TheTechGuide Forum
General Category => Tech Clinic => Topic started by: ryandaniels on April 27, 2005, 08:30:32 PM
-
Hey guys... I think I have a virus called the Trojan.Alwayup virus... I ran HiJackThis..and this is my log file below..can anyone tell me what to remove?
Logfile of HijackThis v1.99.1
Scan saved at 5:36:01 PM, on 4/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\thdve\oubvauy.exe
C:\WINDOWS\System32\xnop\dwpnacc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\WINDOWS\System32\wbke\hfkswh.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\CashBack\bin\cashback.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\WINDOWS\System32\krqgs\opre.exe
C:\WINDOWS\System32\dubb\mfjsldme.exe
C:\WINDOWS\System32\rfebf\klxq.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\picsvr\picsvr.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ippc32gt.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\System32\ap9h4qmo.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\system\tqgpmnp.exe
c:\windows\system32\qsfpzi.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\kbdcr.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINDOWS\System32\imgc3260.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\AdsGone\adsgone.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\CxtPls\CxtPls.exe
c:\PROGRA~1\Toolbar\radio.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Documents and Settings\RyanD\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50221 (http://\"http://www.websearch.com/ie.aspx?tb_id=50221\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/ (http://\"http://toshibadirect.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50221 (http://\"http://www.websearch.com/ie.aspx?tb_id=50221\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50221 (http://\"http://www.websearch.com/ie.aspx?tb_id=50221\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsq34.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighterScanner.exe" monitor
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [ubbnifb] c:\windows\system32\ubbnifb.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [audarp] C:\WINDOWS\System32\mygeoyk\audarp.exe
O4 - HKLM\..\Run: [rlsiw] C:\WINDOWS\System32\vhjut\rlsiw.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [ogkh] C:\WINDOWS\System32\wmhg\ogkh.exe
O4 - HKLM\..\Run: [anjyqry] C:\WINDOWS\System32\ifdp\anjyqry.exe
O4 - HKLM\..\Run: [mbhcxkuc] C:\WINDOWS\System32\xxrjqpup\mbhcxkuc.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyit32.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [mfjsldme] C:\WINDOWS\System32\dubb\mfjsldme.exe
O4 - HKLM\..\Run: [pjkkiat] C:\WINDOWS\System32\rfkbq\pjkkiat.exe
O4 - HKLM\..\Run: [dwpnacc] C:\WINDOWS\System32\xnop\dwpnacc.exe
O4 - HKLM\..\Run: [hfkswh] C:\WINDOWS\System32\wbke\hfkswh.exe
O4 - HKLM\..\Run: [opre] C:\WINDOWS\System32\krqgs\opre.exe
O4 - HKLM\..\Run: [oubvauy] C:\WINDOWS\System32\thdve\oubvauy.exe
O4 - HKLM\..\Run: [klxq] C:\WINDOWS\System32\rfebf\klxq.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\nhhyrpvp.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\RyanD\LOCALS~1\Temp\tepc.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [sFEQ3Fe] ippc32gt.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [grtyyk] c:\windows\system32\qsfpzi.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [kbdcr] C:\WINDOWS\System32\kbdcr.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [dox4RPKsX] imgc3260.exe
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{82CDC901-CD1D-40FA-BEBB-1265A583AFB5}: NameServer = 128.118.25.3,130.203.1.4
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: mfjsldmedubb - Unknown owner - C:\WINDOWS\System32\dubb\mfjsldme.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: oprekrqgs - Unknown owner - C:\WINDOWS\System32\krqgs\opre.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
-
You have a few problems on your computer, but let's get some cleaning done and see how your log looks afterwards, try and run all of what I supplied
Most don't take that long to run and all are free
First
Access your Add/Remove programs and remove if found
WebSearch Toolbar
WebSearch Tools
Search Assistant
Win-Tools Easy Installer
# Do not reboot until they have all been removed even if prompted.
# When you are uninstalling the last program you can then reboot when prompted
Back in Windows
Go back to Add/Remove programs and remove if you can and if found
BullsEye Network
CashBack
NaviSearch
Web_Rebates
Delphin viewer
Viewpoint <Both instances
Restart your computer again after removal
Go back to Add/Remove programs and remove if found
ezula
Web Offer
Again, Restart the computer
You may have to try removal in Safe mode for some
After that is done
Time to run some tools on your computer
Download and save too Desktop
FixAprop.exe (http://\"http://securityresponse.symantec.com/avcenter/FixAprop.exe\")
by Symantec's
Close out all windows and run the removal tool
Let it finish scanning your drive
After it's done, save the log if that option is available
Restart the computer afterwards
Back in Windows
==Download Removal.zip, unzip the contents to desktop so you now have removal.bat on your desktop
We'll need this in a bit
[attachment=177:attachment]
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Give the link time to load or try it twice, it may be busy
Install for now, don't run a scan yet
==Download and then Install
Ewido Trojan Scanner (http://\"http://www.ewido.net/en/download/\")
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We'll fix that later
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido
We'll need it later
Print these instructions or save them too a notepad file on the desktop
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, after the single post beep, or use the link
I supplied for a more detailed explanation
==Go to START>>>RUN>>>type in services.msc
and hit Enter
In the next window, look on the right hand side for this service
name---- System Startup Service
Double click on it--- STOP the service-- If running
In the drop down menu, change the startup type to Disabled
==Double click on removal.bat
A dos window will open and close quickly, this is normal
==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
DECLINE to Log off when scan is done
==Open Ewido trojan scanner
Click on the Scanner button in the left menu, then click on the Start button. This scan can take a while, so give it time to run
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file.
Save the report
Restart back to Normal mode
Download and Install the free version of Ad-Aware SE Personal 1.05 (http://\"http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5\")
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
RESTART your computer to finish the cleaning process
Back in Windows
Download and Install Spybot S&D 1.3 (http://\"http://www.download.com/3000-8022-10122137.html\")
After installation--Click the Update button on the left
and then SEARCH FOR UPDATES
Check and download all updates
Afterwards, click the Search & Destroy button on the left
Then Check for Problems on the right
Let it finish scanning>>>FIX all selected problems>>everything in RED
Restart the computer again to finish the cleaning process
Please download Find_Its.zip from the link below
http://forums.net-integration.net/index.ph...=post&id=142443 (http://\"http://forums.net-integration.net/index.php?act=Attach&type=post&id=142443\")
UNZIP the contents to desktop
Open the FindIt's folder and double click on the FindIt's.bat
Wait for the log and post it back here
Along with a fresh Hijackthis log and the report from Ewido's trojan scan
If fixApropos supplied a log can you post that too
Try and do all supplied above and then post back all the required logs
If you can't do something, skip that part and proceed to the next set of instructions
-
I am also suffering from trojan.alwayup, I am not that much computer literate, please help me out. I tried to remove it, I am not sure what happened.
-
Locking this topic as the original poster has not returned
All others, please register and start your own post