Trojans?

Hello
Recently I've been getting an error message on the screen stating that there are som problems with BLOHBJ.dll file and when clicking OK I get an error message from microsofte saying that IE need to be closed. This happends every 5 min or so. (Not sure if the name of the file is 100% correct "BLOHBJ.dll").


My computer has Windows XP, SP2 and I have Norton internet security, and I also have Spyware Doctor, but none of these seems to find any errors, or beeing able to fix this.

I've run some programmes in order to fix this problem as adviced by you:
Kill2me was run witout any findings.
Windows update was run and updated.
Ad-Aware has been updated and ran without finding anything
SpyBoot search and destroy 1.4 has been been updated and runned without finding anything

...and now when writing this posting Norton Antivirus posted a message to me stating that it has dicovered a virus on the PC: W32.Alcra.B and the message that it cannot repair the file.


Bitfinder online scanner found: in addition to the quarantine folder for Norton int security also trojan.downloader.small.BK I've added the report as an attachement.

CWshredder did not find anything

Panda only reported this: Potentially unwanted tool:Application/Processor Not disinfected
C:\Documents and Settings\myname\Skrivebord\virusprgr\smitRem\Process.exe
Potentially unwanted tool:Application/Processor

Kaspersky online scanner found nothing.
Windows defender BETA2 did not fix the problems.
The Ewido scan was also done in normal mode after it was updated. I got a message of 4 malicious files found during the scan, but I had to stop the scan before it was finished, and when I started it from scratch after an hour it did not find anything.

Any tips in "attacking" this problem?

Please note that all the programmes was run in the normal mode since I.m not able to get mye laptop started in safe mode. After hitting F8 when rebooting I get to chooce safe mode and do so, but then the screen turns black and nothing more happends for about 30 min so I cancelled the operation. I've never previously have had any problems with this.

I've also attached the Hijackthis log after a reboot.

 

Forgot to say that I also ran CCleaner first and deleted the findings as instructed.


I ran Ewido one more time - just in case, and this time it came up with findings. Se attached log.

 

Thank you for responding to my posting/problem.

I should perhaps have informed you that I did try to empty my Norton quarantine bin, but according the instructions on your web site you have to do so in safe modus. As I stated in the first posting I'm still not able to start the laptop in safe modus. At least it must take over 1 hour. Is that normal? I tried to start the computer in safe mode before going to bed, but when I woke up this morning the computer was/had been rebooted automatically.

Your instructions for emptying the quarantine bin/Symantec instruction also indicate that you may click Norton Protected Recycle Bin....which I'm unable to find. From what I understand I'm not suppose to have this since I have XP. Maybe I'm wrong.

Is it absolute neccesary to do this in safe mode? Did not dare to do this in normal mode since this was not as instructed.

The Bitfinder log was posted in Word since I got an error message constantly when trying to add it as an attachment in the extra window which appears when trying to make attachements. I was told that "Invalid file" or something. Since I only knew the Word format I tried to save the Bitfinder log in this format before attaching it to my posting. I'm sorry about that, but it was the only solution I could think of which I was able to figure out be myself. I'll try once again.

When it comes to the Hijackthis log I'm not sure what I have been doing wrong. Could it be that I shouldn't save the HiJackThis lig on the desktop? I thought I saved BOTH where the programme wanted/suggested, AND the desktop...this only because I'm not sure where to find it otherwise. I'll try to delete the Hijackthislog-prgramme and install it once again.

Yes I do have many antimalware programmes on my desktop. I'll be more than happy to remove some of them. The only programme I have bought is Norton and Spyware doctor. I also used to have Ad-aware and SpyBoot search & destroy. All the other programmes was downloaded yesterday when I tried to get ridd of my problems. I Googled and tried to get some help before I asked for help at your forum.

I'll try to sort out all this Hijack and Bitfinderlog problem before even attempting the other instructions you gave.
I'm as you probably have figured out, not very good to this. Thank you for your patience.

 

OK - this is what I have tried:

Since I'm still not able to reboot into safe mode (after 20 attempts today) I'm still not able to empty my Norton quarantine bin. Why is it so hard to empty such a bin in the first place....should have been ONE button to push.

I tried to run Bitfinder and saved the log as an HTML.txt file. I've attched it. I guess it is a bit longer since my Norton quarantine bin is not empty. Sorry about that.
However, during the Bitfinder-run there was some warning messages from Norton that it had found virus. the name was: W32.Alcra.B

I'll try to run Hijackthislog after a reboot now. Will posting this log shortly.

 

OK - here are the Hijackthis log.

Note that I have not deleted/fixed the things in the first log since I'm not sure that it is the right thing to do....since I did most of the things wrong in the first posting.

