help with trojan plz!

[laurent]

Virus Statistics

 

Scan path : C:\WINDOWS

C:\Program Files

Folders : 4313

Files : 84702

Memory processes scanned : 0

Archives : 0

Runtime packers : 2569

Identified viruses : 1

Infected files : 2

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 2

I/O errors : 11

Scan time : 00:27:06

Scan speed (files/sec) : 52

 

Virus definitions : 1571363

Scan plugins : 16

Archive plugins : 43

Unpack plugins : 7

Mail plugins : 6

System plugins : 5

 

Virus scan options

 

Detection

[X] Scan boot sectors

[ ] Memory Processes

[ ] Scan archives

[X] Scan runtime packers

[X] Scan email

 

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

 

Action

 

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

 

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

 

Virus scan options

[X] Enable warnings

[ ] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\quick_scan\1219269601.log

 

Spyware scan options

 

[X] Scan for riskware

[ ] Skip dial and applications from scan

[ ] Registry keys

[ ] Cookies

 

 

Summary:

 

C:\WINDOWS\system32\ckvo0.dll Infected: Trojan.PWS.OnlineGames.ZPG

C:\WINDOWS\system32\ckvo0.dll Disinfection failed

C:\WINDOWS\system32\ckvo0.dll Moved

C:\WINDOWS\system32\ckvo1.dll Infected: Trojan.PWS.OnlineGames.ZPG

C:\WINDOWS\system32\ckvo1.dll Disinfection failed

C:\WINDOWS\system32\ckvo1.dll Moved

 

I tried to manually delete it but could not find it in the WINDOWS folder

[Seth]

Hi Laurent.

 

Please follow these instructions to remove the infections:

 

 

• Required Cleanup Steps
  
  1. Disable the Spybot Search & Destroy TEA TIMER if enabled
     
  2. Run a Temporary file and cache cleaner (ATF)
     
  3. Run 2 Anti-Malware scanners
     
  4. Run an Online Anti-Virus / Anti-Malware Scanner
     
  5. Clear out old System Restore points
     
  6. If continued Malware type activity is present you may be asked to post a TrendMicro™ HijackThis™ Log file
     

   

The reason to run multiple scanners is to ensure that no single scanner is missing something.

The time it takes will vary depending on your system and your internet connection speed.

Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 10 to 90 minutes.

The ESET online scan should take between 1 to 3 hours.

In most cases, these scans will suffice to clean and disinfect your computer.

Heavily infected systems or slower PCs can take much longer to scan and clean.

 

For best results print the following instructions and bookmark this Web page

To keep this guide printer-friendly, use your cursor to highlight the contents below.

From your browser select File - Print and in the printer dialog box under "Print range"

click the

Selection

choice to print out these instructions for removal of malware.

http://kixhelp.com/wr/images-freepchelp/printer-selection.gif

__________________________________________________

STEP 1

• Disable Spybot Search & Destroys' TEA TIMER: (if installed)
  
  
  1. Run Spybot-S&D in Advanced Mode.
     
     
  2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
     
     
  3. On the left hand side, Click on Tools
     
     
  4. Then click on the Resident Icon in the List
     
     
  5. Uncheck "Resident TeaTimer" and OK any prompts.
     
     
  6. Restart your computer.
     
     
   

__________________________________________________

STEP 2

• Follow these instructions carefully.
  
  
• Download ATF-Cleaner from
  Snapfiles.com
  to remove un-needed temporary files from your computer that may contain malware.
  
  
• You can also download it from
  Majorgeeks.com
  
  
• When you run ATF-Cleaner, check the items as shown below for Main.
  
  
• For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox
  
  
• NOTE:
  If you don't have FireFox or Opera installed then they will be grayed out and can be ignored
  
  
• Then click on "Empty Selected".
  
  

http://kixhelp.com/wr/images-freepchelp/atf-cleaner01.gif

.

http://kixhelp.com/wr/images-freepchelp/atf-cleaner02.gif

__________________________________________________

STEP 3

• Install and run the free version (not the Professional version) of SUPERAntiSpyware from
  SUPERAntiSpyware.com
  
  
  • Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files.
    
    
  • You do not have to send them your e-mail address, just click next.
    
    
  • You can leave the automated check for updates on.
    
    
  • You can uncheck "Send a diagnostic report to research center" if you don't want to send the information.
    
    
  • DO NOT
    allow SUPERAntiSpyware to protect your Home Page settings.
    
    
  • On the
    Top Left
    select the
    Scan your computer
    button.
    
    
  • Make sure there is a CHECK MARK on all
    Fixed Drives
    .
    
    
  • Click "Perform a Complete Scan". Click "Next" to Repair issues found and reboot the computer when prompted to do so.
    
    
   

__________________________________________________

STEP 4

• Install and run
  Malwarebytes' Anti-Malware
  from
  Malwarebytes - (direct download)
  
  
  • Accept all defaults for the installer
    
    
  • Allow the program to update the definitions
    
    
  • Click on the
    Quick Scan
    and click Next.
    
    
  • If any items are found allow it to clean them and then Reboot your computer.
    
    
   

__________________________________________________

STEP 5

• Run an online scan with ESET from
  Free Virus Scan: Use ESET's Online Antivirus Scanner
  
  
  • You
    must
    use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
    
    
  • If your computer is running Window's Vista, then you
    must first
    start Internet Explorer as an Administrator. To do so, right-click on the
    Internet Explorer
    icon in the Start Menu and select "
    Run as administrator
    " from the popup context menu.
    
    
   
  • Accept the terms and click "Start".
    
    
  • Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
    
    
  • Click "Start" to begin the scan.
    
    
  • When completed restart your computer
    
    
   

__________________________________________________

Make sure your internet firewall security is enabled, and then please return to Extreme Tech Support - Free PC Help and tell us how the computer seems to be operating.

[laurent]

i have already done this process a few times but the trojan remains there

[maynardvdm]

Hi

 

Can you post the MalwareBytes Log.

 

It can be retrieved manually from this location:

C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

[maynardvdm]

Continued..

 

Also Remove/delete all files from the Bitdefender Quarantine.

[laurent]

Malwarebytes' Anti-Malware 1.24

Database version: 1027

Windows 5.1.2600 Service Pack 2

 

11:48:51 22/08/2008

mbam-log-8-22-2008 (11-48-51).txt

 

Scan type: Full Scan (C:\|)

Objects scanned: 126544

Time elapsed: 1 hour(s), 30 minute(s), 36 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\c9hehpa.bat (Trojan.Agent) -> Quarantined and deleted successfully.

[laurent]

maynardvdm Continued..

 

Also Remove/delete all files from the Bitdefender Quarantine.

 

i hope i did it the right way when i right-clicked on the files in the quarantine folder and chose the delete option

[maynardvdm]

Hi

 

Did you remove/delete the Quarantined files?

 

Please do the following. (This scan takes very long, so do it when you wont be using the computer for an hour or three)

 

Run Kaspersky Online AV Scanner:

Note: Internet Explorer should be used.

 

Please go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
  
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  
• When the downloads have finished, click on Settings.
  
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    
  • Archives
    
  • Mail databases
    

  [*]Click on My Computer under Scan and then put the kettle on!

  [*]Once the scan is complete, it will display the results. Click on View Scan Report.

  [*]You will see a list of infected items there. Click on Save Report As....

  [*]Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.

  [*]Copy and paste the report into your next reply.

[maynardvdm]

This thread is now closed.

 

If you would like it reopened please PM (private message) an Administrator.

 

Thank you.