Need help with Trojan Horse Virus'

Found Torjan Horse PSW.Briss.d
C:\WINDOWS\INFAMOUS.EXE
Found Torjan Horse Downloader.Small.5.Y
C:\Program Files\Windows Media Player\WMPLAY~1.TMP

Attached Hijack this file:
Logfile of HijackThis v1.97.7
Scan saved at 9:20:41 PM, on 18/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Smith Micro Shared\Directory\SMIPTray.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Internet Directory.lnk = C:\Program Files\Common Files\Smith Micro Shared\Directory\SMIPTray.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38109.6902893518
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Please Advise

 

Hi mezger,

Are you able to delete that file?
If not reboot into safe mode and delete it from there.
If Windows Media Player becomes unusable, follow instructions here:
https://www.wilderssecurity.com/showthread.php?t=28027

Regards,

Pieter

 

I have searched for these files and they don't seem to exist. I have rechecked my AVG Virus scan log and the addresses are correct the files are just not there. What should I do now?

 

Do you have hidden files set to show?

Check here how to do that: http://www.tacktech.com/display.cfm?ttid=192

Regards,

Pieter

 

I did have checked show hidden files. So I am a bit confused as to how AVG has found an infected file that doesn't seem to exist. What can I try now?

 

I would suggest you download a free trial of TDS3 from here:
http://tds.diamondcs.com.au/index.php?page=home
Update as described here:
http://tds.diamondcs.com.au/index.php?page=update
When that is ready click System Testing > Full system scan

By rightclicking in the results window at the bottom you can produce a text file containing the scan results. Post that please.

Regards,

Pieter

 

I have done another Adaware and AVG scan and there are no longer any virus' on my PC. I have no idea what we did but whatever it was worked. Thanks
Here is the TDS file anyway:
15:20:28 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
15:20:28 [Init] Started 21-05-04 15:20:28 Eastern Standard Time (UTC: 5), Internet Time @847.55
15:20:28 [Init] Loading TDS-3 Systems ...
15:20:28 [Init] Token successfully adjusted.
15:20:28 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
15:20:28 [Init] • Plugins : OK. Loaded 13
15:20:28 [Init] • Exec Protection : Not Installed
15:20:28 [Init] WARNING: Your Radius.TD3 database needs to be updated!
15:20:29 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
15:20:29 [Init] Licensed users can use the Update facility from the TDS menu
15:20:29 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
15:20:34 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
15:20:34 [Init] • Systems Initialised [34619 references - 13190 primaries/9775 traces/11654 variants/other]
15:20:34 [Init] Radius Systems loaded. <Databases updated 21-05-2004>
15:20:34 [Init] TDS-3 Ready. <Rob@24.102.43.58, 127.0.0.1 - Canada>
15:20:34 [Tip Of The Day] Update weekly or even daily for maximum protection against new-release trojans and worms. It's as easy as clicking TDS-3 | Update TDS Databases Now!
15:20:34 [TDS] Good afternoon Rob.
15:20:36 [Mutex Memory Scan] Started...
15:20:38 [Mutex Memory Scan] Finished (no trojan mutexes found).
15:20:38 [Trace Scan] Started...
15:20:46 [Trace Scan] Finished.
15:20:46 [TDS-3] This is an EVALUATION