Solve : trojan keeps coming back.?

1.	Solve : trojan keeps coming back.?
Answer» So my problem is, 3 same trojans keep coming back after I remove them with Malwarebytes. I have tried 6 times with MBAM to remove the trojans, but they just come back. Also I do not know if this is related to the Trojans, but for some odd reason, my P2P program utorrent does not work anymore. I try to execute it, but nothing happens. So I tried to uninstall it, but it wouldn't let me and I ended up just deleting the actual folder with all the files. Another program I have trouble with is a game client file (.exe) I downloaded it off the correct site and I'm pretty sure it's clean but just like the utorrent problem, when I try to execute it, nothing happens. It just stand there. help would be appreciated. Other info: I run on Windows XP professional and I currently don't have an anti VIRUS and I doubt I can get any in the near future with this computer, as this device is essentially ancient. The computer would be slow at incomprehensible speeds, so that is why I don't have an anti virus. MBAM Quote Malwarebytes' Anti-Malware 1.44 Database version: 3747 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 2/19/2010 8:49:32 PM mbam-log-2010-02-19 (20-49-32).txt Scan type: Quick Scan Objects scanned: 124567 Time elapsed: 9 minute(s), 29 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: C:\WINDOWS\svchost.exe (Trojan.Agent) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\powermanager (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. Quote SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/19/2010 at 07:54 PM Application Version : 4.34.1000 Core Rules Database Version : 4597 Trace Rules Database Version: 2409 Scan type : Complete Scan Total Scan Time : 02:38:52 Memory items scanned : 480 Memory threats detected : 1 Registry items scanned : 5782 Registry threats detected : 26 File items scanned : 69975 File threats detected : 78 Trojan.SVCHost/Fake C:\WINDOWS\SVCHOST.EXE C:\WINDOWS\SVCHOST.EXE C:\WINDOWS\Prefetch\SVCHOST.EXE-16C7D411.pf Adware.Tracking Cookie C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][3].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected]ger[1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt C:\Documents and Settings\jimmy\Cookies\[emailprotected][1].txt C:\Documents and Settings\jimmy\Cookies\[emailprotected][1].txt C:\Documents and Settings\jimmy\Cookies\[emailprotected][2].txt C:\Documents and Settings\jimmy\Cookies\[emailprotected][2].txt C:\Documents and Settings\jimmy\Cookies\[emailprotected][1].txt C:\Documents and Settings\jimmy\Cookies\[emailprotected][1].txt C:\Documents and Settings\jimmy\Cookies\[emailprotected][1].txt C:\Documents and Settings\William\Cookies\[emailprotected][1].txt C:\Documents and Settings\William\Cookies\[emailprotected][1].txt Virus.HiddenDragon HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#Driver HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000\Control#ActiveService HKLM\SYSTEM\CurrentControlSet\Services\PowerManager HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#Type HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#Start HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#Description HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Security HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Enum HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Enum#NextInstance C:\QOOBOX\QUARANTINE\C\WINDOWS\SVCHOST.EXE.VIR Trojan.Agent/Gen-Nullo[Short] C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP67\A0023991.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP81\A0026149.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP83\A0027415.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP90\A0027589.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP96\A0029169.EXE uggh there seems to be another problem now. my computer is running slower then usual. Could this be the effect of the svchost.exe trojan? Am I allowed to bump? Quote from: hunt3rshadow on February 22, 2010, 01:57:13 PM Am I allowed to bump? It makes your wait time longer because you go to the end of the list. Download TrendMicro HijackThis.exe (HJT) to the desktop. * Double-click on HJTInstall. * Click on the Install button. * It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. * Upon install, HijackThis should open for you. * Important! If using Windows Vista or Windows 7, close HijackThis. Now right-click HijackThis and Run As Administrator * Click on the Do a system scan and save a log file button * HijackThis will scan and then a log will open in NOTEPAD. * Copy and then paste the ENTIRE contents of the log in your post. * Do not have HijackThis fix anything yet. Most of what it finds will be HARMLESS or even required.

Answer»

So my problem is, 3 same trojans keep coming back after I remove them with Malwarebytes. I have tried 6 times with MBAM to remove the trojans, but they just come back. Also I do not know if this is related to the Trojans, but for some odd reason, my P2P program utorrent does not work anymore. I try to execute it, but nothing happens. So I tried to uninstall it, but it wouldn't let me and I ended up just deleting the actual folder with all the files. Another program I have trouble with is a game client file (.exe) I downloaded it off the correct site and I'm pretty sure it's clean but just like the utorrent problem, when I try to execute it, nothing happens. It just stand there. help would be appreciated.

Other info:
I run on Windows XP professional and I currently don't have an anti VIRUS and I doubt I can get any in the near future with this computer, as this device is essentially ancient. The computer would be slow at incomprehensible speeds, so that is why I don't have an anti virus.

MBAM
Quote

Malwarebytes' Anti-Malware 1.44
Database version: 3747
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/19/2010 8:49:32 PM
mbam-log-2010-02-19 (20-49-32).txt

Scan type: Quick Scan
Objects scanned: 124567
Time elapsed: 9 minute(s), 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\powermanager (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Quote

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/19/2010 at 07:54 PM

Application Version : 4.34.1000

Core Rules Database Version : 4597
Trace Rules Database Version: 2409

Scan type : Complete Scan
Total Scan Time : 02:38:52

Memory items scanned : 480
Memory threats detected : 1
Registry items scanned : 5782
Registry threats detected : 26
File items scanned : 69975
File threats detected : 78

Trojan.SVCHost/Fake
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\Prefetch\SVCHOST.EXE-16C7D411.pf

Adware.Tracking Cookie
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected]ger[1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Richard\Cookies\[emailprotected][2].txt
C:\Documents and Settings\jimmy\Cookies\[emailprotected][1].txt
C:\Documents and Settings\jimmy\Cookies\[emailprotected][1].txt
C:\Documents and Settings\jimmy\Cookies\[emailprotected][2].txt
C:\Documents and Settings\jimmy\Cookies\[emailprotected][2].txt
C:\Documents and Settings\jimmy\Cookies\[emailprotected][1].txt
C:\Documents and Settings\jimmy\Cookies\[emailprotected][1].txt
C:\Documents and Settings\jimmy\Cookies\[emailprotected][1].txt
C:\Documents and Settings\William\Cookies\[emailprotected][1].txt
C:\Documents and Settings\William\Cookies\[emailprotected][1].txt

Virus.HiddenDragon
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#Type
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#Start
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#Description
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Security
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Enum
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Enum#NextInstance
C:\QOOBOX\QUARANTINE\C\WINDOWS\SVCHOST.EXE.VIR

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP67\A0023991.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP81\A0026149.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP83\A0027415.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP90\A0027589.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP96\A0029169.EXE

uggh there seems to be another problem now. my computer is running slower then usual. Could this be the effect of the svchost.exe trojan? Am I allowed to bump? Quote from: hunt3rshadow on February 22, 2010, 01:57:13 PM

Am I allowed to bump?

It makes your wait time longer because you go to the end of the list.

Download TrendMicro HijackThis.exe (HJT) to the desktop.

* Double-click on HJTInstall.
* Click on the Install button.
* It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
* Upon install, HijackThis should open for you.
* Important! If using Windows Vista or Windows 7, close HijackThis. Now right-click HijackThis and Run As Administrator
* Click on the Do a system scan and save a log file button
* HijackThis will scan and then a log will open in NOTEPAD.
* Copy and then paste the ENTIRE contents of the log in your post.
* Do not have HijackThis fix anything yet. Most of what it finds will be HARMLESS or even required.

Solve : trojan keeps coming back.?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment