Need Help! Have Trojan???

Discussion in 'malware problems & news' started by babyliam1002, May 1, 2005.

Thread Status:
Not open for further replies.
  1. babyliam1002

    babyliam1002 Registered Member

    Joined:
    May 1, 2005
    Posts:
    4
    i am actually confused as to what i actually have on my system.

    originally i had a message that read: fatal error in IE has occured at 0028: c0011E36 in vxd vmm (01) + 0010e36. error was caused by trojan - spy.html.smithfraud.c

    this appeared on a blue screen on the desktop everytime i loaded it. i found what some others had done and i followed each step, except i didn't have a file called c:\windows\system32\log files it said that file would for sure be there, but it wasn't, so i could not delete it.

    after i restarted it in normal mode, the screen was no longer blue with that previous message and it is just a black screen and i can't do anything to it. my ie automatically pops up when the pc restarts and it goes to some search engine that i can't get rid of and keeps coming back after i go to a new site after changing the home page. this was actually on the pc when we got it a month ago, but we followed some directions given to us over the phone and the spy dr. thing got rid of it and all was normal.

    out of no where, i was online and all the windows closed and the homepage changed to what i have now (which is what it used to be before we thought it was fixed).

    i bought a spyware thing last night and it detects some things, but they come back and one thing won't go away.

    now i have these messages

    TrojanDownloader.Win32.Agent.bq
    processID: "1236" File
    c:\windows\winra32.exe others are c:\windows\atlvi.32 , c:\windows\ipgz.exe , and c:\windows\atlip.exe, c:\windows\sdkuh and more continue to pop up even as i write this.

    my spyware thing says it detects those and then quaratines them. after i do a scan, these items reappear everytime"

    ABetterInternet
    folder: c:\documents and settings\amber_taufen\favorites\sites about

    CWS.Feads
    file: c:\documents and settings\amber_taufen\favorites\only sex webiste.url
    file: c:\documents and settings\amber_taufen\favorites\sites about\search the web.url
    file: c:\documents and settings\amber_taufen\favorites\sites about\days of free porn.url
    file: c:\documents and settings\amber_taufen\favorites\sites about\unsecured bad credit loans.url
    file: c:\documents and settings\amber_taufen\favorites\sites about\videos.url

    (the list goes on for a while and then changes to KEY:)

    Key:hkey_local_machine \software\microsoft\windows\currentversion\uninstall\hsa

    Key:hkey_local_machine \software\microsoft\windows\currentversion\uninstall\se

    Key:hkey_local_machine \software\microsoft\windows\currentversion\uninstall\sw

    WebSearch Toolbar
    Key:hkey_local_machine \software\microsoft\internet explorer\ activex compatibility\ (8952a998-1e7e-4716-b23d-3dbe03910972

    And then there is CWS.Feads that will not go away after i do the scan

    CWS.Fead
    Key:hkey_local_machine \system\currentcontrolset\enum\root\legacy_ (the rest is a bunch of numbers, *, % and some little squares......it won't let me copy and paste so i can't write them on here.


    CAN ANYONE PLEASE HELP MEo_O?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  3. babyliam1002

    babyliam1002 Registered Member

    Joined:
    May 1, 2005
    Posts:
    4
    i don't know what that is.......what is a hijack log? does that mean that i just need to post this message somewhere else?
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  5. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Just out of curiousity, what anti-spyware app. did u purchase?


    snowbound
     
  6. babyliam1002

    babyliam1002 Registered Member

    Joined:
    May 1, 2005
    Posts:
    4
    i bought etrust Pest Patrol anti-spyware 2005

    it says that the items are quarentined, but i scan just seconds after and they are back again. it said that it can't get rid of the cws.fead one. it got rid of the other 45+ things that were on there last night and they don't return
     
  7. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    CWS has many variants with which some are very hard to ge rid of so your best bet, as Ronjor said, is to post a HJT log at one of those sites and the experts there will help u cleanup your system.


    snowbound
     
  8. babyliam1002

    babyliam1002 Registered Member

    Joined:
    May 1, 2005
    Posts:
    4
    well, i have already gone to the site he suggested and i will see what happens. thanks!

    does anyone know why the same thing would come back on our pc after being gone for 3 weeks?
     
  9. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
Loading...
Thread Status:
Not open for further replies.