Solve : trojan i ant get healed?

1.	Solve : trojan i ant get healed?
Answer» Can you tell by the log what starts when the computer is switched on because i know i don't use a lot of the stuff on the desktop but don't know what is what & don't want to switch something off which is important. so far the compuer has not crashed on freezed on me i have had it running now 7hrs with up to 5 windows open so THANK YOU FOR THAT SO MUCH as soon as i can i will make a donation to you hope i can send it by western union do not have credit card Go to add/remove programs and uninstall AdVantage ---------- Open Hijackthis and select Do a system scan only. Place a check mark next to the following entries: (if there) O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe" O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) Important: Close all windows except for Hijackthis and then click Fix checked. Exit Hijackthis. ---------- Download OTMoveIt2 by OldTimer. Save it to your desktop. Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): Code: [Select]C:\Program Files\AdVantage\AdVantage.exe Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box ENTER .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the CONTENTS of that document back here in your next post. ---------- Post the OTMoveIt log and let me know how things are now.OTMoveIt2 v1.0.20 log created on 02292008_204146 this is all i got i tried it twice but the same thing came up Go to C:\Program Files\AdVantage\AdVantage.exe Delete this file and folder AdVantage.exe and AdVantagehave not got that folder on the computer Time to do some cleanup and secure the work you have done. Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. The above procedure will: Delete: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it) 1. Double click OTMoveIt2.exe to launch it. 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) When finished exit out of OTMoveIt2 . Here are some great tools to help you keep from getting infected again. Spybot Search & Destroy - A safe and effective spyware scanner. * Official Spybot Tutorial * Spybot FAQ AVG Anti-Spyware Free Edition - Very reliable with a HIGH detection rate. * AVG Anti-Spyware User Manual SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * SpywareBlaster Tutorial Comodo BOClean - Stops trojans and many more malicious attacks. Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. * Click here for a list of free firewalls. * Why would I consider a third party firewall? UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. * Help with Windows updates Learn more about how to protect yourself while on the internet READ this article by Tony Klien: So how did I get infected in the first place? Let us know if anything else comes up.

Answer»

Can you tell by the log what starts when the computer is switched on because i know i don't use a lot of the stuff on the desktop but don't know what is what & don't want to switch something off which is important.

so far the compuer has not crashed on freezed on me i have had it running now 7hrs with up to 5 windows open so THANK YOU FOR THAT SO MUCH as soon as i can i will make a donation to you hope i can send it by western union do not have credit card

Go to add/remove programs and uninstall AdVantage

----------

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

Download OTMoveIt2 by OldTimer.

Save it to your desktop.
Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: [Select]C:\Program Files\AdVantage\AdVantage.exe

Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.

Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box ENTER *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the CONTENTS of that document back here in your next post.

----------

Post the OTMoveIt log and let me know how things are now.OTMoveIt2 v1.0.20 log created on 02292008_204146

this is all i got i tried it twice but the same thing came up Go to C:\Program Files\AdVantage\AdVantage.exe

Delete this file and folder AdVantage.exe and AdVantagehave not got that folder on the computer

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:

Delete:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it)

1. Double click OTMoveIt2.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

When finished exit out of OTMoveIt2

.
Here are some great tools to help you keep from getting infected again.

Spybot Search & Destroy - A safe and effective spyware scanner.
* Official Spybot Tutorial
* Spybot FAQ

AVG Anti-Spyware Free Edition - Very reliable with a HIGH detection rate.
* AVG Anti-Spyware User Manual

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* SpywareBlaster Tutorial

Comodo BOClean - Stops trojans and many more malicious attacks.

Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over.
* Click here for a list of free firewalls.
* Why would I consider a third party firewall?

UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer.
* Help with Windows updates

Learn more about how to protect yourself while on the internet READ this article by Tony Klien: So how did I get infected in the first place?

Let us know if anything else comes up.

Solve : trojan i ant get healed?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment