Trojan Horse Problem.

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

I see no evidence of the RAVantivirus online scanner being run.

You also install HJT where requested not to do so:
C:\Documents and Settings\HP_Owner\Desktop\hijackthis\HijackThis.exe

You also have multiple antivirus applications installed (AVG and Symantec). You must run only one. Pick the one you prefer and uninstall the other. Then reboot.

After correcting the above and installing HJT properly. Run HJT and have it fix the below lines (make sure all browsers are closed before fixing):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vyonw.dll/sp.html#90144
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

Now exit HJT.

Now reboot again and then get a new HJT log and post it.

 

You must not be selecting the right thing.

 

What problems if any are you still having?

 

OK! But answer message # 9.

 

I'm not sure what the below means!

What file sharing programs?

 

Are you saying you have a DSL connection and your contract is for 56k?

That would not be worth paying for since the bit rate is so low. That is less then the bitrate of a standard voice line (called a DS0) which has 64kbps (analog modems can only get a maximum of 33 to 51 kbps typical on this DS0).

You slow rates are probably due to the place you are connecting to being slow.

Note: Older versions of Limewire contain malware too.

 

Just because the people you are downloading from have DSL, it does not mean you will get fast throughput. They could be limiting download rates, they could have many people downloading from them, the server could be slow, and you analog modem could have a lousy connect rate and could have noise on the line. You should check your connect rate and also the quality of your voice line, also check your modem settings (none of this is a malware topic for this forum).

Online games via dial-up are probably never that quick.

You could run the below to look for any possible other hidden background problems if desired but your log is clean:

Follow the steps below.

- First run CCleaner before doing the below.


- Download this trial version of Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will have a window come up. One of the buttons on the left is to Update. Click the Update button.and then Start the Update. The update will start and a progress bar will show the updates being installed.
• After it completes the update, click the Scanner button

Now exit Ewido. Now print the below instructions or save them locally because I want you do have no browsers opened and also have no connection to the internet (unplug your cable) while doing the below.

Okay, reboot into safe mode and follow the steps below. (If you have any problems at all trying to get into safe mode to complete these steps, just run them in normal boot mode and make sure you tell me when you come back.)

Open up Ewido and do the following:

• Click on Scanner
• Then click Settings
• Under What to Scan? Select Scan every file
• Then click OK
• Click on Complete System Scan and the scan will start.
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop or anyplace you will be able to find it to upload here.

Reboot into normal mode and reconnect to the internet.

Come back here and post the Ewido Scan Report. And tell me if you are still having any problems. This log could get quite large and you may need to compress it into a ZIP file to upload it.

Post this Ewido log.

 

OK! That remove a few other minor problems. You still should look into what I said in my last message because I do not believe your problem is malware.

 

Did you mean "so maybe"? If your RAM was bad, you would normally have more problems then just this. How much RAM do you have?

And are you talking about a RAM upgrade for your PC?

Did you install anything else on the PC? Did you have any storms recently?

When you connect here on MG's, does it seem slow?

Try reconfiguring the parameters that initialize your modem. Or you could try uninstalling and reinstalling the modem.

Also you can try the below to see if we can find any other malware.

-Uninstall Ewido.
-Download install, update, and run a scan with Spy Sweeper save and post a log from it.

 

Sure I would like to know what is found.

You should try what I gave you though (uninstall Ewido and run Spy Sweeper) . It could possibly find some other issues.