trijan-virus infection

hi can i first apoligize if i am in the rong part of the forum.
i am not very proficient on pc's so i dont really know where to go and what to do.
i have looked at a few other threads for spware/trojan/virus removal but i am at a loss to understand them to be honest.

to start i have been trying to remove a trojan(?) problem for sevreal days with no success i have downloaded every free program i can think of or find but without and luck.

it seems as if the trojan is locking me out of my own system?(is this possible)

my pc already had norton internet security and antivirus 2005 which i though was upto date and protecting me so i am not sure how i got this problem (my kids all use the pc as well so ????????????)

i have run a hijack this log to copy on here in the hope that some1 could help me but could you please be very explicit in your descriptions as i say i am not the most knowledgable on pc's.

many thanks.

Edit by chaslang: Unrequested inline log removed

 

it maybe helpful to add what i have discovered so far!

1) norton symantec will not detect/remove anything

2)no online scans from anywhere will remove anything and only detect minor spywares that adaware cleans up.

3) when i restart into safe mode i have the option of logging in as myself or as an administrator ( but i have never created an administrator account there should only be 1 account on the pc my own.every1 in the family uses my account)

4) all removal programs say access denied to certain areas when i am logged in as myself but in the administrator account i cant run any removal programs as it wont let me. i have even tried saving programs to a CD but in the administrator accounti cant even open the cd to get to the programs.

i hope this mat help some 1 to help me if there is any ther info i can supply please ask and i will respond as best i can.

if what your request requires any amount of pc knowledge then please explain how i do what it is you need me to do.

 

hi the more i read the more i realise i am making a mess of this!.sorry guys n gals.

i have been reading thr generic solution for "only the best aka HSA and about blank hijackers post.

and what i have discovered is that i am 1 of the 1's who cannot be fixed with that method.(which i was very unsure i could do anyways its so complicated).

could some1 please point me in the right direction now?

if i have that unfixable 1 how do i fix it please?

 

hi guys i guess i have finally got round to what you all want.........sorry again!

as i am sure you will understand those of us who dont know what we are doing just panic when something like this happens!

i know where i am and what i need to do to provide you all with the information necessary to help me now

i have downloaded all the files from your links (thanks for that makes things easier) and will run the tests you require now.

please disregard all the nonsense i ahve put on here so far( i am sure you were anyway.lol)

and i will submit the relevant details in a new thread with the correct information.

thanks.

 

major trojan/spyware problem.

hi i posted earlier on without running any of the tests you require to help you help me.

the problem i have is that i am running a pc with windows xp home edition and recently had to do a full system restore (or so i thought) from the hard drive partition(i dont have restore disks).

i have tried to run symantec online,trend micro online ad aware(with cleaner plug in) Ccleaner spybot,spyware blaster, mcafee avert stinger, CWshredder,kill2me,about buster.

the problem is that the pc will not execute ANY OF THESE SCANS OR CLEANS.

when i log onto the pc (safe mode) there are 2 options myself or administrator but i have never made an administrator account and if i try to do anything in my profile everything is locked out to me. if i go into the administrator account everything is still locked(best i can tell i am not very proficient on pc's).

the windows explorer is v5 as i am unble to download any updates from windows except v5 updates so i havent as yet downloaded them.

i am at a complete loss as to what i need to do now.

i can run a hijack this file that a friend downloaded to cd on another pc for me but i have no idea what to do with it and how to resolve any problems it may show.

i have not posted a log on here for you(as stated in the forum guide) but i can upon request.

could some body please help me out here as i am completely lost now.

i have tried getting other programs on cd but i get errors and am unable to install them so i dont think this is an option unless you guy/gals know differently.

 

Re: trojan-virus infection

hi many thx for your replies and can i once again apologize for the mess i am making of this (i am sure you get frustrated by this all the time).

i have some additional information that may help you advise me on my next steps.

i have manged to download and run AVG free antivirus and the results showed that my C:\windows\system32\winsi.exe was completely infected with:
backdoor IRC SDbot155.5
backdoor small 31.AE
backdoor SDbot174.P
backdoor small 27 AQ

please note this IS NOT a full scan as the scan crashed and i am unable to get it to finish.

one reason for this is maybe? that i was quarantining the files as they showed up and a pop up came up saying windows must shut down and crashed everything then rebooted (i assume this is the work of the infection).

could some1 please advise me as to my next step?

if i remove or attempt to remove(as i woudlnt know how to do it) all these registry items how would i replace them?

it appears as though my original windows is infected with this so a system reload isnt an option unless i go and buy a new windows apllication (xp home etc).

if i let avg run and delete all the infected registries what will happen?
is there a way to download/save a new registry?

regarding a hijack this log do you still want me to provide 1?

yes i did run the read me first steps in safe mode!

 

Re: trojan-virus infection

hi further progress made but the more i make the more confused i get.

i have at last manged to run the omline scans in safe mode (with network support) i think i couldnt do that initially because the system wa crashing with so many errors.

the position now is this!

all other scans clear except syamntec online:

this detects:
1) system32 PIF download.trojan
2)system32 TFTP248 W32 IRc bot gen
3)system 32 winsci.exe w32 spybot.worm


also when i run spybot (updated of course) it detects and supposedly fixes 5 DSO exploits: HKEY-users\5-1-5-18 5-1-5-19 5-1-5-20

HKEy users\default\software\microsoft

hkeyusers\5-1-5-21-725345543-82318204-83

they are all noted as registry changes.

everytime spybot detects and then fixes these and then i re-scan they are back again........even if i reboot or whatever.

all other programs such as mcafee avert etc as on ur self help section run clean.

i hope this information helps i will now reboot my pc and run the hijack this test and post the results.

 

Re: trojan-virus infection

hijack this log attached.............


sorry it means nothing to me but i guess it tells you folks what you need to know.

 

hi,attached is new hijack this log.

there were a couple of things i should tell you (i guess) about how it went.

i followed your instructions EXACTLY but:

the hardware clock was hwclock (as u said)
after killing the processes 023-service hardware clock driver(hwclock)-etc

wasnt there!!!

and in safe mode using windows explorer to delete.

the first 3 were there but C:\windows\system32\icqjdhs.exe winsi32.exe or hwclock.exe also were not there!!!

everything else was exactly as u predicted.
i dont know if previuos scans actions.had already removed these or if they are hiding somewhere else?

i did do a search of ALL the pc as well to see if i could find them but i couldnt!

i am now going to do a symantec online scan to see if it detects anything while you folks check my new log attached.

many thanks again!!!

 

Re: trojan-virus infection

still got big problems here!

dont know what they are!

to re-iterate what i said yesterday..........all this started when i did a full "destructive" restore on my system so i DO NOT have ANY microsoft updates as yet.

when i try to go to microsoft it directs me to v5 (is this correct) this is a windows xp pc? it should be later than v5 shouldnt it? i dunno?

should i go there and download all the updates?

i cant run a symantec scan now as it says i need IE.5 or better?????

yet i have run them earlier?

do i still have an infection?

i have AVG free version installed on the pc but i havent used this product b4 so i am unsure as to the level of protection it will give me when i have no msn updates?

and is there anything i can do about the corrupt files in my backup reload disks (which are still in the hard drive partition)

i know some of these questions maybe for a different forum of the majorgeeks but i dont know if these problems are inter related?


i also keep getting pop ups saying my registry is corrupt? are these trojan activity or genuine pop ups? and if so what can i do about them?


please persevere with me geeks i am doing my best i realise its not very good but it is my best.lol


many thanks!