment

5) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

After you click fix, just close hijackthis.

6) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.


Let me know how things are running now?

abri

 

hi abri
couldn't find the below in hjt dut did fix the other.
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
updated sun java and did the getlogs.bat scan.
can you tell me is WINotify.dll a valid entry in startup or not as i have read different views.(was just doing some internet checks on entries from system startup via spybot)
computer seems to be all good so far.
thanks
hoopea

 

Hi hoopea,
If you spelled it correctly (with an I (eye) and only one N) then it's spyware. It doesn't show up in your logs that I can see. Is it something you can see in your computer startup items? If so, can Spybot fix it? That would be the easiest.

I'll go ahead and post the final cleanup instructions for you.

• abri

 

hi abri

i think i may have the wrong spelling for WINotify.dll i think it may be WlNotify.dll it is hard to tell.:confused
computer is running fine i am estatic that i dont have to re-format and have clean logs
thank you so much for your help again i will be sure to recommend this site to anyone that has problems you guys are GREAT.

hoopea

 

hi abri
perhaps paranoid but i have an empty folder on my desktop that has appeared and when i delete it and restart the computer it comes back.
have used ccleaner, tuneup shredder. i would like to get rid of this even if it isnt a malware infection.
comp is still running fine. any help would be appreciated. i know you guys are probably sick of helping me by now.
thanks
hoopea

 

Hi hoopea,
If you right-click on the folder on the desktop, is there any information about it under properties? Also, if you redo the MGTools part of the Read & Run Me, I can see if it's visible and hopefully what's producing it.
abri

 

hi abri,

in properties it says size 0bytes, size on disk 0 bytes, contains 0 bytes 0 folders and attributes read only.
i am wondering whether this happened when i was trying to set my clock back in regional settings as combo fix didnt do it after runnig was finished.
anyway the log is attached
thanks
hoopea

 

Hi hoopea,
I'm not sure if it's not deleting it, or if something is generating a new one each time. It's this one isn't it?

C:\Documents and Settings\Chad\Desktop\New Folder

See if you can delete it by going to it via the above pathway in Windows Explorer and right-clicking on it to delete it. Be sure to run CCleaner after you delete it.

abri

 

hi abri,
yes that's the folder.
tried your suggestions but it just came back. it is weird because on startup it is not there for about 5-10 seconds and then it just pops up again.
just about ready to throw the comp through the window.
abri is the only way to be sure of no nasties to re-format? or do you think this is not necessary?
thanks
hoopea

 

Hi hoopea,

I would hate for you to reformat without our exhausting the possibilities here. If you don't delete the folder, does a second one appear next time you boot up?

abri

 

hi abri,
no a second file/folder does not pop up.
was looking in its properties tab and in sharing tab down the bottom it says;
the options on this tab are disabled because the folder is in another folder that is private.
on clicking on that it opens up a file folder which is in my (meaning chad)documents and settings that is 15.3 gb containing 4,724 files, 784 folders.
its as if it was a backup of all my documents and settings.
i am very confused how this happened.
thanks
hoopea

 

Hi hoopea,

The New Folder you mentioned appeared in your first MGlogs as well as the second. Had you noticed it when you first came here? If you simply create a new folder on your desktop and then see what this new folder accesses to via the shared tab, what happens?

abri

 

Hi Hoopea,
There has been some discussion about your New Folder appearing. This folder is probably not an indication of malware, but rather something which is occurring according to instructions begin given to it by one of your running programs. To track down this program can be tricky, but it's possible. For further help with this, I will ask you to begin a thread in the Software forum. Chaslang said it may be possible to use a program from SysInternals (now MS) like FileMon to watch for the file/folder being accessed to see if you can see which process creates it. How to go about this might be a good starting point in your discussion with the Software people. Additionally, consider that it might be the result of something you've done with regard to file/folder sharing. It is not always a solution to reformat your computer, because if you then reinstall the programs you've been accustomed to using and set your computer up with the same settings, it's quite likely the same problem will come back and you'll be back at the same point. I recommend trying to track the problem down before worrying with a reformat.
abri

 

hi abri,

thanks for he feedback i will definately start a thread at software.
tried putting a new folder on the desktop as suggested and it has done the exact same thing except for returning on startup.
all i was worried about really was that it wasnt malware and that my comp is clean, so going with your earlier posts i am so i will start a thread with them.
thanks guys for all your help again your expertise is second to none!
i promise i will try not to inflict any more queries with you all there i am pretty sure i've learnt my lesson.

hoopea

 

With malware there is always another one...

Good luck with your problem. I would be curious to hear back about it if you find out what's causing it.

abri

 

abri

definately try to keep you informed.
i hope not