Trojan Horse Problem on PC Help!

aliEnRIK

Im unsure why you couldnt goto the link yourself but heres a pic ~

Your supposed to click ON 'DOWNLOAD LATEST VERSION'

jellyspots

Hi yes have done that thanks now it's scanning everything so may take a while to do this

jellyspots

Okay
Have done the first one
It's a bit long!

Malwarebytes' Anti-Malware 1.41
Database version: 3097
Windows 5.1.2600 Service Pack 2 (Safe Mode)
03/11/2009 23:31:28
mbam-log-2009-11-03 (23-31-28).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 237165
Time elapsed: 31 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 5
Registry Data Items Infected: 4
Folders Infected: 3
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\{65de966d-11d1-4bb1-bf7e-b8a273514daf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bpdl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\clbdriver (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dngpfw (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: kbncdapr.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
Files Infected:
C:\WINDOWS\kbnCDApr.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Ave\Local Settings\Application Data\dngpfw_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ave\Local Settings\Application Data\dngpfw_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ave\Local Settings\Application Data\dngpfw.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ave\Local Settings\Application Data\dngpfw.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ave\l (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\B20.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyCleaner\PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyCleaner\Uninstall PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.

jellyspots

arhhh I have gone into the second one and it says it's downloading and then it goes into another page and I can't find where it says san!!
Any ideas

GunJack

hang on jelly...did you reboot after the MBAM scan to fix the last bits in that ??

if so, okay, are you trying to find the scan button in HiJack This ?? If so, you want to Do a Scan and Save A Logfile on the opening page

jellyspots

I mean scan
My typing is so so bad!
It's gone into the filehippo.com page
where it says laterst updates and the other box next to it saysMost popular downloads. Further on down the page it says anti spyware and it's got the hijackthis on there do do I click on that one too??
Sorry to be such a pain but i don't have a clue what I am doing but seem to be getting there with your help

GunJack

go to this page:-

http://www.filehippo.com/download_hijackthis/

then as with MBAM, Download latest version at the green arrow towards the top-right...download & install& run, the scan only takes seconds, then post the log - DON'T tick anything to fix yet

jellyspots

Hi
Yep i restared the computer and then went into the second one hijack this but it just has the green tick and download latest version which I clicked on it
It then said downloading
What happens next as there seems to be no box with scan in Doh!

jellyspots

GunJack wrote: »

hang on jelly...did you reboot after the MBAM scan to fix the last bits in that ??

if so, okay, are you trying to find the scan button in HiJack This ?? If so, you want to Do a Scan and Save A Logfile on the opening page

Can't see this on the page!

GunJack

right, go back to the link I posted, hit download latest version, when you get the dialog box with the choice to run/save/open, click run, then it'll install and leave you a shortcut on your desktop. Double-click the shortcut and the prog will run, then you'll see the screen with the scan options on it