hi there guys,

i try to formated my pc and its gone..

but another thing come in again..with trojan OnlineGame..

i dunno what to do...and im kinda newbie in this area...i try everything in my power of knowledge that i think i met the dead end..so plz help me..

this is log from HJT and ESET online scanner which help to see diagnose my problem

~HiJack This log removed per Policy. (http://www.wilderssecurity.com/showthread.php?t=42148)~

and this from ESET online scanner
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3072 (20080503)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=3f77c039b3326d44a6b0cfac014bb69b
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-05-03 06:05:43
# local_time=2008-05-03 06:05:43 (+1200, New Zealand Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=441277
# found=11
# scan_time=2699
# nod_component=V3 Build:0x30000000 ()
C:\WINDOWS\system32\fool0.dll Win32/Pacex.Gen virus (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\WINDOWS\system32\ieso0.dll Win32/Pacex.Gen virus (unable to clean - deleted) 00000000000000000000000000000000
D:\Windows killer\wga killer.rar probably a variant of Win32/TrojanDownloader.Agent trojan (deleted) 00000000000000000000000000000000
D:\Windows killer\wga killer.rar »RAR »wga killer\Windows XP Keygen.exe probably a variant of Win32/TrojanDownloader.Agent trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
D:\Windows killer\WGA_Permanent_PatcherP5575987.rar probably a variant of Win32/TrojanDownloader.Agent trojan (deleted) 00000000000000000000000000000000
D:\Windows killer\WGA_Permanent_PatcherP5575987.rar »RAR »Windows XP Keygen.exe probably a variant of Win32/TrojanDownloader.Agent trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
D:\Windows killer\Windows_XP_Professional_by_Unknown.zip probably a variant of Win32/TrojanDownloader.Agent trojan (deleted) 00000000000000000000000000000000
D:\Windows killer\Windows_XP_Professional_by_Unknown.zip »ZIP »KeyGen.exe probably a variant of Win32/TrojanDownloader.Agent trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
E:\Programs\Atari Act of war high Treason 1.0.rar multiple infiltrations (deleted) 00000000000000000000000000000000
E:\Programs\Atari Act of war high Treason 1.0.rar »RAR »keygen.exe Win32/Adware.Virtumonde application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
E:\Programs\Atari Act of war high Treason 1.0.rar »RAR »crack.exe Win32/Dialer.NER trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

this is some pic that might help u to analyze my prob

http://i20.photobucket.com/albums/b209/jinzo13/virus/abisdiklik.jpg
this when i open my computer

http://i20.photobucket.com/albums/b209/jinzo13/virus/trusjadibegini.jpg
after i click one of my partition it open to a new window and the threat notice pop up..

i hope the information is enough to help u guys identify everything of my probx..

and i hope it can fix soon with THE POWER OF WILDERSSECURITY :P

cheers

P.S i forgot to mention taht i use NOD32 v3 smart security and spyware doctor

i hope i can fix my own Y_Y

plz heelp me..

cheers again :P

Hello!

First , Wilders doesn't provide malware cleaning services . Second , is your NOD32 even legal ? Is your Windows genuie ? I doubt .

ESET Online scanner detected trojans in keygen , which are used to "make illegal Windows legal"

{QUOTE-> D:\Windows killer\wga killer.rar
D:\Windows killer\WGA_Permanent_PatcherP5575987.rar <-QUOTE}

{QUOTE-> D:\Windows killer\Windows_XP_Professional by Unknown <-QUOTE}

yup i know that...

dun angry at me im just an international student Y_Y

i already erase taht one...

so is there any chance to fix everything up..??

and sorry for misunderstanding that i am not asking for malware cleaning services if u u guys can show me the steps to fix my PC that will be great...^^

i will do the cleaning ^^ i am asking for the guidance

thank you

Hi!

The best thing would be to create a back-up , completely format the hard drive and do a clean install of an OS .

The best would be to buy Windows and all the softwares you need (including antivirus software , back-up software , office suit , etc ...) . This guarantees you quality and support . You have fallen victim of the cracks you have used but there is no free lunch .

If you can't afford buying Windows and other software , order or download Linux . Linux is free operating system which comes bundled with pretty much things . You can have a lot free programs to use on it. On Linux most likely you won't need an antivirus software . Search in Google for different Linux distros - such as Suse , Ubunto , etc....

{QUOTE-> but another thing come in again..with trojan OnlineGame... <-QUOTE}

Hi, here is example of this threat => http://secit.sk/?q=node/214

As you can see, it creates DLL, which is loaded in process explorer.exe. You have to find that, stop explorer.exe and remove DLL and values in Registry. But this variant can do something different (when I see .sys in Temp directory).

If you want, you can PM me and we solve it. ;)

{QUOTE-> Hi, here is example of this threat => http://secit.sk/?q=node/214

As you can see, it creates DLL, which is loaded in process explorer.exe. You have to find that, stop explorer.exe and remove DLL and values in Registry. But this variant can do something different (when I see .sys in Temp directory).

If you want, you can PM me and we solve it. ;) <-QUOTE}

thank you very much...i really needed man..

but i dun think i can PM u coz when i tried just now PM has been disable..

so is there any probability for us to solve my problem in this thread..??

i will very much appreciated..

cheers

You can contact me by email or another service -> http://www.wilderssecurity.com/member.php?u=70703

:)