Really annoying trojan horse.

[October16th]

I have windows vista 32 bit and vista is very gay at times, alot of the times on vista i get a "internet explorer has stoped working" then it restarts my whole freaking screen and all the icons refresh and it's better. but i got a virus i guess that makes that message show up again and again, it just won't stop. now i have to run my computer in safe mode to get away from it. could anyone recomend a really good free trojan horse remover program? i have avast right now and it sucks balls.

[agent17]

Did you try doing a system restore?

[October16th]

Did you try doing a system restore?

yeah.

[ILovePolarBears]

Try the free version of AVG.

 

You might also try running HijackThis. This application will detect everything running that isn't stock, as well as possibly malicious changes to registry settings, browser settings, etc. It will detect things that are not a threat, so if you are not intimately familiar with your system and what should and should not be running, try pasting the log it generates into this online tool for analysis.

 

The nastiest Trojans sometimes require applications built to remove the specific threat. But either AVG or HijackThis will identify the problem if not destroy it outright. If neither program can remove it, you can usually google the trojan's name to find a program to remove it.

[Picolini]

Offtopic, but that username must bring up some bad memories, huh

 

On topic, I've had a virus that I just couldn't seem to get rid of. The amount of work it would have taken to get rid of it wasn't work my time or effort, so I just reinstalled my OS.

 

Also, I'd really suggest using FireFox instead of Internet Explorer, it's SO much better, in every single way.

[anus]

I recommend downloading Avira AntiVir and Spybot S&D (it detects some trojans) and the previously mentioned HijackThis.

 

After downloading them and updating all of them, boot up your PC into safe mode (tap F8 when the PC is starting up) and select 'safe mode', then scan using the programs one by one, I recommend running AntiVir first, Spybot next and lastly HijackThis.

 

I'm pretty sure this will get rid of your trojan since AntiVir is an excellent antivirus program.

 

I also advise you to stay away from Internet Explorer, use either Firefox or Opera. Opera is the safer of the two, but they're both much safer than Internet Explorer.

[October16th]

Ok thanks everyone for the help, im going to run somne scans today and see if this works.

[October16th]

nothing worked, anyone have anymore ideas?

[Democrab]

Get HiJackThis as posted before, and post your log, we'll get you a program to remove said trojan/virus.

[October16th]

 

Get HiJackThis as posted before, and post your log, we'll get you a program to remove said trojan/virus.

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\hphmon06.exe

C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\HP\KBD\KBD.EXE

C:\Windows\SOUNDMAN.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe

C:\Windows\system32\Taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\Torrent101\TorrentManager.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HPHmon06] C:\Windows\System32\hphmon06.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PS2] C:\Windows\system32\ps2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [PhanTim30] "C:\Users\HP_Administrator\Desktop\GTA Countdown\Grand Theft Auto Countdown.exe" 0

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')

O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')

O4 - HKUS\S-1-5-21-3336662824-845412628-1084840055-1008\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')

O4 - HKUS\S-1-5-21-3336662824-845412628-1084840055-1008\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')

O4 - HKUS\S-1-5-21-3336662824-845412628-1084840055-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')

O4 - HKUS\S-1-5-21-3336662824-845412628-1084840055-1008\..\Run: [PhanTim30] "C:\Users\HP_Administrator\Desktop\GTA Countdown\Grand Theft Auto Countdown.exe" 0 (User '?')

O4 - HKUS\S-1-5-21-3336662824-845412628-1084840055-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/windowsupdate/...b?1162844720875

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

[Democrab]

Hmmn, it seems that all of those are fine, except "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe" which it says

 

Possibly nasty! According to our database this process runs normally in c:\programme\antivir personaledition.*\! Check if you know this process and arrange a viruscheck where required. AntiVir PersonalEdition

 

But I doubt thats it, as Warlord got you to Download that...

 

Maybe its a driver problem? I know my old Vista install on an nVidia card did the same thing, but you have an ATI card... Try updating your drivers.

[anus]

Nah that's not it, that process is fine. It's the AntiVir Control Center which is a part of AntiVir .

 

But if all those scans yeilded no results, it's most probably not an infection, it's probably another one of Vista's bugs.

 

Oh and are you sure it's 'Internet Explorer stopped working' and not 'Explorer.exe has stopped working'? Usually, IE stopping wouldn't cause that kind of behaviour, it seems like it's explorer.exe having a problem and restarting (which causes all your icons to be refreshed and all). Check and let us know ,

 

 

[October16th]

Nah that's not it, that process is fine. It's the AntiVir Control Center which is a part of AntiVir .

 

But if all those scans yeilded no results, it's most probably not an infection, it's probably another one of Vista's bugs.

 

Oh and are you sure it's 'Internet Explorer stopped working' and not 'Explorer.exe has stopped working'? Usually, IE stopping wouldn't cause that kind of behaviour, it seems like it's explorer.exe having a problem and restarting (which causes all your icons to be refreshed and all). Check and let us know ,

Oh crap, yeah it's explore has stopped working lol, whoops. and i know it's a virus, im positive. i just can't find anything to detect it. i read about this problem and google but nothing is working.

[Democrab]

It sounds like either that, or the drivers are crashing, my nVidia drivers did that in Vista, and it caused the same thing to happen, but I'd get a message saying that a .dll used by the drivers stopped responding.

[anus]

Of the results you got in Google, did anyone mention it's some sort of infection? If they did, you'll probably find a tool to fix it there.

 

But still, explorer.exe can crash due to many many reasons, so the results you find on Google may not be the exact problem you're facing.

 

Try what Joe said. It might be a driver issue, try getting the latest drivers for all your components (chipsets, video, sound, motherboard and all other components).

 

You know, it might just be that your OS is f*cked, if you can backup your stuff and have the Vista disc, a format and clean install should fix it.

 

You'll spend less time if you do a format and clean install of Vista than if you look around for solutions to the problem I guess.

[matthew1g]

have you cleaned up your registry with something such as CCleaner lately? because on MY vista, everytime I clean up my registry with that application.. which is supposed to be fully operational with vista, my explorer and IE stop working and crash most of the time, making me revert back to a restore point.

[October16th]

i have a nvidia card, and how do i update all my drivers? and i can't system restore, last date on it was the 6th, i lost my vista disk and no i did not use ccleaner. there has to be a fix to this.

[Democrab]

From the looks of it, you either have a ATI chipset, or have ATI drivers as well as the nVidia ones, cuz of these two entries.

 

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

 

Can you link your PC, I think its a HP from some of the programs, but can you link it so we can tell you everything.

[October16th]

well i still have this problem and im out of ideas. i do not know what to do, i tried reading a bunch of stuff on google about this and nothing seems to work. god damnit.

[October16th]

i did it, i was about to just say f*ck it to my computer and give up and wait in a corner for gta iv but i did a little more looking around and found out that if you make a new user account it resets files or something so i made a new one and my computer is fixed... such a easy fix... and it was a type of trojan horse or something that messed with files on my computer to mess up my windows explorer, im just glad that it's over.