Stubborn malware problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by Calypze, Jun 3, 2007.

  1. Calypze

    Calypze Private E-2

    I'm not exactly sure how my computer became infected, but I know that it is.

    I use Avira AntiVir as my antivirus program, and I also use HouseCall by Trend Micro for additional protection, as well as eScan (MWAV). Avira AntiVir has found some stuff which I don't remember the name of, but I'm fairly sure that they had "Java"-something in them, thus being Java-based. I preformed a full scan with AntiVir and then it came up clean. However, after an update, it found something called HTML/Dldr.Agen.QV.7 which according to what I heard from another person is a Hungarian keylogging Trojan designed to capture bank account keystrokes. HouseCall found one "grayware" but after that, it has been coming up clean.

    However, eScan has found various stuff, among them freespyscannerandremover Corrupted Adware/Spyware, Possible Fujacks-type Worm and zlob Trojan-downloader. These seems to be gone now (at least eScan hasn't refound them), but the malwares called gain.gator and look2me refuse to go away. Multiple times, eScan has identified them and "removed" them, but at a computer restart an eScan scanning finds them again. I've tried the two available anti-look2me programs available here, but Kill2me is unable to identify and remove it, and Look2Me-Destroyer fails to restart as it is supposed to do after the box "Run this program as a task." is filled in. Spybot and Ad-Aware come up clean, I might add.

    I may also add that Spy Sweeper has found clientman. However, I'm using the trial version so it won't remove it.

    This malware quite often unblock a few sites which Advanced Windows Care has blocked, as well as causing the computer to make a lot of noise (like if it was preforming heavy work) after start-up untill perhaps 5 to 10 minutes afterwards, for no apparent reason. Recently, my IE start page was also changed from the BitDefender Online Scanner to nothing. I use Firefox for general surfing, just using IE for online scanning.

    I might also add that I've been unable to scan with BitDefender and Panda (I was following the Read and run me first). When I try to change the settings in the Online Scanner, I get an error message, and if I try to run the scanner, it fails to download the definitions, and warns that any scanning will probably be inaccurate. If I try to run Panda, IE crashes.

    Frankly, I also believe that something more sinister has infected me. Why? Because some programs that used to start up at the start, like the Spy Sweeper trial, doesn't anymore, SpywareGuard crashes immediately when the computer starts, etc. From what I've read about look2me and gator, I seems unplausible that they would do such things.

    I've also run Norman Malware Cleaner and AVG Anti-Rootkit Free as well as a-squared Free, and they all come up clean.

    My OS is Windows Vista.

    That's pretty much it I think. Hopefully I haven't forgotten anything, and I hope to get some help here, since no program seems to be able to solve it. I can post a HijackThis log you wish.
     
    Calypze, Jun 3, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please uninstall the Spy Sweeper trial if still installed before moving on to the below.
    Also uninstall Spyware Guard which is too old to be of use and may not really be compatible with Vista.

    Note that I doubt we are going to find any real problems in your Vista OS unless you disable the builtin protection of the UAC. In addition, we are not realy equipped to debug problems with Vista since it is so new and none of the malware helpers here are using it since we don't need it and don't want to spend the money for something we have no need to use.

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy - only for Windows XP, 2K, & NT users
      • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    chaslang, Jun 4, 2007
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds