Hiloti Trojan

siamese0109

Hi
I seem to have picked up Trojan Hiloti on my computer. I've run Malwarebytes anti malware twice now and have clicked to get rid of it but when I reboot it's still there. I'm running XP on this computer. Can anyone help with a way to get rid of the trojan please......

The_Grandmaster

can you post the malwarebytes log?

aerostar

Run the program in Safemode ,keep tapping the F8 key on starting computer, select safemode and then run MBAM.

As well download Superantispyware and run that.

Run the programs in SAFE MODE.

siamese0109

Actually I was just popping back in to say that Avast (better late than never!) has popped up to say it has found a threat and deleted it and after a re-boot it seems to be clear The dodgy screen and extra icon at the bottom have disappeared anyway! Am I ok just to leave it now or is it worth looking at the log anyway?
Thanks for replying

The_Grandmaster

May be worth updating malwarebytes definitions, rescanning (full scan) and posting log. Would know for certain that your computer is clean.

Browntoa

mbam should not be run in safe mode

siamese0109

Thanks Grandmaster - I'll do that but from past experience it may take some time!
Browntoa - Safe mode was the only way I could run MBAM initially. The Trojan completely took over and stopped me using anything!

siamese0109

Crikey - that took some doing & found 3 more problems! Here's a copyof the log:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5350
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
18/12/2010 22:53:12
mbam-log-2010-12-18 (22-53-12).txt
Scan type: Full scan (C:\|)
Objects scanned: 267774
Time elapsed: 2 hour(s), 48 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{ba60118a-6d48-4041-a957-b8ed25657821}\rp1866\a0612534.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ba60118a-6d48-4041-a957-b8ed25657821}\rp1866\a0612553.exe (Rogue.SystemTool) -> Quarantined and deleted successfully.
c:\documents and settings\Mark\application data\Adobe\plugs\kb11764671.exe (Trojan.Agent) -> Quarantined and deleted successfully.

The_Grandmaster

Good to see malwarebytes finding things.

Download and run the program (by hitting the top button after installed):
Download HijackThis 2.0.4 - FileHippo.com
and post log here (takes seconds).

Will have a look at that and after that you may need to run combofix - but you will have to ask alienRIK for advise on that as he's the one who can read the logs.

siamese0109

Re-started as requested by MBAM but now won't connect to internet and something has disabled Avast! I need to go to bed now so I'll try again in the morning! Any suggestions if I still can't get anything working in the morning? Thanks for the input so far - it's appreciated!

The_Grandmaster

When you switch your computer again and problem persists, start your computer in safe mode with networking - you need to press F8 or F10 when the computer turns on. Then try the above link.

Also I may be tempted to update definitions and rerun malwarebytes.