trojan downloader win32/Purstiu.A

after getting rid of coolwebsearch stuff with CWShredder, I still had problems .I did all the read this first steps , all online scans neg. Downloaded Microsofts Malisous code tool ,and it found trojan downloader win 32/Purstiu.A ...It claims it removed it and I only needed to restart the PC ,,but after I did I repeated by going back and downloading the tool again opening from location and it found it again . It seems to corrupt downloads as well as files on my PC can anyone assist?Meanwhile I will quest on .

 

Ok ,,ran the Hijack This ..Found that name with Microsoft malicious code tool kb890830-V1.10-ENU.exe ,,the rest came from Major Geeks site which was fantastic! It reinstalled itself .I ran fxlodear that also temporarily removed it . Then ran DR.WEB arweb-cureit.exe ,it found 3 files listed as CONFLICT 1,2,3 gdnUS1402c:WINDOWS\DOWNLOADED PROGRAM FILES trojan downloader 3080 and two possible backdoor trojans windows\system32 links.exe and c:\ntfull.exe ,changed settings to delete ...ran PC tool anti virus that found nothing until I updated it and it then found 3 infections all Dialers ... Ran fxlodear in safe mode and kb890830-V1.10-ENU.exe again ,,gone. Got message on Hijack This and here's my log unless I make a mistake ..I clicked on make log and it made a second one I didn't allow to replace first ,,declined second , but it also said ACTION TAKEN VALUE DELETED ... Ok appreciate you guys big time and here's the log...

 

Hello ,,,ok before I got to this a file went missing or was corrupted and windows couldnt load , So I did a restore on my emachine (w2888) with the 3 restore disks .. I downloaded fxlodear.exe again (the trojan removal tool ) It disabled one proscess ... I couldn't open explore to show hidden files , but was able to turn off restore again ...I downloaded Dr webcureIT and it found 2 items it renamed twice . both possible trojan one backdoor ..I reset it to delete them . one of them showed up when I did the HJT scan ,,,aol ends with (file missing) so when I ran the HJT only one of the 4 things were on your list 02-BHO(noname){FDD3B846-8D59-ffb-8758-209B6AD74ACC} Also im not sure with what you said about make sure your not using CONFIG to control start up ? if I read you right you meant dont do anything to it ,,,as is settings ...? here's a HJT log after reboot .... not sure if the problems are fixed yet ,time will tell , but the thing survived the restore with the 3 disks , and although I was told by someone I could do a Destructive Restore I never found that option on my machine ,,,,ok here's hoping !!! and thank you for the help and your time !oh left out the fact I did get eplore to open and installed the folder in program files for HJT..The original thing was downloads were saying they were corrupted on downloading ect...That has stopped for now and nothing has reported it was having a problem and needs to close in a while ...

 

h

Yes I do lol .... I wished I understood what that means exactly too lol .. I was told you could do a Destructive Restore ,,reload the 3 restore disks and nothing could survive that ? I didn't find that option ,,or the option my computer suggested of using the restore disk and pressing "r' at the first screen .Instead I got to pick 1or2 1 being restore 2 command prompt .2 got me A\: and waited for info .1 got me a warning about backing up my stuff all data will be lost ..I went for 1 ..I have the SP-2 disk from microsoft , but would like to know if I should install the Big Fix patches or SP-2 first ??? I dont mind reloading software . All of it was installed in doc and settings before , and now I know how to do this in Program Files instead ..
Ok installed zonealarm anti spyware ...one thing stood out >{ ZONE ALARM ALERT windows explorer was prevented from changing the behavior of zone alarm anti spyware by modifying the file winsysdir\zonelabs\zlreupd.zip}....Dont know what that means really except ZA is concerned and im not asking the PC to do anything like start a program or get online .< OK ,,,installed fxlodear.exe and ran it in safe mode (trojan finder Symtex i think) it stopped one threat proscess no details . At this point i had no problems using the PC ... restarted into reg mode nothing different ,,,then on another start zonealarm was warning it couldn't varify a zonealarm file and it's crippled ...I unistall it , run anti virus anti worm (PC tools ) nothing ...DrWeb-cureIT nothing ... everythings ok but I have no firewall ... I turn it off unplug the line is normal op now ... I start this AM and get the error message one of the files containing the systems Registry data had to be recovered by use of a log or alternate copy .The recovery was successful . Well Ive seen this before and know it isn't good ... sure enough msmsgs.exe says entry point not found..the procedure entry point COMResModule Instance could not be located in the dynamic link library COMRes.dll.<> (Ok I still have restore off , and had downloaded 3 patches from Bigfix starting with the spooler one ...) PCTAV.exe entry point not found ,,,MSP PNP ,,system recovered from a serious error tell microsoft (declined) but clicked on details BCCode :c2 BCPl:00000007 BCP2 : 00000000CD4BCP3:00000000 the following files will be included in the error report C:\WINDOWS\Minidump\Mini112005-01.dmp and C:\DOCUME~1\CHARLE~1\LOCAL~1\Temp\WER2.tmp.dir00\sysdata.xm1 or l ...It's still working but I suspect I will continue with problems that will pop up as the day goes on . Also this may refer to the end program failure ..I tried to run the microsoft malicious code tool ,,the firewall was saying it was starting for 10 minutes and the Task Manager showed CPU at 100% often and end task wasnt working often showing nothing responding and then running alternately ...not sure what info is important here ??? I got a tablet next to the PC and will write down anything odd ...

