Help Please Trojan

RussJK

Cheers for that, looks a lot better. How did you go with the full Malwarebytes scan that you said you were running? If you haven't already started it, try these quicker steps first

1. Can you confirm that C:\Windows\system32\DllHost.exe has been deleted?
2. Try HitmanPro again now that you are in normal mode
3. Try Tdsskiller again, usually only malware prevents it running
4. Try aswMBR again, shouldn't reboot

vanilla

The Malwarebytes scan was started half an hour ago.
Glad it's looking better because i wouldn't have a clue.:o
C:\Windows\system32\DllHost.exe has been deleted.

I'll post the log when Malwarebytes is finished..

GunJack

RussJK wrote: »

That's a long full scan

mbam full scans can easily take an hour and a half, depending on what hardware the pc is and how much stuff is on the hdd...... patience russ


On a more serious note, this one is a clear candidate for running combofix probably as a belt'n'braces measure this far through the cleanup, and possibly should have been run earlier (would have advised as such if I'd had the chance....kids, eh ??)

Also, I'd be inclined to ditch mcrapafee and use avira or avast

RussJK

I'd first rather see if tdsskiller and aswMBR are working now that the worm has been removed. It was probably the worm causing the startup problem. You'll notice in the other thread that Combofix was prevented from completing it's task, so definitely not a cure all.

Can get to Mcafee and general cleanup later on... only just gotten it to boot in normal mode, patience gunjack

Longest Malwarebytes scan I've seen was 1hr 57 minutes, don't doubt it can be even longer. Takes 15 times longer on my laptop to do a full scan than a quick scan

GunJack

Russ, personally I would've used cf on this earlier as it can often pick up rootkits and reboot and restart the pc to remove them as part of the scan. It's often quicker and also if it won't operate another good indicator of more deep-rooted problems. Soz, missed t'other thread, not had much chance to hang in here last few days...

GunJack

RussJK wrote: »

Edit: I won't be on so much either for the next week or so, on my way to Wales

y'll have to pop in for coffee

debitcardmayhem

How do you get two whales in a mini, down the M4 and over the bridge, spelling is no better than my old jokes. Look on the bright side Russ there's no toll to get back to the civilised world :beer:

RussJK

debitcardmayhem wrote: »

How do you get two whales in a mini, down the M4 and over the bridge, spelling is no better than my old jokes. Look on the bright side Russ there's no toll to get back to the civilised world :beer:

That's bad even for you

vanilla

Sorry scan took an hour and a half....new log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6772
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
04/06/2011 23:35:18
mbam-log-2011-06-04 (23-35-18).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 306820
Time elapsed: 1 hour(s), 23 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Hitmanpro is clear.
Avast is fine too.
Nothing happens when i try to download Tdsskiller.

Thanks again for all the help...

RussJK

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Afterwards make gunjack happy and run Combofix. Read the instructions, you'll need to disable McAfee or it can't run properly:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I'm travelling soon so won't be able to help except maybe in the evening. Good luck!