Win32.qhost. LOGS Please help.

Hi,

In the very least I had a trojan called Win32.qhost. I went through the steps at "READ & RUN ME FIRST Before Asking for Support" that is posted in this forum and Below I will post the LOGS I came up with. I need to know if it looks like I did this all correctly, if my computer looks clean, and what else I can do if it is not. I really do not know too much about any of this so I really am grateful for your help and your time.

Thank you,

Eric

 

more LOGS:

 

I do not think I have fixed anything. One of the problems I have is that I am being redirected to websites I am not intending to go to. This is one of the noticible problems I have come across. What else should I look for?

Thanks,

Eric

 

The trojan is in :

hkey_local_machine \software\microsoft\windows\currentversion\ruins

Myabe this will shed more light onto the problem.

 

First, let's get the Wareout removed and then we will deal with whats left. Please see the site WareOut Removal

Once you have complete the article above, fix the below entries with HJT. Then reboot and attach a fresh HJT log.

 

first, thank you for the response, i really appreciate it.

ok, here is my log from fixwareout. i wil post the hijack log in the next message.

about the fixwareout... should i reset my internet protocol properties back from "obtain DNS automatically " to "use the following DNS..." ?

 

and here is the new hijack log.

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O4 - HKCU\..\Run: [WinMedia] C:\361101032251719933.exe

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Yahoo!\YPSR\Quarantine ← Delete this whole folder if it exist!

C:\361101032251719933.exe

C:\WINDOWS\system32\dmrcf.exe

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

If you use a specified DNS then yes, if you do not then I would leave it at obtain automatically.

 

OK, here is the latest Hijackthis Log.
After ccleaner and the system restore flush in safe mode, I ran Hijack in nomral boot made. Is this what I should have done? Will it make a large difference at this point?

Anyway here is the log.

 

Your log looks good, you now must update to Service Pack 2. You are wide open to infection so this update must be installed.

Download the following package, please note its 266 MB and may take about 15 minutes on Cable/DSL.

Windows XP Service Pack 2

After download is complete, double click to install.

 

BJGarrick,

I have had problems installing the XP service pack. I need to validate my software I think then it should install ( iget an error that mentions the validation key.) Other then that everything seems to be back in order. If there is anything else I must do let me know.

Other then that, let me tell you again that I really appreciate your help and consideration.

All the best,

Eric

 

If you can't update due to invalid license you need to contact MS and get a valid copy of WinXP so you can get updated. Without this update you WILL get infected again because your wide open to infection. You have no protection without at least SP1.

You should see this article on How to Protect yourself from malware!