trojan problem

i have Windows98
Firefox browser
Zone Alarm Firewall
avast! antivirus

a few days ago i downloaded winamp free full version from here http://www.winamp.com/player/free.php
today i went to instal it and during the instalation my avast! on-access scanner notified me of a trojan in this file. i dont remember exactly what it said, and what i clicked next but i clicked OK which i was sure got rid of the trojan. my avast! on-access scanner shows the file was eMusic-7plus.exe and infected count at 1.
ive ran these programs and found nothing..
avast! thorough scan
Spybot Search & Destroy
Spyware Doctor
Ad Aware SE Personal
Trojan Remover 6.3.5
Tauscan 1.7

i ran these 2 programs -TrojanScanner 5.29, Anti-Virus & Trojan Advanced, and both said found trojan!! register to remove. both of these were shareware an you need to pay/register to remove this trojan.

are these 2 programs that found this trojan more accurate in showing i do indeed have a trojan? or are the other programs correct in showing i dont have a trojan?
are there any other programs i could download/run to show i have a trojan and remove it?

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

ok i did everything on the READ ME FIRST page.

CCleaner -cleaned
Ad-Aware SE -found nothing
Spybot Search & Destroy -found nothing
CWShredder -found nothing
Kill2me
about:Buster -said this "ADS not scanned System(FAT)"
HSRemove would not work, i only have win98

Spyware Blaster -enable all protection
McAfee Stinger -did a search and all it said when done was "Number of clean files"

i also used..
Spyware Doctor -found nothing
Bazooka scanner -found nothing
Anti-Virus & Trojan Advanced -Found Virus!! Please register to remove it.
Trojan Guarder -Found Trojan!! Please register to remove it.



i tried to do the online scans..
Symantec Security Check -Sorry!
The page you requested is not accessible
Trend Micro's online scan with Java -it would only show this.. Operating System: Is Supported, and for Java Vendor: Java Version: Java Enabled: it would only say Detecting, and i left it running for awhile.

i then downloaded and ran hijackthis.
ive never used this before, and hope i did it right.


other information that might be usefull.
Toshiba Techra 8000 laptop
Windows98
i only use Firefox 1.0 as my browser
Zone Alarm Firewall
avast! anti virus

 

You HJT log looks ok right now except for the installed programs below. Please look in Add or Remove Programs for the following and Uninstall them as some of these may cause conflicts:

Spyware Doctor

Anti-Virus & Trojan Advanced

Spyware Blaster

Trojan Guarder



After you uninstall the above, please move to next steps.

1) Download Trojan Hunter 4.1

2) Install TrojanHunter, please note at the end of the install setup will prompt you to update to the latest definitions, please do so.

3) Select all drives and run a FULL SCAN.

4) After you uninstall all the items listed above, and have scanned and removed all detected infections with TrojanHunter. Please reboot and post a new HJT log.

Thanks Bj

 

ok i uninstalled/removed the following programs
Spyware Doctor
Anti-Virus & Trojan Advanced
Spyware Blaster
Trojan Guarder

i then downloaded, installed, updated, and ran TrojanHunter. i ended up running it twice.
the first time it said "Found possible trojan file: C:\Program Files\Sports Mogul\Baseball 2004\BBAutoUp.exe (SDBot)" it also said when i clicked on submit, "automatic submission of suspicious files is only available to licensed users"
i havnt played Baseball Mogul since last summer so i uninstalled/removed that program.
i then ran TrojanHunter again, and this time found nothing.

i then rebooted and ran hijackthis. ill include the new log file.

i also ended up installing Trojan Guarder again to see what it would say, and still it says "Found Trojan!! Please register to remove it."
would this be something this program says to encourage people to actually buy the program, and there really is no trojan, or whatever it thinks is a trojan actually isnt ??

are there any other free programs i could download/run ?

thanx for your help

 

Do another scan with HijackThis and Check the Boxes for the following:

Again, make sure All Browser Windows are Closed when you Click FIX.



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL (file missing)


NEXT: Download the following programs.

CCleaner

Spybot S&D

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.



Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now.

Good Luck!


Note: If TrojanHunter didnt find anything but that then your most likely clean. HJT log is fine other that these few entries.

 

ok ive done all that.

Spybot Search & Destroy was clean
when i used CCleaner it removed everything under the windows heading. then there is a heading named Issues where i click Scan for Issues, there are a bunch come up. do i need to click to fix any of those?

i did the cleanmgr under run and cleaned up those 3 names aswell as My Downloads. i dont know if this is something normal, but after that i checked Windows\Temp i still had these 3 names that would not delete..
Jet4ebe.tmp
Jet6d32.tmp
ZLTo77od.TMP

i ran hijackthis and removed those 2 lines you mentioned. i then ran hijackthis again, and ill include the log.

also before when i uninstalled Spyware Doctor, there was a message pop up informing me about 2 files that might be usefull in other programs, that i did not delete..
msscript.ocx & wshcon.dll
both of these files have been on the computer for years, so i left them.

 

Usually we dont recommend you doing the third scan, only the first two scan are required. Personally, I wouldnt do the third scan with CCleaner. If you just want to, I would recommend running a Registry Cleaner.

As far as those files go, I would try booting into Safe Mode and deleting them again.

As far as your HJT log goes, this log is clean. Are you still experiencing any problems?

 

i havnt been having any problems that ive noticed.
all the regular programs recommended on the Basic Spyware, Trojan And Virus Removal havnt found anything.
the only 2 programs that have found anything are..
Anti-Virus & Trojan Advanced -Found Virus!! Please register to remove it.
Trojan Guarder -Found Trojan!! Please register to remove it.


is it possible to boot in safe mode using windows98?

 

Yes, When you see the BIOS screen flash, start tapping F8 until you get to the list of options. Then choose Safe Mode

If TrojanHunter and the others have not found anything then you most likely clean. You HJT log was clean so I think your ok

Wouldnt hurt to see this thread on How to Protect yourself from malware!

 

ok i restarted my computer in safe mode and removed those 3 files.
(quick question, what is safe mode with command promt only?)

when i restarted my computer normal, i checked Windows\Temp, and there were more files that start with jet###.tmp and there is also a folder named _avast4_
i copied these names down on a piece of paper aswell.
i again restarted my computer in safe mode. some of the names from in normal mode, were not here this time in safe mode. i did a search, and nothing came up.
while still in safe mode, i right clicked and did a scan with avast! there would be another name jet###.tmp that would appear briefly before disappearing. this happened when i did this a couple more times.
i deleted these files again, and emptied the recycle bin.
a few minutes later checking out Windows\Temp, there was a file _iu14D2N.tmp
i right clicked on this file and did a scan with avast! and then the folder _avast4_ would appear along with briefly another jet###.tmp
i deleted these again.
i then restarted in normal mode and when checking Windows\Temp there were still some names jet###.tmp

would these files be from the avast! antivirus? and maybe i could download a different free antivirus and not have these anymore?

i also had a totally different problem occur.
i came to this page/thread and was going to reply when i had this message come up accross my screen..
"a fatal exception OE has occurred at 0167:BFF9DFFF. The current application will be terminated."
"EXPLORER caused a general protection fault in module KRNL386.EXE at 0001:000049e3."
this also happened for FIREFOX and ZL
any idea what caused these? and what to do?
i dont know why these happened and i guess i got scared and just hit the power bar. after restarting the laptop i have been able to come here and reply to all this without any problems.

 

For removing TEMP files, download, install and run CCleaner

Remember most programs, when ran create temp files that are stored here and when they are closed, the temp files go away. This is normal!

As far as the error you recieved I wouldnt worry about. Just restart and let it be. If it happens again then I would suggest posting that problem in a new thread in the Software Forum.

I believe this is where you can boot into DOS kinda like Recovery Console in WindowsXP. Im not very familiar with Win98 as I specialize in WindowsXP.


All of this being said, your clean from any infection! So my suggestion now would be to check on Chaslang's Sticky!

How to Protect yourself from malware!