Trojan problem

Hey getting a little better at solving PC problems myself....but apparently not good enough yet. I decided to help my older bro with some PC problems and think I found his main problem. It doesn't look like any damage was done yet but I can't get rid of 2 Trojan files. I wrote them down along with there locations (scanned with AntiVir):

Trojan - TR/Dldr.Delf.aeo.20
Located - C:\Windows\System32\fontextb.dll

Trojan - TR\spy.Delf.H.3.B
Located - C:\Windows\System32\st3.dll

I don't know much about viruses but it seems these two files spread themselfs around daily because the AV (I changed from his McAfee to AntiVir and also installed Zonealarm) I scanned with multiple times finds these two files and can delete them wherever they are...except for these two (witch I don't try to delete since there in MS files so I try to quarantine)

Panda scan did not produce any results so it dose not give a log? Will send HJT log also

 

I will be gone a couple days, I'm just visiting my brother's for the day. Sorry if I skipped over a specific removal sticky post that may be already posted. Also I couldn't get internet access with safe mode on, even with network selected on msconfig. My brother has a Dell with P4 3.4Ghz 512 ram Windows XP home SP2.

 

Ok, it seems the viruses are gone now thanks for your guide/links/services.

 

Please attach a fresh HJT log, you have some issues we need to address.

Did you run the Panda scan? If so please attach this log as well.

 

I posted this before I found out that he seems to no longer have a problem. So that was the fresh HJT log. Panda scan didnt give a log because it didn't find anything.

 

Okay, if you like go ahead and attach a fresh HJT log since it's been a few days.

 

Sorry for the delay. I will be gone again for a couple days. Whats goin on is I'm near my brother's/parent's place (45 mins apart). My brother is going to help me fix my truck but he is gone most of the time so I'm mostly visiting my parents. While I'm here by myself I figured I would help him out a little with some PC problems because he has been talking about how he is about to send it to Dell.

Edit: Thanks agian for your help

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00302} - C:\WINDOWS\system32\adsldpbn.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll (file missing)
O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - (no file)
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.upp2ono41xi9rman2.com/ff/inst.exe

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\system32\adsldpbn.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

Next Reset Web Settings & Default Security Settings

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.

Once you complete the above, reboot and let me know how things are running. Also attach a fresh HJT log.

 

Hey just got back from my parent's, again. Didn't nottice a difference in performance, but I don't use the PC daily. The file you had me delete did appear in blue. Again (hopefully for the last time :/) I will leave tommarow morning to go to my parent's and I should be back Friday. Thanks a ton for you'r help and if you wan't I can ask my older brother if he nottices a difference.

 

oops here it is. There was a change in plans, going to stay at my brother's for now

 

Have HJT fix the entries below: Once you complete this post, your log will be clean. Are you having any current problems?

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00302} - C:\WINDOWS\system32\adsldpbn.dll (file missing)

O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.upp2ono41xi9rman2.com/ff/inst.exe

 

No current problems still, thanks a bunch .

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!