trojan horse virus

The pc's OS is Windows XP with sp 2. I went through the "read first" thread and ran the spyware programs as mentioned and the anti-virus software as requested in safe mode, with the hidden files and folders showing, etc..

When i ran the first virus scan this is what it listed as viruses on the computer:
exploit.html.mthredir.gen
trojan.msdrop.en
trojan.dloader.zt
trojan.downloader.czr
trojan.downloader.ca
trojan.pws.agent.ca
trojan.downloader.agent.rv

The second virus scan that i ran found:
java bytever.a

I rebooted the pc, ran the spyware progs, then rebooted again. Then i scanned with avg and found:
trojan horse.downloader.agent.pn

I ran hijackthis per requested and attached the file. Any help with this would be appreciated.

 

Using Add or Remove Programs in teh Control Panel uninstall the following:

Follow the instrucitons in this thread:
Running Ewido Security Suite

Once done come back here and post both the Ewido log and a Fresh HijackThis log, as attachments.

 

Ok, did everything as requested.

 

Download
- Pocket Killbox

Make sure you have done the following:
How to view hidden, system files & folders!
Searching for Hidden Files on WinXP

Please make sure System Restore is OFF.

Run HJT Choose Open the Misc Tools Section choose Process Manager, Highlight: (Some of these may not be shwon in the list of running processes)

Choose Kill Process.

Now scan and have HJT Fix the following:

Now run Pocket Killbox:
Choose Tools > Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner and delete the contents of C:\WINDOWS\Prefetch.

Now reboot to Normal Mode.

Please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

Now come back here and post all three logs as attachments and a fresh HJT log, you will need to do 2 posts to attach all 4 logs.

 

Went ahead and did everything as you requested, for some reason when i did your last and final step with the rkfiles tool, i would double click on the 'rkfiles.bat' icon in safe mode and a command prompt window would flash for a second that was it. So i only have 3 logs since rkfiles tool never created a log for me.

 

Here's the other log.

 

I need the RK Files log and your HijackThis log needs to be from Normal Mode.

 

I tried obtaining the RK files log like you requested, and still the same results. I cannot find the file in f:\ . I'm not sure if the program is running incorrectly or whats going on, like i mentioned before the command prompt window flashes for a second and thats it.

 

The File is located here C:\Log.txt

 

my hard drive is F:\ I ran 'Search' for the file and couldn't find one named log.txt I'm sure im overlooking something.

 

Your HijackThis log is clean.

Boot to Safe Mode.

Open Windows Explorer and navigate to the following:

Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

 

Locate rkfiles.bat, right-click on it and select Edit. Everywhere in the file where there is c: replace with f:. Now run rkfiles.bat from safe mode and post the log.

 

alright here it is.