Need Help! Have Trojan???

Discussion in 'malware problems & news' started by babyliam1002, May 1, 2005.

Thread Status:
Not open for further replies.
  1. babyliam1002

    babyliam1002 Registered Member

    Joined:
    May 1, 2005
    Posts:
    4
    i am actually confused as to what i actually have on my system.

    originally i had a message that read: fatal error in IE has occured at 0028: c0011E36 in vxd vmm (01) + 0010e36. error was caused by trojan - spy.html.smithfraud.c

    this appeared on a blue screen on the desktop everytime i loaded it. i found what some others had done and i followed each step, except i didn't have a file called c:\windows\system32\log files it said that file would for sure be there, but it wasn't, so i could not delete it.

    after i restarted it in normal mode, the screen was no longer blue with that previous message and it is just a black screen and i can't do anything to it. my ie automatically pops up when the pc restarts and it goes to some search engine that i can't get rid of and keeps coming back after i go to a new site after changing the home page. this was actually on the pc when we got it a month ago, but we followed some directions given to us over the phone and the spy dr. thing got rid of it and all was normal.

    out of no where, i was online and all the windows closed and the homepage changed to what i have now (which is what it used to be before we thought it was fixed).

    i bought a spyware thing last night and it detects some things, but they come back and one thing won't go away.

    now i have these messages

    TrojanDownloader.Win32.Agent.bq
    processID: "1236" File
    c:\windows\winra32.exe others are c:\windows\atlvi.32 , c:\windows\ipgz.exe , and c:\windows\atlip.exe, c:\windows\sdkuh and more continue to pop up even as i write this.

    my spyware thing says it detects those and then quaratines them. after i do a scan, these items reappear everytime"

    ABetterInternet
    folder: c:\documents and settings\amber_taufen\favorites\sites about

    CWS.Feads
    file: c:\documents and settings\amber_taufen\favorites\only sex webiste.url
    file: c:\documents and settings\amber_taufen\favorites\sites about\search the web.url
    file: c:\documents and settings\amber_taufen\favorites\sites about\days of free porn.url
    file: c:\documents and settings\amber_taufen\favorites\sites about\unsecured bad credit loans.url
    file: c:\documents and settings\amber_taufen\favorites\sites about\videos.url

    (the list goes on for a while and then changes to KEY:)

    Key:hkey_local_machine \software\microsoft\windows\currentversion\uninstall\hsa

    Key:hkey_local_machine \software\microsoft\windows\currentversion\uninstall\se

    Key:hkey_local_machine \software\microsoft\windows\currentversion\uninstall\sw

    WebSearch Toolbar
    Key:hkey_local_machine \software\microsoft\internet explorer\ activex compatibility\ (8952a998-1e7e-4716-b23d-3dbe03910972

    And then there is CWS.Feads that will not go away after i do the scan

    CWS.Fead
    Key:hkey_local_machine \system\currentcontrolset\enum\root\legacy_ (the rest is a bunch of numbers, *, % and some little squares......it won't let me copy and paste so i can't write them on here.


    CAN ANYONE PLEASE HELP MEo_O?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,874
    Location:
    Texas
  3. babyliam1002

    babyliam1002 Registered Member

    Joined:
    May 1, 2005
    Posts:
    4
    i don't know what that is.......what is a hijack log? does that mean that i just need to post this message somewhere else?
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,874
    Location:
    Texas
  5. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Just out of curiousity, what anti-spyware app. did u purchase?


    snowbound
     
  6. babyliam1002

    babyliam1002 Registered Member

    Joined:
    May 1, 2005
    Posts:
    4
    i bought etrust Pest Patrol anti-spyware 2005

    it says that the items are quarentined, but i scan just seconds after and they are back again. it said that it can't get rid of the cws.fead one. it got rid of the other 45+ things that were on there last night and they don't return
     
  7. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    CWS has many variants with which some are very hard to ge rid of so your best bet, as Ronjor said, is to post a HJT log at one of those sites and the experts there will help u cleanup your system.


    snowbound
     
  8. babyliam1002

    babyliam1002 Registered Member

    Joined:
    May 1, 2005
    Posts:
    4
    well, i have already gone to the site he suggested and i will see what happens. thanks!

    does anyone know why the same thing would come back on our pc after being gone for 3 weeks?
     
  9. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.