unknown trojan on Pestpatrol problem, hijackthis

You need to follow some guidelines. HijackThis is the last step not the first. See the stickies on the main page of the Spyware Forum.

Please follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal > If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

NOTE: Per the tutorial in this Sticky thread < Hijack This Tutorial And How To Post Your Log File > your log file file has been removed.

Update! Due to Hijack This logs destroying search engine and web site searches, we now ask you do not post your Hijack This log file unless requested by us. It is for advanced users, so if you do not understand how to use it, you do not need it....yet. Instead, please tell us in your post what symptoms you are experiencing so we can try and resolve it that way. When, and if, we ask you to post your log file, please attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!

Do not to install Hijack This to the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT



Make sure you have the proper versions for each program! Your HijackThis is out of date. It would also be more useful if you told us exactly what file it is that you are trying to delete.

 

So are you running the stuff from the links I gave to you?

 

Do you see this process running:
SDJOIJE.EXE

Use Task Manager to look for it.

 

I believe you have this Trojan: http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dr.html

Get the current HijackThis program and post (as an attachment) your full HJT log.

Did you run the online scans (TrendMicro and PandaSoftware)?

Give these to items a run too while waiting for me to look at your log:
http://www.trojanscan.com/
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Let me know if they find anything.

 

You must save the file as a .txt file or rename it to a .txt file. Then upload it.

 

Do you use AIM?
If so, exactly where did you download it from? It appears to be the problem?

 

Hmmm! Maybe there are two AIM's on your computer. A valid one and a bad one.

Try this:

- Make sure you do not have the real AIM running
- run HijackThis and have it fix these lines:

O4 - HKLM\..\Run: [Winsock2 driver] AIM.EXE
O4 - HKCU\..\RunOnce: [Winsock2 driver] AIM.EXE
​

Now boot in safe mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam
Enable viewing of hidden files and folders: http://forums.majorgeeks.com/showthread.php?t=37650

Now use Windows Explorer to locate and delete:
C:\WINDOWS\System32\AIM.EXE

Now reboot normal and tell me how things are working.

 

Were you able to delete the c:\windows\system32\aim.exe file or did you get an error?

Also have HijackThis fix these lines:
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {11113111-1411-1611-8111-111111111413} - mhtml:file://c:\nul.mht!http://www.capital-systems.net//browser.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

Then give me a new HJT log attachment.

 

Yes, have HijackThis fix the O16 lines.

Have you rebooted a couple time to make sure the bogus AIM.EXE is really gone?

 

No problem! Happy surfing!