Jump to content

Build Theme!
  • Infected?


Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92031 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Trojan keeps remaking itself

  • This topic is locked This topic is locked
1 reply to this topic

#1 S_TiZzL3


    New Member

  • New Member
  • Pip
  • 4 posts

Posted 22 April 2008 - 01:17 PM

i recently got this computer (2months ago) and had no trouble with it until i got careless and downloaded a keygen (i kno shame on me) neways low and behold i got a tojandownloader...i cant open internet explorer without getting massive popups even with a popup blocker i often get spyware warnings and windows trys to install programs without my consent ive read there prolly rogues or rogue spyware so i downloaded RogueRemover...ive also ran AVG/Spybot/ZoneAlarm/Smitfraudfix and they find the virus/trojan and delete it but within 5 mins its back again downloading spyware into my pc....heres my HijackThis log someone plzzz help =( Logfile of HijackThis v1.99.1 Scan saved at 8:41:48 PM, on 4/21/2008 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\ProgramData\jorsdkru\zcxgpkne.exe C:\Program Files\Grisoft\AVG7\avgwb.dat C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: DVA Storm - {D80F83DA-6FDC-4432-B350-29AABB316D2B} - C:\Windows\lgmxvpatamk.dll (file missing) O3 - Toolbar: (no name) - {16B35F26-7FBC-45AD-83E2-4991CB73F477} - (no file) O3 - Toolbar: (no name) - {74E5E4E8-79DD-49AC-B64B-E74822D5F3CD} - (no file) O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\vtUkhijH.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\awturPJA.dll,#1 O4 - HKCU\..\Run: [c09c38ce] rundll32.exe "C:\Users\Stizz\AppData\Local\Temp\xnciyjkh.dll",b O4 - HKCU\..\Run: [gtmnozyi] C:\ProgramData\gtmnozyi\ebylepyf.exe O4 - HKCU\..\Run: [iclvojxm] C:\ProgramData\iclvojxm\xgdsngde.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O21 - SSODL: MonSys - {fbac76ae-ad1f-40c3-9076-a77aebe18aa3} - C:\Windows\Resources\MonSys.dll (file missing) O21 - SSODL: pmsoarbf - {31AE39B4-C9F8-4237-B384-BA0A90DAEC91} - C:\Windows\pmsoarbf.dll (file missing) O21 - SSODL: omlbpkaw - {4CE69ED8-6970-4CCB-905E-83505679E2A4} - C:\Windows\omlbpkaw.dll (file missing) O21 - SSODL: KernelUnknown - {42e514c2-249c-4075-a2b9-d637e31009a7} - C:\Windows\Resources\KernelUnknown.dll (file missing) O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


Register to Remove

#2 Noviciate


    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 22 April 2008 - 04:05 PM

http://forums.whatth...873#entry455873 One problem, one thread - i'll lock this one.
Death to the salad eaters!

Related Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users