Trojan.PWS.Tanspy and Trojan.Generic

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

Also attach a log that shows exactly what Spyware Doctor is finding.
Is your copy of Spyware Doctor a paid version or trial copy? If it is a paid version, you should be complaining to them about not fixing what it finds. If it is a trial, you should uninstall it after we finish your cleanup as it is a waste of system resources to have it running because it will not fix anything for you.

 

This image is not helpful since it does not give info needed. Click the + signs by the Registry Key text to expand the info so the keys can be seen. Hopefully they fit on the screen but I doubt it. You may need to scroll or highlight the info and copy elsewhere. It could just be a false positive as I don't see any signs of this Trojan in your logs.

Let's correct a few minor things that I do see.


Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O24 - Desktop Component 0: (no name) - (no file)

After clicking Fix, exit HJT.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.

Make sure you tell me how things are working now!

 

NoAdware and Spyware Doctor have never been on my list of things to use. Main reason is for false positives and that is what you are seeing those registry keys shown in your snapshot are valid registry keys appearing on almost all PCs. They are even on mine. It is not those registry keys that are problems. It is what malware could put under them that could be problems.

Uninstall both Spyware Doctor and NoAdware now. They are not helping you if they are only trials and they are giving you false information.

No. It should only affect Windows Messenger. Windows Messenger was such an issue that Microsoft even finally removed it with certain updates to Win XP SP2. Also it was totally excluded from Vista. You should get the current version of MSN Messenger installed anyway. 4.7 is way out of date. Last I remember it was at least into the 7.5 area or above. And there is also Windows Live Messenger which is 8.+ Old version of tools are security risks.

Based on your HJT log I still see Windows Messenger trying to be loaded. You can fix the below line with HJT:

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

As I stated above, these are definitely false positives. Those registry keys are in all PCs and are not problems. If there were subkeys underneath them, you would then have to check to see what they were to know if the subkeys were valid. You don't have any subkeys so there is no issue.


You could delete the below file that NoAdware pointed out:
C:\WINDOWS\unin.exe

It is not really an issue either. It is just an uninstall program for something you installed but a few programs think it is something called WinSpy. You don't really need the file so you can simplye delete it. The other items in the log from NoAdware are false positives.

 

You're welcome.

There is no one program that provides complete protection. That is why you see all the different categories under the How to Protect yourself from malware! thread that you mentioned.

Many companies offer packages often referred to as internet security suites. These are their attempt at providing a complete package. The problem is that they have multiple issues:

1. the largest problem is that they are all massive resource hogs which will dramatically slow your PC down
2. they give a pile of really unnecessary programs that just compound # 1
3. they don't really provide any real advantage over individual applications especially when you choose only what you really need as in the How to protect youself link
4. due to their complex nature they seem to always run into problems where malware or even just their own software bugs causes them to stop working properly. And they can be very difficult to fix. Sometimes a total uninstall and then reinstall is necessary. And sometimes even that may not work.
5. many of these security suites are more difficult to get properly uninstalled then malware. Thus when you inevitably decide to get rid of them, it can be very difficult and typically results in you unknowingly have multiple security suites installed at the same time which will make your system even slower.
6. add to all the above that you have pay a bunch of money only to discovery all of the above issues for yourself over a period of time.

As far as your question about paying for tools. Yes there are good tools. It is just a little difficult to say what is good for any individual. The difficulty arises due to facts like below:

• Everyone has differing levels of expertise with PCs, software, system administration and the concept of protection. So while one program may be really great for an expert user, it could prove too complex for an average user or novice even though this complex program could offer the best protection.
• Each PC has different specs like processor type and speed, the amount of RAM, and how many and what type of other applications are being run. Thus what runs fine on one PC, could put too great a demand on resources of another PC.

Sounds depressing doesn't it? Don't worry just follow the How to protect yourself thread instructions and you will be just fine. A multi-layered approach is what you will see in this link and also a great deal of how safe you will be is based on your own education in computer security and your surfing habit (all explain in the link).

Happy Holidays to you too!

 

You're welcome. Surf safely.