Weird Trojan

Discussion in 'Malware Help (A Specialist Will Reply)' started by diesel1218, Dec 25, 2005.

  1. diesel1218

    diesel1218 Private E-2

    Hi I have bitdefender and it keeps finding this trojan and saying it has deleted it but it still finds it over and over. I have tried everthing please let me know what I can do. trojan.wininethook.a

    Edit by chaslang: Cleaning steps not followed. Inline log removed
     
    Last edited by a moderator: Dec 25, 2005
    diesel1218, Dec 25, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Please read and follow forum guidelines as posted in the sticky threads. HJT logs must not be posted before following cleaning procedures and when posted they must be attachments. You must also install HJT properly. Please stop using msconfig to control startups (this is covered in the HJT sticky given below). It could hide information we may need to see.


    It sounds like you may have an infected wininet.dll file. It could be due to a Smitfraud like infection. So give the steps in the below link a run first and attach the smitfiles.txt log to you next post:
    Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

    If that does not help, continue on to do all of what is covered below.

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    Download HOSTER and then follow the below steps.
    • Unzip Hoster to a convenient folder such as C:\Hoster
    • Run Hoster.exe, click Restore Original Hosts and then click OK.
    • Click the X to exit the program
    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis

    .
     
    chaslang, Dec 25, 2005
    #2
  3. diesel1218

    diesel1218 Private E-2

    It seems the smitfraud worked, I did not know you had to run it in safemode.

    Edit by chaslang: Inline smitfiles.txt attached
     

    Attached Files:

    Last edited by a moderator: Dec 25, 2005
    diesel1218, Dec 25, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Almost everytool is better off running in safe mode. Please attach logs from now on. Do not post them inline with your messages.

    You should run Hoster and you should also fix the below:
    R3 - URLSearchHook: (no name) - _{F08555B0-9CC3-11D2-AA8E-000000000000} - (no file)
    O1 - Hosts: comments (such as these) may be inserted on individual
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) <--- actually look for Weatherbug in Add/Remove programs and uninstall if found
     
    chaslang, Dec 25, 2005
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds