I cannot handle it anymore!

Discussion in 'adware, spyware & hijack cleaning' started by Panagiota, Jul 18, 2004.

Thread Status:
Not open for further replies.
  1. Panagiota

    Panagiota Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    22
    I have spyware and despite that I did what you told me - still I have major problems. Now I have the Trojan virus on top of that.

    Should I format the computer and start all over again with higher security? Because it seems that whatever action I take (Hijackthis, CWShreder, etc) it does not seems to work.

    I followed your instructions. I dowloaded and run the Ad-aware software and now I am submiting the Hijackthis logfile.

    Please help me - I do not know what to do. It seems hopeless to rely on my computer since the spyware is everywhere and there are no ways to remove it.

    Thank you!
    Panagiota
     

    Attached Files:

    Last edited: Jul 19, 2004
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Copy the contents of the quote box to Notepad.

    Name the file Appinit.bat and save on your Desktop as type 'All Files'.

    Double click on Appinit.bat

    This will create a file on the desktop named windows.txt

    Upload windows.txt in your next reply. To do that do not use quick reply.
    Instead press the Reply button. When you do you will be able to attach a file to your reply. Attach Windows.txt
     
  3. Panagiota

    Panagiota Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    22
    I am uploading the windows.txt.
    Thank you a lot for your help.
    Panagiota
     

    Attached Files:

  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    By the looks of it you have a super-hidden file that's responsible for your hijack: C:\WINDOWS\System32\winc.dll.

    There are several ways to get rid of this one; one is by using Recovery Console, the other is Freeatlast's removal method using a couple of intricate batch files .

    The latter may be the easier solution:

    Click here to download FindnFix.exe.

    Double-click on the FINDnFIX.exe and it will install a folder called FINDnFIX on your system. Go to that folder and double-click on !LOG!.bat. The program will take a few minutes to collect the necessary information. When done post the contents of Log.txt in this thread.



    Do you have Recovery
     
  5. Panagiota

    Panagiota Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    22
    I am posting the log file.
    Also, I wanted to ask you that the NOrton Antivirus program gives me the following allert:

    "Norton Antivirus has detected a virus in your computer
    Object Name: c:\WINDOWS\System32\winc.dll
    Virus Name: Backdoor.Trojan
    Action Taken: Access to the file was denied"

    [also the antivirus software located another virus: Trojan.Bookmarker.Gen]

    I am trying to find a solution for this also through antivirus software. Or should I wait first to finish with your directions since it seems to me that these two problems are interelated. What do you suggest?

    Please keep in mind that I know the very basics for safety and computers. I really appreciate your help. Thank you a lot.
    Panagiota
     

    Attached Files:

    • log.txt
      File size:
      8.8 KB
      Views:
      10
  6. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Well, as you see Norton agrees that winc.dll is your culprit, and your FindnFix log confirms it. Unfortunately Norton will be unable to remove this file, and there's really no alternative to the procedure I'm going to advise you to follow.

    In the FindnFix 'keys1' folder, double click on FIX.bat. You will get an alert of about 15 seconds before reboot - allow it to reboot.

    On restart, open Explorer and navigate to C:\Windows\System32 folder, find the winc.dll file (it should be visible now). RightClick on the "winc.dll" file, and select -> Cut from the menu.

    Immediately Open the C:\FINDnFIX\junkxxx subfolder.
    RightClick inside it and select 'Paste' from the menu; hit 'ok' when/if asked on 'read only' file move prompt.

    - Make sure the file is now indeed in that Junkxxx subfolder

    Open the FINDnFIX folder again and double-click on RESTORE.bat. When it is finished, in FINDnFIX folder, there will be a file called Log2.txt - post it's contents in your next reply.
     
  7. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    BTW, it's a good idea to shut down your antivirus until we've finished this removal procedure, as it could interfere.
     
  8. Panagiota

    Panagiota Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    22
    I disabled the Antivirus.
    I double click on fix.bat.
    The system rebooted.
    I opened the explorer.
    The file winc.dll is not visible.
    I changed the folder options and I reveled all hiden and system folders. And still it is not visible.
    I run a full search on my computer (including the subfolders and hidden/system files) and still nothing.
    Please advice me.

    On top of that my SpywareGuard Browser showed me the following information:
    The following BHO has been added to your system:
    {81AC8907-8D0A-4275-9C23-4CAED6F8900D}
    ProgID: n/a
    File Location: c:\windows\system32\obkjcb.dll

    Please advice me.
    Thank you a lot for your help.
    Panagiota
     
  9. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Your antivirusd may have quarantined the file.

    Would you please post that Log2.txt as requested; that should give us some more information.
     
  10. Panagiota

    Panagiota Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    22
    I checked the antivirus reports, and there are no files in quarantine.

    I am posting the log2 file.

    Thank you.
    Panagiota
     

    Attached Files:

  11. Panagiota

    Panagiota Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    22
    Tony,
    are you still there? Please, please help me!
    Thank you....
    I am still waiting to tell me what to do.
    bye
    Panagiota
     
  12. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Whoops, one moment., please...


    Well, it appears I'm unnable to attach either a batchfile or a zipfile.

    Nor will the board software allow me to post it as text without mangling it...

    Please PM me your email addy, and I'll send it to you.

    Do not run it, but wait for further instructions.
     
    Last edited: Jul 22, 2004
  13. Panagiota

    Panagiota Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    22
    Tony,
    I did what you told me and I manage to get rid of the Backdoor.Trojan (I deleted the C:/windows/system32/winc.dll).

    But, the same about:blank appears. Norton Antivirus shows that there is another Trojan.Bookmarker.Gen (C:\windows\system32\obkjcb.dll) which interact with my system.

    I tried to delete it but it says access denied. I cannot take ownership since there are no security tabs on properties (right click on file).

    Should I send you another log file? From which program? HijackThis?

    Thank you for your great help.
    Panagiota
     
  14. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    You're doing great; we ought to have the most difficult part behind us, unless of course meanwhile you got re-infected by another obnoxious strain of this parasite...

    But we'll get there.

    Let's see a fresh Hijack This log
     
  15. Panagiota

    Panagiota Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    22
    Tony,
    I am attaching the log file.
    Thank you.
    Panagiota
     

    Attached Files:

  16. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    I'd like to see another FnF log. Delete the FindnFix folder, download the application again, and find and doubleclick !LOG!.bat once more.

    I want to make sure we're not overlooking anything... :(
     
  17. Panagiota

    Panagiota Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    22
    Tony,
    I am attaching the log file from FindnFix.
    Thank you a lot.
    Panagiota
     

    Attached Files:

    • log.txt
      File size:
      7.5 KB
      Views:
      2
  18. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    OK, looking good; no hidden installer files.

    Check, and, with all browser windows closed, have Hijack This fix the following items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\vaio\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\vaio\LOCALS~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    Reboot, and that should be the end of your hijack! :)
     
  19. Panagiota

    Panagiota Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    22
    Tony,
    I did everything you told me, but the spyware is still there.
    Also, the Trojan virus is still there.
    I posted on Trojan Virus site for help and I have already sent them my log files from Trojan protection software. It seems the dll file: c/windows/system32/obkjcb.dll creates the whole problem and I cannot delete it since the system do not allow me. Also, the trojan protection software found another hidden files on my system which autoruns other programs. You can see my other posting with title "Backdoor.Trojan & Trojan.Bookmarker.Gen". I will come back to you for any progress.
    Thank you a lot for all your help.
    Please advice if I can do anything further.
    Panagiota

    ps: what should I do for protecting my system in the future for similar situations? I have installed the spyguard but it seems that the program is allowed to be stored in my computer and then the spyware do not allow it to change my webpages. Please advice.
    Thank you.
     
  20. Panagiota

    Panagiota Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    22
    Tony,
    I cleaned the trojan virus and now the spyware dissappeared.

    I hope the computer is clean now. Is there any way to test it?

    Also, very important, what should I do to protect my computer for future spyware problems?

    Keep in mind that it is a private home computer but I rely a lot on it and I am on the internet at least 12 hours per day.

    Thank you a lot for all your help.

    Panagiota
     
  21. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
Thread Status:
Not open for further replies.