>:(

Hey RFD,

I was wondering if you could help me out with something. I got a virus on my computer and after running avast antivirus, I caught one of the viruses but there is still another one that is evading my scanner and I have no idea how to remove it. So far the names of viruses that I know of are Win32:FakeAlert [Trj] and Win32:Zlob-BN [Trj]. Note that these names are given by Avast and may be called something else by McAfee or Norton

I tried following a suggestion on Google and installed SmitFraudFix but that hasn't solved the problem yet. Here is the link for the solution that did not completely work: http://forums.techguy.org/security/479232-solved-win32-zlob-bn-trj.html

What the virus does is that it would hijack my iexplorer and cause popups to occur, even though iexplorer is not open (very maddening).

They are trojan horses and I'm not sure how to get rid of them. Help with this would be greatly appreciated. By the way, here is my HiJack this log:

Logfile of HijackThis v1.99.1
Scan saved at 10:51:30 PM, on 7/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Avast4\aswUpdSv.exe
G:\Program Files\Avast4\ashServ.exe
G:\Program Files\Diskeeper\DkService.exe
G:\Program Files\Avast4\ashMaiSv.exe
G:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
G:\PROGRA~1\Avast4\ashDisp.exe
G:\Program Files\MessengerPlus! 3\MsgPlus.exe
G:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
G:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\PeerGuardian2\pg2.exe
G:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
G:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Avast4\ashSimpl.exe
C:\WINDOWS\explorer.exe
G:\Program Files\Diskeeper\DfrgNTFS.exe
C:\Documents and Settings\Mike Chow\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "G:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "G:\Program Files\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Nero DriveSpeed] G:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [PeerGuardian] G:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "G:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "G:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ATITool.lnk = G:\Program Files\ATITool\ATITool.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - h tt p://yax-download.yazzle .net/YazzleActiveX.cab?refid=1123[/url][/url]
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - G:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - G:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - G:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - g:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - g:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe

Thanks for your help!

Edit: removed dangerous hotlink

I use kasparski b/c it's ranked 1st. but if you don't hv that then if you want to make sure then do a format, that's what I do sometimes. but if that's not an option then wait for someone to help u that is a virus expert. good luck.

That's the one I don't like.

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - [url]http://yax-download.yazzle.net/Yazz....cab?refid=1123

It attempts to download a file to the computer. "[url]http://www.yazzle.net/" looks like a company that gathers web information. :mad: :twisted:

I attempted to disable the url connection in my post because it does want to download a file.

If not used before,
Trial only,
Webroot Spy Sweeper (http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10405877.html)

do all your scans in safemode.

find and download the following.

Ad-aware SE
Ewido
you have hijack,
honestly you want to use NOD32 indepth scanner.

you can email me at work in the morning and if it's slow I can look at it for ya
Just PM me, and i'll send you and email

I work for a company that this is what we do. we specialize in virus and spyware removal.

For trojans, Stinger (from McAffee - free download) is good too. Using this, two good spyware/malware detectors, and a good AV program should keep you on the up-and-up.

I use kasparski b/c it's ranked 1st. but if you don't hv that then if you want to make sure then do a format, that's what I do sometimes. but if that's not an option then wait for someone to help u that is a virus expert. good luck.


I'd say that if this is your process:

1) Install Kaspersky

2) Rely completely on that

3) If something gets messed up, reformat

You need to get some help with dealing with your PC issues, and learn to diagnose and treat the problems (via forums like this as a start). If you are reformatting as a normal step in your problem handling, then you need help. Not trying to be an ass, but there's got to be a better way for you.

Reformat

XD :mad: :mad:

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

There is your virus. Oops nope that's not it.

I would do a format. It looks like you have allot of stuff installed and a re-build would make things run smoother and remove any nasty virus'.

Or try running a couple of AV softwares. Turn off system restore and do a safe mode scan if you can. Allot of people rely on more then one AV.

Is system restore off when in safe mode? Or do you need to turn it off?

Make sure you scan your downloads and don't have your browser wide open for nasty applets.