Shall I try to fix the things you wrote...or are there other/more errors which needs to be fixed?


(Edit posting due to typing errors)

 

Well I found the same listings in the last Hijackthis log as I attached over, so I assumed you wanted me to remove/fix the same in this as in the first log. I fixed the ones you aked me to in your repons posting, and then rebooted. Attached are the new fresh log fra Hijackthis.

Does it loook OK?

 

Well I'm unable to find it.

You ask me if I have done as instructed when trying to emptying the Norton Quaraintine bin...and then you link me to Symatec web site which gives instruction in how to do this manually.
Point 1 in this instruction is to reboot into SAFE mode.....which I still am unable to. I fail to see what I have done wrong.

The Hijackthis log must be the old one...and is in the trash bin....the one uploaded/attached is from the correct place.

 

I'll try to do the restore point thing. Thanks a lot for all help :=)

 

Yes I saw that too, but I'm still unable to find this bin on my computer. I was hoping I could emptying it that easily too, but since I did not find this bin I tried the manually emptying procedure....which did not work since I was not able to get to safe mode. Where is this bin? I've searched for days now.

Big news....I'm able to get ino safe mode now....and I tried to emptying the bin manually. Everything went well untill I was told to:

At the command prompt, type the following commands (press Enter after each command):

c:
cd\
cd recycler\nprotect
del *.*
cd ..
rd nprotect

The first 2 lines/commands + enter went well, but when wrote the third line and clicked "enter" I was told that there was no such file/place on my computer..are there a printer error on the instructions?...so I'm actually still unable to emptying this bin both the easy and the manually was. Therefor I have not done the restore part either. Don't know if it is smart.

 

Well I've done this:

Removed Hijackthis from my desktop

Deleted the whole file:
C:\Documents and Settings\...\3037.exe
from my computer.

Rebooted

I did run Bitdefinder one more time in order to check that I managed to delete the file Bitdefinder was unable to delete the first time. I've attached the log. During the Bitdefinder scan I got the message from Norton that a virus called W32.Alcra.B was found several times. This is maybe because the virus is in the Norton quarantine bin which I seem unable to empty....and perhaps the reason why emptying this bin is first thing to do before dealing with malware...

When it comes to emptying the Norton Quarantine bin I still can't understand how to do it. You refer me to your previous posting no 10 and Read and run this before...point "0" but I still can't find any way of emptying this bin. I'm so far unable to find at all on my computer. I have Norton Internet security 2004 and Norton antivirus. Any idea how to find the quarantine bin?

I've also attached a fresh Hijackthis log.

I've deleted Ewido and Windows defender programmes as you suggested. I still have Spyware doctor and Norton since I've paid for these.

I've haven't done the restore point yet, since I don't know if this is a smart thing to do since I haven't been able to emptying my quarantine bin, and it seems like this is very important thing to do.
Perhaps I should wait doing the restore point untill Bitdefinder do not find anything during the scan, or I'm a wrong? From what I can se from the scan it do find some "things" in the restore point....

 

Then there must be something else serious wrong. I have no Hijack on my desktop. But the place for the file you list over is not on my desktop...its under "My documents" which is not on my desktop.... What is your definition of "Desktop"? I've always thought "Desktop" is the desktop where my IE, Outlook express icon are located. I'm 100% sure there is no Hijack this on my desktop. I had to use quite some time to find Hijack this on my computer...and finally managed to find it under "my documents" in order to attach the log in the last posting.

I'm still unsure if I should do this restore point thing??

 

OK - no hard fellings. I'm not that experieced when it comes to computers....as you already may have figured out. Not sure how to save and run the Hijackthis if it is not supposed to be saved as the computer suggest...or at the desktop. I've never saved anything other places than the computer suggest itself. Actually not sure how to do this....and stressed by the fact that I may not find/remember where I saved it afterwards.

Just another question before I do the restore point thing. I still haven't emptying the quarantine bin.....
When looking up C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine I find many "files" in this folder. Should I delet the whole folder? ...or should I delete the icons which are in this folder...? They have names like: 50155F3D, 686D7FA8 etc. There are 11 such files...and even 2 more folder under Quarantine called "Incoming" and "Portal". I'm not sure I should delete these.....?
I'm not experiencing any malware on the computer...to my knowledge though.

 

OK
Thanks a lot for the link in how to delete/empty the quarantine file. This worked out nice.
I've run Bitdefender before flushing the restore point (bitdefenderlog4 attached). Then I follwed the instruction in how to flush the restore point, and ran Bitdefender once again in order to check that everything was OK (bitdefenderlog5 attached).

From what I understand this was successful. On the final scan no problems was found.

Thank you VERY much for all help and patient.