Novice - I have trojans

Hello all

Im abit of a novice with computers but I recently did a scan on my PC (using ewido) and i found the following... can anyone tell me how to get rid of them?

I keep getting pop-ups from winantivirus, systemdoctor, freemp3s, ameena, errorsafe etc etc, the list goes on, this happens on every website i visit, whether its Microsoft, bbc, hotmail, everything!!!!

any help would be appreciated, oh by the way, I cant just re-install windows, its a works machine so I cant take anything off...

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Esomniture
Path: C:\T Drive\restore\Backup all users\Mark\Cookies\tpiman04@-1shz2prbmdj6wvny-1sez2pra2dj6wfkicldzskow-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt
Risk: Medium

Name: TrackingCookie.Bpath
Path: C:\T Drive\restore\Backup all users\Mark\Cookies\tpiman04@ads49.bpath[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\T Drive\restore\Backup all users\Mark\Cookies\tpiman04@hg1.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Myaffiliateprogram
Path: C:\T Drive\restore\Backup all users\Mark\Cookies\tpiman04@www.myaffiliateprogram[1].txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: C:\T Drive\restore\Backup all users\Mark\Cookies\tpiman04@yadro[1].txt
Risk: Medium

Name: Trojan.P2E.cl
Path: C:\windows\eg_auth_1049.dll
Risk: High

Name: Dialer.EGroup.s
Path: C:\windows\p2esocks_1047.dll
Risk: High

Name: Trojan.P2E.cl
Path: C:\windows\p2esocks_1049.dll
Risk: High

Name: Trojan.P2E.cl
Path: C:\windows\system32\eg_auth_srv_1049.dll
Risk: High

 

Oh my god, that's a nice collection.
Just do something simple.
1. Download a light free AntiTrojan like Asquared. (Here the Direct Download).
2. Install it and Update the Database
3. Restart the PC in safe mode and run a full deep scan with aSquared. Quarantine ALL (don't delete in first place) suspicious and infected files.
4. Restart PC and look if everything is running well.

Report back in case further steps are nececarry.

Second you should think about a security setup on your PC to prevent such infiltration.

 

Cheers, i'll give that a go in the morning... i've shown that list to 2 people and both have said... 'oh my god' !! lol, I take it they are quote bad?

when i've done the above, will the popups stop?

what sort of security setup would be good?

sorry I'm a complete beginner to computers... I wouldn't know where to start!

 

Sime info to tide you over until someone more knowledgeable than I comes along.
http://remove-winantivirus.info/
This article talks about a program called Xoftspy to help temove this, to the best of my knowledge Xoftspy is not free to remove stuff, and some others will advise you on how to get rid of this stuff for free I'm sure.
I have found this help forum useful
http://www.geekstogo.com/forum/index.php?showforum=37

 

What's your current setup?

What is your system spec and operating system?

 

What do you use right now? When i see your first post i think you use nothing.
1. You should defenetly install as a base setup an AntiVirus and an AntiTrojan/AntiMalware application.
2. Then think about a Firewall (for now activate XP Firewall)
3. Than a HIPS.

But as you are a total newcomer, i would suggest to stay for the moment with point 1 and 2 if you have Win XP.

Before making suggestions regarding to your future setup, do you want to spend a little money for your setup and which OS are you using?

Btw: Make a signature in this forum with regarding informations, this helps in further cases you need help.

 

here goes...
I've been trying to get rid of these pesky pop-ups for a while now, so I've downloaded the following:

Windows Defender
SpyBot s&D
CCleaner
Ad-Aware
Hijackthis
AVG Free

I have 'Virus Scan on demand" running all the time when the pc is on!

OS is Windows XP Pro, (but I cant find my disc to update to SP2) I know I probably should spend some money on sorting it out, but as its a works computer I dont think I can...

If you need anymore info, let me know!

Cheers!

 

I don't understand if Ewido found that, it should be able to remove it! No??

 

well thats what I though, but im still getting all these popups... I clicked on the 'delete infected' and they disappeared, but as soon as I open I.E. they were all there again??

like I said, im a novice... and clueless !

 

OK. Follow the others advice then. Try also CWShredder.
List of good Antispyware: Spybot S&D, AVG Antispyware, A-Squared, SuperAntispyware.

 

How about turning off the System Restore

 

what would that be ? (system restore) ? and where would I find it ? and what does it do ?

 

More on this.
http://www.castlecops.com/postx119486-0-0.html

 

Theres a large part of your problem...... IE (unpatched even)
Switch to Firefox

BTW Cookies are nothing to worry about.

Sounds to me like you should start a clean slate. Format that thing then when XP is Reinstalled, update it. After that get an Antivirus, Firewall and use Firefox instead of IE

You don't need a crap load of programs to protect you, just the basics and some common sense.... Practice Safe Hex

 

Sounds like a 'SmitFraud' infection. Do the following.

Download SmitfraudFix (by S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.zip to your Desktop.
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.


Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Report if infection is found and we'll proceed further.

 

Hello again,

Thanks for the advice, I ran the deep scan and its found the same trojans and Dialer as 'ewido' did, so i've 'quaratined' them. I didn't run it in safe mode as im not 100% about stuff like this and I dont want to lose anything I might later need.

As for reformating the machine, I simply cannot do it, its a works machine which is being used as a server for 5 other machines, all machines are networked to mine and everyone has access to all files/folders etc.

so then, where do I go from here?

baring in mind, I have already tried to delete these trojans / dialer using the 'ewido' scanner....

 

Let it stay quarantined. Being that sensitive i advise you to use HijackThis, save the log and request expert opinion.
Use these instructions : http://wiki.castlecops.com/Malware_Removal:_Getting_Expert_Help_With_Your_HijackThis_Log
Explain the situation and what you have done so far.
There are other forums for expert opinion with HijackThis. Search this forum and you'll see other options for expert opinions. But not here. Don't post the log here, for there is a policy here that prevents that.

Cheers and good luck

 

As someone said, no pun intended, seek expert step by step guidance from one of the sites mentioned where you can post a hijackthis log, if that computer is serving others there is a significant risk that it will infect them all sooner or later if not already, then when cleaned take some advice here off the many helpful people in how best to secure that setup

 

lol that was one reason to pick this name. "wqdeffef" by someone. "As someone said..." Sooner or later you're all talking about me without knowing lol
I should choose another name, but i haven't decided

 

another forum trotterfrosty:
http://gladiator-antivirus.com/forum/index.php?showtopic=10517

 

Thanks alot for your help, i've done what you advised so hopefully I wont have anymore popups soon!

thanks again!

 

I would recommend you run the Dr.Web CureIt Utility. It's a free anti-malware utility. Click on the link in my signature.

 

Those files you had are EGDACCESS dialers.
Sometimes these are bundled with the Navipromo rootkit.
This is usually the case if Ewido can't remove them.
The person helping you might appreciate that information.

Regards,

Pieter

 

If this computer is networked with other computers the first thing i would do is disconnect the infected computer from the network asap or you will have bigger problems.