Trojan...with Safe Mode problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by orchardlady, Oct 21, 2006.

  1. orchardlady

    orchardlady Private E-2

    I run Windows XP...use Firefox...have IE and Opera on my PC

    Here is what I HAVE done.
    1. I have run Norton AntiVirus (yes, I run and update it daily)
    2. I have run PCTools AntiVirus
    3. I have checked my options and run CleanCasche (which I run at the beginning of the day and at the end of the day)
    4. I have run Brower Hijack Retaliator 4.5
    5. I have run Ad-Aware Personal SE
    6. I have checked my options and run SpywareDoctor (yes, I update and run it daily; it is always running)
    7. I also run The Ultimate Troubleshooter from time to time

    I continue to have a trojan problem.
    I receive popups fromt he trojan.
    I recieve notices via a Taskbar icon...yellow triangle with an exclamation mark in it...which flashes. When I attempt to left click on it...or right click on it...it attempts to open IE at which time SpywareDoctor halt the open and warns me that I am attempting to do a bad thing, and of course, I choose not to continue.
    At this point the triangle disappears, until the next event cycle begins.

    I have also read the instructions to remove the trojan "manually", and have written down the file names.
    Problem...when I choose to open in safe mode the process begins, a list of partitions appears, then the process halts. So, I have not been able to do the manual removal. Am I not waiting long enough for safe mode to process. In the past it has opened rather quickly.
     
    orchardlady, Oct 21, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi and Welcome Orchardlady :)


    First off you have two antivirus applications installed at once and they will conflict with each other, giving various weird anomalies and most common a slow PC, especially when opening applications etc, so please uninstall one ( your choice which one but if one is paid for keep that )

    then run through the below first steps guide and attach the requested logs, the guide looks long but its laid out that way to capture as much info and clean as many of the easier to remove malware items first before we get to the stubborn ones,

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy - ONLY IF you were not able to run Windows Defender
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!


    I have also moved your thread into the malware forum.
     
    DavidGP, Oct 21, 2006
    #2
  3. orchardlady

    orchardlady Private E-2

    Will do...Thanks!!
     
    orchardlady, Oct 21, 2006
    #3
  4. orchardlady

    orchardlady Private E-2

    I believe I found my virus:

    CideoCompressionCodec

    Yes???

    Yes, I have been wading through the instructions line by line.
    I am ready to begin "Contere Spy", in "READ & RUN ME FIRST Before Asking for Support" But, before I start that I have the question above.

    I tried to search the Internet for VCC and from what I could determine it is a trojan...right?
     
    orchardlady, Oct 22, 2006
    #4
  5. orchardlady

    orchardlady Private E-2

    Oooops! That should be

    VideoCompressionCodec
     
    orchardlady, Oct 22, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes it is just another member in a long line of infections related to the Smitfraud (aka Zlob) family.


    I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.


    How are things working now?

    You really should complete the steps that Halo gave you anyway even if things appear to working okay. These kind of infections often come along with other problems.
     
    chaslang, Oct 23, 2006
    #6
  7. orchardlady

    orchardlady Private E-2

    Part 6 of READ & RUN ME FIRST Before Asking for Support says to 1) run Bitdefender. I will not run. So, as instructed, I attempted twice to run Panda...in IE, as instructed. Both times I clicked on the link within Part 6A. Both times the website was accessed, BUT both times IE shutdown. Yes, I was in SafeMode.

    Is there a solution for either of these problems?

    Thanks for the additional instructions for SmitfraudFix, etc. I will work through them now.
     
    orchardlady, Oct 23, 2006
    #7
  8. orchardlady

    orchardlady Private E-2

    First, "1) run Bitdefender. I will not run."...should read "IT will not run."

    How do I get my graphics (.jpg and .gif) to appear in my Outlook Explorer email. I have HTML format turned on. Since I started this cleaning process, my email is lacking these components...just the white box with the red x.
     
    orchardlady, Oct 25, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to complete the two step instructions for running SmitFraudFix before you do anything else. Since you did not attach the two logs as requested, all I can assume is that you did not follow those directions.
     
    chaslang, Oct 26, 2006
    #9
  10. orchardlady

    orchardlady Private E-2

    All appears to be fine now. I'm hoping I have attached the correct log and that I am not missing another log that should be attached!!

