I cannot handle it anymore!

I have spyware and despite that I did what you told me - still I have major problems. Now I have the Trojan virus on top of that.

Should I format the computer and start all over again with higher security? Because it seems that whatever action I take (Hijackthis, CWShreder, etc) it does not seems to work.

I followed your instructions. I dowloaded and run the Ad-aware software and now I am submiting the Hijackthis logfile.

Please help me - I do not know what to do. It seems hopeless to rely on my computer since the spyware is everywhere and there are no ways to remove it.

Thank you!
Panagiota

 

Copy the contents of the quote box to Notepad.

Name the file Appinit.bat and save on your Desktop as type 'All Files'.

Double click on Appinit.bat

This will create a file on the desktop named windows.txt

Upload windows.txt in your next reply. To do that do not use quick reply.
Instead press the Reply button. When you do you will be able to attach a file to your reply. Attach Windows.txt

 

I am uploading the windows.txt.
Thank you a lot for your help.
Panagiota

 

By the looks of it you have a super-hidden file that's responsible for your hijack: C:\WINDOWS\System32\winc.dll.

There are several ways to get rid of this one; one is by using Recovery Console, the other is Freeatlast's removal method using a couple of intricate batch files .

The latter may be the easier solution:

Click here to download FindnFix.exe.

Double-click on the FINDnFIX.exe and it will install a folder called FINDnFIX on your system. Go to that folder and double-click on !LOG!.bat. The program will take a few minutes to collect the necessary information. When done post the contents of Log.txt in this thread.



Do you have Recovery

 

I am posting the log file.
Also, I wanted to ask you that the NOrton Antivirus program gives me the following allert:

"Norton Antivirus has detected a virus in your computer
Object Name: c:\WINDOWS\System32\winc.dll
Virus Name: Backdoor.Trojan
Action Taken: Access to the file was denied"

[also the antivirus software located another virus: Trojan.Bookmarker.Gen]

I am trying to find a solution for this also through antivirus software. Or should I wait first to finish with your directions since it seems to me that these two problems are interelated. What do you suggest?

Please keep in mind that I know the very basics for safety and computers. I really appreciate your help. Thank you a lot.
Panagiota

 

Well, as you see Norton agrees that winc.dll is your culprit, and your FindnFix log confirms it. Unfortunately Norton will be unable to remove this file, and there's really no alternative to the procedure I'm going to advise you to follow.

In the FindnFix 'keys1' folder, double click on FIX.bat. You will get an alert of about 15 seconds before reboot - allow it to reboot.

On restart, open Explorer and navigate to C:\Windows\System32 folder, find the winc.dll file (it should be visible now). RightClick on the "winc.dll" file, and select -> Cut from the menu.

Immediately Open the C:\FINDnFIX\junkxxx subfolder.
RightClick inside it and select 'Paste' from the menu; hit 'ok' when/if asked on 'read only' file move prompt.

- Make sure the file is now indeed in that Junkxxx subfolder

Open the FINDnFIX folder again and double-click on RESTORE.bat. When it is finished, in FINDnFIX folder, there will be a file called Log2.txt - post it's contents in your next reply.

 

BTW, it's a good idea to shut down your antivirus until we've finished this removal procedure, as it could interfere.

 

I disabled the Antivirus.
I double click on fix.bat.
The system rebooted.
I opened the explorer.
The file winc.dll is not visible.
I changed the folder options and I reveled all hiden and system folders. And still it is not visible.
I run a full search on my computer (including the subfolders and hidden/system files) and still nothing.
Please advice me.

On top of that my SpywareGuard Browser showed me the following information:
The following BHO has been added to your system:
{81AC8907-8D0A-4275-9C23-4CAED6F8900D}
ProgID: n/a
File Location: c:\windows\system32\obkjcb.dll

Please advice me.
Thank you a lot for your help.
Panagiota

 

Your antivirusd may have quarantined the file.

Would you please post that Log2.txt as requested; that should give us some more information.

 

I checked the antivirus reports, and there are no files in quarantine.

I am posting the log2 file.

Thank you.
Panagiota

 

Tony,
are you still there? Please, please help me!
Thank you....
I am still waiting to tell me what to do.
bye
Panagiota

 

Whoops, one moment., please...


Well, it appears I'm unnable to attach either a batchfile or a zipfile.

Nor will the board software allow me to post it as text without mangling it...

Please PM me your email addy, and I'll send it to you.

Do not run it, but wait for further instructions.

 

Tony,
I did what you told me and I manage to get rid of the Backdoor.Trojan (I deleted the C:/windows/system32/winc.dll).

But, the same about:blank appears. Norton Antivirus shows that there is another Trojan.Bookmarker.Gen (C:\windows\system32\obkjcb.dll) which interact with my system.

I tried to delete it but it says access denied. I cannot take ownership since there are no security tabs on properties (right click on file).

Should I send you another log file? From which program? HijackThis?

Thank you for your great help.
Panagiota

 

You're doing great; we ought to have the most difficult part behind us, unless of course meanwhile you got re-infected by another obnoxious strain of this parasite...

But we'll get there.

Let's see a fresh Hijack This log

 

Tony,
I am attaching the log file.
Thank you.
Panagiota

 

I'd like to see another FnF log. Delete the FindnFix folder, download the application again, and find and doubleclick !LOG!.bat once more.

I want to make sure we're not overlooking anything...

 

Tony,
I am attaching the log file from FindnFix.
Thank you a lot.
Panagiota

 

OK, looking good; no hidden installer files.

Check, and, with all browser windows closed, have Hijack This fix the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\vaio\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\vaio\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

Reboot, and that should be the end of your hijack!

 

Tony,
I did everything you told me, but the spyware is still there.
Also, the Trojan virus is still there.
I posted on Trojan Virus site for help and I have already sent them my log files from Trojan protection software. It seems the dll file: c/windows/system32/obkjcb.dll creates the whole problem and I cannot delete it since the system do not allow me. Also, the trojan protection software found another hidden files on my system which autoruns other programs. You can see my other posting with title "Backdoor.Trojan & Trojan.Bookmarker.Gen". I will come back to you for any progress.
Thank you a lot for all your help.
Please advice if I can do anything further.
Panagiota

ps: what should I do for protecting my system in the future for similar situations? I have installed the spyguard but it seems that the program is allowed to be stored in my computer and then the spyware do not allow it to change my webpages. Please advice.
Thank you.

 

Tony,
I cleaned the trojan virus and now the spyware dissappeared.

I hope the computer is clean now. Is there any way to test it?

Also, very important, what should I do to protect my computer for future spyware problems?

Keep in mind that it is a private home computer but I rely a lot on it and I am on the internet at least 12 hours per day.

Thank you a lot for all your help.

Panagiota

 

Glad to hear you're up and running again.

And here's some reading on prevention you may find useful:

So how did I get infected in the first place?