Trying to get rid of Trojan.ByteVerify

I ran Symantec (detected and deleted byteverify) and Spybot Search and Destroy. I got rid of Internet Explorer (use Mozilla) with IEradicator. I then ran the Trendmicrohouse Java Scan (nothing detected).

I have a HiJackThis log. There are 2 rundll.exe programs running. Let me know if I should post the log.

 

...and I have Windows Me

 

Here is my log. Thanks for the help!

Logfile of HijackThis v1.97.7
Scan saved at 2:29:33 PM, on 1/31/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Unable to get Internet Explorer version!

Edit by chaslang: Unrequested, inline, very old HJT version log deleted. Please follow forum guidelines. Read the sticky threads.

 

Welcome

The inline log will probably be deleted. Do the tutorial and then please wait to be asked to submit HJT. Your HJT is out of date and you will need to look at the tutorual for HJT when asked. You must place it in it's own folder not from desktop or temporary folders. All browsers should be closed also.

This site has alot of good tools for cleaning up your computer. It's very important that the first thing you do is the following:

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

Try this... you may find it's all you need. If not post your results and I am sure one of the PROS can help you. These guys are quite busy, as you can see by the number of posts, so hang in there. Good Luck!!

TheOldThug

 

Thank you for your help - I appreciate it.

I did everything again as close as I could to what the instructions say. I wasn't able to run anything in safe mode as it didn't give me the option to safe mode with networking - so I did it in normal mode.

Using the update patch to Spybot I found DSO exploit and Spybot said it fixed it. I ran all other programs you mentioned (including Spybot again) and nothing came up after that. I ran a log on an updated HijackThis and saved it. From the little I understand of all this it seems like SPybot has disabled bad stuff but the stuff is still in my computer. Can it be removed? Let me know if I should submit the log.

Again, thanks a lot for your help.

 

Thank you, Chaslang. I followed the guidelines. Here is my log. From the information you gave me, I didn't find any line on the log that seemed bad. But it would be great to know for sure.

Appreciate the help.

 

Thanks, Chaslang. I had SpywareDoctor before. I will fix it with HiJackThis as you said.

I did have several programs disabled by msconfig. Here is a list of them (with name in parenthesis):

- C:\WINDOWS\SYSTEM\bpcpost.exe (bpcpost.exe)
- C:\WINDOWS\taskmon.exe (taskmonitor)
- C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s (PCHealth)
- C:\WINDOWS\SYSTEM\MDM.exe (Machine Debug Manager)
- "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (TkBellExe)
- C:\WINDOWS\SYSTEM\STIMON.exe (StillImageMonitor)
- mstask.exe (Scheduling Agent)
- ati2plxx.exe (ATIPOLAB)
- \annclist.exe (Announcements)
- \vidsvr.exe /Automation (VidSvr)
- c:\PROGRA~1\SYMANT~1\SYMANT~1rtvscn95.exe (rtvscn95)
- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Picture Package VCD Maker)
- C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Picture Package Menu)
- C:\PROGRAM~1\WINDOW~3\ENCODER\WMENCAGT.EXE (Encoder Agent)
- C:\PROGRAM~1\WINZIP\WZQKPICK.EXE (WinZip Quick Pick)

Where the last 4 on the list are loaded from Startup and all prior ones from Registry.

I don't have any apparent problems at this point. I would like to be sure.

Thanks.

 

Thanks, chaslang and star17. So, should I use HiJackThis to get rid of TKBell.exe and the 4 unnecessary start-up programs? What do you suggest I do with the others?