SpywareQuake and Trojans

I completed the steps in the "SpywareQuake & SpyFalcon Removal Procedures" sticky.

I removed SpywareQuake in add/remove programs. In safe mode, I found System32\wfkduei.dll, changed the extension to .ddd, then rebooted to normal mode and deleted it.

I found, but was not able to delete the following files in either safe or normal mode.

• System32\dcomcfg.exe
• System32\hp100.tmp
• System32\regperf.exe
• System32\stdole3.tlb
• System32\svcnt32.exe

In addition to System32\dcomcfg.exe, Norton Antivirus found another Trojan - System32\atmclk.exe. I was not able to delete this in either safe or normal mode, either.

My system is fairly stable and the annoying task bar messages have mostly gone away, but there are still Norton Antivirus warnings and an occasional popup.

The smitfiles.txt is attached. PLEASE HELP! Thanks!

 

Thank you.

Same result. I can't delete these files or change the extension. Access to the file is denied because it's being used by another program.

Also noteworthy - when windows starts, a program (WgaTray.exe; Windowns Genuine Advantage) try to access the internet. I deny it permission using Zone Alarm (firewall). This is not familiar to me, and could be part of the problem set. The seemingly related files in system32 are - WgaTray.exe and WgaLogon.dll)

 

Thanks! I beat you to the punch in running the "Read & Run Me First" (while I was awaiting your response). Reading other threads (that you were a part of), I've determined the WgaTray.exe and WgaLogon.dll files are Microsoft and should not cause concern.

I THINK IT'S GONE!! After running Ewido (I'm telling you I was busy reading other material you've authored), I was magically able to either delete or rename/restart/delete every one of the SpywareQuake related files. Cheers Ewido.

Here are the results from my adventure -

Rebooted to safe mode
Ran Ccleaner
Ran Microsoft Windows Malicious Software Removal Tool (nothing found)
Ran Ad-Aware SE (nothing found)
Ran Spybot S&D (fixed a few minor threats, but couldn't fix dcomcfg.exe - access denied, of course)
Ran Microsoft Windows Defender (wouldn't run in safe mode)

Rebooted to normal mode
Ran Microsoft Windows Defender (wouldn't run in safe mode)
Ran BitDefender (nothing found, but I screwed up and didn't save the log! STUPID! It took forever!)
Ran PandaScan (found a few things, I have the log)
Ran Ewido!!! (found 8 items, one of which was atmclk.exe. It wouldn't delete in safe mode, but i re-ran in normal mode and it was gone, which allowed me to either delete or rename/restart/delete the other files on your bad guy list. Unfortuneately, it would not allow me to view or save the log

After all of this, I decided the HJT may be an unecesary step. I ran CCleaner, emptied the Norton Protected files, and disabled system restore, . I'm 95% sure everything is gone and my music recording studio is back in order.

HERE'S A HUGE SHOUTOUT TO CHASLANG, MAJOR GEEKS, and EWIDO'S FREE TRIAL! The spoils of war are mine, major, but take with you satisfaction knowing you saved my computer in 3 days, and re-formatting and installing my studio is at least a 20-day project.

Let me know if you think you should still look at an HJT log. If so, I'll do my best to follow the steps correctly, as outlined.

P.S. If you are curious, I currently reside in Bath (not England, Pennsylvania )