WindUpdate - Trojan

Hi all,

I'm a little unclear about the instructions for posting a HJT log. Am I supposed to do my own analysis first, and then post a new log(after running the suggested programs in safe mode/disabling system restore)?

The HJT Tutorial threw me off. I'm not sure if the purpose of the tutorial is to instruct me on how to do my own analysis before posting.

I was looking through the history of Windows Defender on my roommates computer, and it detected "WindUpdates": Failed to Remove. Please keep in mind that the "search" function is not working now as well. The trojan was detected before, and after a HJT log analysis on another forum.

It is located in two places, but I can't delete them.
1. C:\_Restore\Archive\FS2229.cab > A0218284.CPY > CABSfx >\Disk1\data1.cab > (ishld #0010)
* All that I could find is C:\_Restore\Archive\FS2229.cab > A0218284.CPY. I don't know what the rest is referring to. The file path that I did locate only gives the option to copy or extract.

2. C:\_Restore\Archive\FS2231.cab > A0218378.cpy.
* Same problem deleting this as well.

I'm in the process of running all required anti-malware/virus programs in Safe Mode with System Restore Off. So far the Trojan hasn't been detected.

All help is greatly appreciated. Thanks much!
Windows XP Pro SP2

Usual Programs Used
FF
ewido
dsostop2
cwshredder
eTrust
Spybot
Adaware
HJT
Windows Defender
Erunt
spywareblaster
router firewall

 

Welcome to MajorGeeks.com, please follow the steps below:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

http://www.majorgeeks.com/images/grenade.gif When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

 

Hello. I'm having a problem. I have gotten all the way to the Panda Active Scan, but I can't get the scanning to work.

I checked to allow downloads, and activex. I changed security setting to medium. Is there something that I'm doing wrong? I have tried 4 times now, but it keeps giving me an error.

Thank you for your time.

 

I'm sorry...I know that you're busy, but I have one more question about the steps.

"Physically unplug your cable to the internet (even if you have dial-up, unplug modem)"

My computer is on a network. Do I need to disconnect the hub? If so, then I will begin again.

Thank you for your help.

 

Yes, I meant the router. This computer uses a wireless card to access the router (the router is connected to another computer). Maybe there is a way to disable the wireless card without removing it?

Thank you so much. : )

 

Thank you for helping me. I will begin the steps again, and come back later.