TRojan Loader/Downloader/Agent taken over my computer

Welcome to Major Geeks!

Please remain in one thread. Your other thread was merged back with this one.

You need to attach the logs from the below programs as requested in the cleaning procedure:

• SUPERAntiSpyware
• MGtools ( the C:\MGlogs.zip file)

We do not ask for a Hijackthis log.

 

Please begin by clicking Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

• Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
• Then search forTDSSserv.sys
• Let me know if you find this or not.
• If you do find it, right click on it, and select Disable. Do not try to uninstall it.
• Also if TDSSserv.sys is found and you disable it, then reboot.
• After doing the above (whether the TDSSserv entry is found or not) continue on with the below cleaning instructions.

I suggest that you begin by cleaning up your Desktop. Remove all EXE files except ComboFix.exe which we asked you to save their due to how we need to use it. You should not save files like this to your Desktop. Make a folder (not on your Desktop) and save your downloads to this folder.

Uninstall the below old versions of software as requested in the READ & RUN ME.:
Java(TM) 6 Update 3
Spybot - Search & Destroy 1.4

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\WINDOWS\TEMP\winlogun.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)

After clicking Fix, exit HJT.


Now we need to use ComboFix.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now install the current version of Spybot as requested in the READ ME. Get it from the below link:
SpyBot - Search & Destroy


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!