    If I may ask at this time.
    • How do I get my graphics (.jpg and .gif) to appear in my Outlook Explorer email. I have HTML format turned on. Since I started this cleaning process, my email is lacking these components...just the white box with the red x. I am provided the option of choosing to see them, but that is email by email.
    • When my computer boots I receive this message that I have to acknowledge each time..."The procedure entry point GetProcessImageFileNameW could not be located in the dynamic link library PSAPI.DLL'. Is this something I should or can do something about?

    I now have the following on my computer...which do you suggest I get rid of...if any?

    • Spybot Search & Destroy
    • CCleaner
    • Spyware Doctor
    • PC Tools AntiVirus
    • WindowsDefender
    • SmithfraudFix
    • Browser Hijack Retaliator 4.53
    • Clean Cache 3.0
    • Spyware Blaster
    • Ad-Aware SE Personal
    • Windows Security Center

    Installers...is it now safe to remove these?

    • WindowsXP-KB835935-SP2-ENU.exe
    • IE7-WindowsServer2003-x86-enu.exe
    • IE7-WindowsServer2003-x86-enu.exe
    • WindowsInstaller-KB893803-v2-x86.exe
    • WGAPluginInstall.exe
    • Windows-KB890830-V1.21.exe
    • jre-1_5_0_09-windows-i586-p.exe
     

    Attached Files:

    orchardlady, Oct 26, 2006
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry but these are not malware issues and we are just way too busy in this forum to address anything that is non-malware related. You should try asking these in the Software Forum.

    Is Spyware Doctor a paid program or free trial?
    Is PC Tools AntiVirus a paid program or free trial?
    Do you have any other antivirus programs installed?
    Windows Security Center is part of Windows. You cannot remove it. Or did you mean to give a different program name.
    You don't need SmitFraudFix!
    And whether you need Browser Hijack Retaliator depends on answers to the above questions.


    Again not malware, but if you don't need them because you already installed them, then delete them.
     
    chaslang, Oct 28, 2006
    #11
  12. orchardlady

    orchardlady Private E-2

    Okay, let me make sure I understand. By following the instructions given to me above so that I could clean out my malware, I had to install...specifically these items:

    * Spybot Search & Destroy
    * WindowsDefender
    * SmithfraudFix
    * Browser Hijack Retaliator 4.53
    * Ad-Aware SE Personal
    * WindowsXP-KB835935-SP2-ENU.exe
    * IE7-WindowsServer2003-x86-enu.exe
    * IE7-WindowsServer2003-x86-enu.exe
    * WindowsInstaller-KB893803-v2-x86.exe
    * WGAPluginInstall.exe
    * Windows-KB890830-V1.21.exe
    * jre-1_5_0_09-windows-i586-p.exe

    Now that all has been done and I have these items on my PC, you can't tell me what to do with them. Is that right?

    I don't understand this. I have them because the instructions I was provided and downloaded them per those instructions.

    So which forum do I go to now to discover if I should remove them from my PC? I hope you can at least answer this question.
     
    orchardlady, Oct 28, 2006
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First that is not what I said!

    Second you never completed the READ & RUN ME instructions so I have no idea what you installed.

    Third we (in the READ & RUN ME or in this thread) never told you to install any of the below:
    * Browser Hijack Retaliator 4.53
    * Ad-Aware SE Personal
    * WindowsXP-KB835935-SP2-ENU.exe
    * IE7-WindowsServer2003-x86-enu.exe
    * IE7-WindowsServer2003-x86-enu.exe
    * WindowsInstaller-KB893803-v2-x86.exe
    * WGAPluginInstall.exe

    And fourth if you answered my questions, I could try to answer yours! I already told you to delete the installation files for anything you already installed or did you not read the whole message.
     
    chaslang, Oct 29, 2006
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds