Trojan problems

Welcome to Major Geeks!

Please tell us WHERE Zonealarm is finding infections. The names of the infections are not really that helpful. For example when you said that Bifrost was found in C:\MGtools\Process.exe we can comment and tell you that ZoneAlarm is wrong. This is a valid program used by dozens of tools including our MGtools, ComboFix, .... etc. It is just used to terminate processes like you would do with Task Manager. We use it to help us remove malware by killing the process by using process.exe. The others could be similar false detections. I cannot comment unless you give us a log from ZoneAlarm that shows where these are being detected. Also you may want to read the below link:

http://groups.google.com/group/microsoft.public.security.virus/browse_thread/thread/0dea01f01240c675

Your logs are all clean but I do suggest that you uninstall the extremely outdated SpywareGuard v2.2 especially since you have Comodo BO Clean and ZoneAlarm's Security Suite installed already.

You also appear to be having frequent crashes of svchost.exe which you should post about in the Software Forum if I'm correct about this.

 

Let's perform ALL of our final cleanup instructions which will remove things from our quarantine folders and will cleanup system restore. After you do ALL of what I have below, then see if ZoneAlarm still finds problems. If so, attach their log.


Now we need to cleanup some items from running ComboFix.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.



Now it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix and C:\QooBox folders if they still exist.
3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
7. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

As I said before, the detection of C:\MGtools\Process.exe was a false positive. The other items where just things we needed to finish removing from the cleaning process and from System Restore.

 

That log is from 7 days after our last fix. In 7 days, anyone can totally reinfect a PC. However, this is just another false positive from ZoneAlarm. dmserver.dll is a valid Windows file and I doubt that it has been infected. Did ZoneAlarm delete the file/clean what it thinks is an infection? If so, why are you posting about it? If not, ask them why they don't fix what they think is a problem (even though they are more than likely wrong about this one).

 

You're welcome. Surf safely!