 

I appreciate your time . I was re running the lodear.exe and malicious code finder because after these programs found and removed things , I found they got back in or replicated themselves . I restored from disks because I got a message windows couldn't load and was missing a CONFIG file, or it was corrupted ,,(,Last time it was a WINDOWS 32 ) Last night I opened Paint and got an error message that said Piant was having a problem and needed to close . I use that program so I was a little pissed lol . It's fustrating ,,,and I also realize I fustrated you a bit by working on my own making your info a bit dated since I was changing things before you had time to reply . Believe me I learned from it all,and since this is a bit like a loop ,the next time around ,your info is used . I agree about BigFix being a waste of resources ,and it's toast when im done .I posted to the software forum after finding nothing already written to answer my question in terms I understand on reformatting. I think since I was forced to restore and lost my data so recently it might be best to do that while I have so little on the system . All else fails I have SYSTEM SUITE 6 with a secure erase that will rewrite over all the stuff on the disk I will try .. Thanks man

 

Ok managed the reformating , and all is well . I have downloaded firefox and the rest of my stuff again after SP-2 and updates . I got rid of Bigfix ...I think AOL is spyware by the way ,,and removed the free preinstalled version. that was the only thing that seemed to rock the boat and got me an error message that refered me to windows to check my hard drive ,,ive done that so I just think it's AOL spyware . ,,I wished they wouldn't pre install any thing but windows . I will be haunting Major Geeks now soaking up the info , it was a big help , and really the only help I had .thanks

 

Did all that including removing Java VM ,,,Great week but last night the PC started restarting repeatedly . Error messages ,,I didn't get to read most of them , and I shut down . I put in the VCOM System Suite 6 and used the rescue features deleting the partican , did the military secure erase over writing the hard drive 3 times ect, recreated a partican inserted the generic boot codes and restarted .The computer warned that the OS was missing or the hard drive was unformatted ,,I inserted the 3 Disks in order reloading windows XP home ed. on my emachine W2888 all went well , but i noticed while the time was wrong the date wasn't ...Hummmm? I uninstalled AOL coach ,AOL , Big Fix , Norton aini virus , restarting between each one . phone disconnected too. I installed the VCOM firewall and utilities , and played a game of solitare ..then I reinstalled SP-2 from disk then my ISP wal-mart connect from disk . The firewall asked if walmart con. could get on the internet I clicked yes ,it asked about NlSD /driver wants to connect to 000.000.000 something like that I said no . I have been showing on the firewall logs some major attacks by the way ...Ive been a very good boy , and haven't gone anywhere very risky . I downloaded ZoneAlarm Suite trial ,,While im waiting Real Player wants to register , but then encounters a problem and needs to close ...ZoneAlarm finishes and I restart and it says it has discovered a new Network connection and wants to know if it's to be high or low intranet zone level security 169.254.0.0...I go to NetWork connections and sure enough under LAN or High speed internet I have an enabled listed as Local Area Connection 2 WAN Network Driver ,,I disabled it . Im dial up without any need for Network I know of . Is this a rootKit or a hacker or what ???? or am I misreading it ? Like I pointed out the calander had the date set without an internet connection . the clock was off . but there is life in there after particaning .... but Im new to all this ..2 years ago a hard drive was too many miles in too short an amount of time . Got any computer holy water? lol (kidding) but I need some ideas...

 

Ok sorry about the too much info first ,,,and no I run one firewall at a time ,One is from a disk,and I use it to get online until I can redownload zonealarm ,then it's disabled, and the windows sp-2 firewall ,that stays disabled ,,, same with anti-virus (one at any time only. ) If this isn't a spyware issue ,,it's a hacker issue . That is what i suggest in the paragraph , and pose that question ,can it be? I have no problem installing software ,,,it's keeping it uncorrupted by spyware,trojans,viruses or hackers for a week . I noticed a new internet connection in NETWORKS brought to my attention by ZoneAlarm Suite .. The other firewall had recorded attacks before I installed Zonealarm . Then my computer one day starts restarting , and screwing up . It stopped when I purged and cleaned it , so I would say it is not the HARD DRIVE going out .Since it stopped for a week after last time I re particaned the disk and cleaned it ,,,and stopped again after this time.....Is there a site devoted to HACKER DETECTION INFO and or ROOT KIT ???