Trojan 167.A Removal

Status
Not open for further replies.
Bumblebee Tuna

Bumblebee Tuna

In Runtime
Messages
213
Does anyone know how to remove the 167.A Trojan. I've used Trendmicro in safe mode, and they've detected it, but it cannot be removed because it is use. Trend recomends removing it in safe mode, but it's impossible for me to do it in safe mode when I tried. Any suggestions, or are there removal tools out there for it?
 
Bumblebee Tuna,
Welcome to TF and i'm sorry to hear about your situation. Things are quite busy right now and we are working hard to get everyone fixed. Please be patient while we work on these issues.
in the meantime please do the following in preperation.

disable system restore.

For Windows XP

Log on as Administrator.
Right-click the My Computer icon on the desktop and click Properties.
Click the System Restore tab.
Select Turn off System Restore.
Click Apply > Yes > OK.
Continue with the scan/clean process. Files under the _Restore folder (if detected) can now be cleaned using the tools listed below.
Re-enable System Restore by clearing Turn off System Restore. (Don't put system restore on until you are completely clean.)

Panda's Active Scan: http://www.pandasoftware.com/products/activescan/
-scroll to the bottom of the page and click 'use active scan'
-click 'scan your pc'
-suggested read 'conditions of use' and click 'next'
-enter your e-mail and click 'send' (I have used this scan several times and never gotten an email in return)
-enter your country and state and click 'start'
-when prompted for the install and run click 'yes'
-'tick' all boxes under 'scan options'
-click 'All My Computer' under the icon to begin scan
-when scan ends, close the popup window and click 'see report'
-click 'ok' on VBScript prompt
-click on 'save report'
-if currently or soon to be looking for assistance, please paste those saved results in a reply for the person(s) helping you.

Symantec's Security Check: http://security.symantec.com/ssc/home.asp?...TGUSDJNRNJWDJZD
-click 'scan for viruses'
-click 'yes' to the install and run prompt(s)...should be 3 the first time you visit
-manually delete files that are found using the scan (from safe mode if need be)
-if you would like help, highlite and copy/paste your finds in your thread or start a new thread IF you don't already have one started.

as these may take quite a while, be sure you have the time to do this...

then go to http://www.kbdigisol.com/ and follow the instructions to post your HijackThis log for review.

thanks,
~KB
 
Thanks for the tip. I forgot about turning off system restore. *Note to self* lol. The thing is, I scanned with Panda, but it doesn't see it. I don't trust symantec, period. Trendmicro is the only one who sees it. I will be using hijack this, but I'm still on baby steps when it comes to that program. Thanks for the help, I really appreciate it. :)
 
i would suggest, for safety sake that you allow us to help you with this Hijackthis log. it is up to you, but removing or fixing the wrong entry may cause seriouse sytem damage and could lead to possibly having to reformat and rebuild the system. and i'd hate to see that happen. in any case, good luck and we're more than happy to help any way we can.

by the way, curiosity has become me... why don't you trust symantec?
~KB
 
Hijack this log Help please

Hey everyone, what do you think should be deleted?

Logfile of HijackThis v1.98.2
Scan saved at 8:05:51 PM, on 24/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\DLoads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-3L7AV.exe /REG
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
 
I posted the Hijackthis log, "Hijack this log Help please" in that section. Any help would be great. P.S. The actual virus wasn't in the restore area. But I was able to delete it manually.
 
Bumblebee Tuna, I merged your threads cause one contained info that the HiJack log thread didn't and we needed that info. Liz
 
Bumblebee tuna,
does this pc still need work or is this one covered in the other two threads?
 
I don't trust symantec as far as I can kick it ;) Miss too many viruses. too many viruses designed to attack Norton. There are far better virus protection tools out there then symantec. That's just my opinion :).

oh, and I'm ok with this PC, so were good to go for it.
 
Status
Not open for further replies.

Similar threads

O
hello & mostly clueless & would appreciate mac security help after trojan attack!
Replies
0
Views
928
once2023
O
G
Outlook 365 Win 11 Items not showing
Replies
3
Views
559
ShayWacky
ShayWacky
P
ComboFix Replacement
Replies
5
Views
515
PC_Cone
P
S
Dell trys to boot then just Dell logo
Replies
9
Views
342
stevethebrain
S
R
gigabyte GA-H170M-D3H boot loop power issues , and no display
Replies
5
Views
1K
ripo66
R
Back
Top Bottom