i need a good trojanremover, my NOD32 just cant seem to handle the current one i have in computer now. please help!
i need a good trojanremover, my NOD32 just cant seem to handle the current one i have in computer now. please help!
Find out the name of the trojan, then go to the Symantec site and download the removal tool.
i suggest to stay away from symantec, back in the dos days they had a good reputation but nowadays i recommend all of our customers to get rid of the yellow pest :)
depending on what trojan you have either spybot,adware or free avg are helpfull
post a hijackthis log and i might able to help you remove it manually which is in most cases the best solution (http://www.trendsecure.com/portal/en...ols/hijackthis)
regards
edit: wrong link sorry
strange thing.. When i had NOD32 (used more than 2 years) i always got trojans, even see them in the Process list running, but NOD32 didnt say anything... and i always got problems like 1ce month.. now im with Norton 1 year, and.. he just detects the virus lol
i know the programs that have best sensitivity are
1.Kaspersky
2.Norton
look @ Kaspersky web there are more.
symantec owns norton
they bought the name and product back in the early 90
heres my hijack log, might be bit long -.- :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:41, on 6.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\sddetect.exe
I:\Program Files\Eset\nod32kui.exe
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\DNA\btdna.exe
I:\Program Files\MSN Messenger\msnmsgr.exe
I:\Program Files\Windows Media Player\WMPNSCFG.exe
I:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
I:\Program Files\Hotspot Shield\bin\openvpnas.exe
I:\Program Files\Eset\nod32krn.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\PnkBstrA.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\MSN Messenger\usnsvc.exe
I:\Program Files\Winamp\winamp.exe
I:\Program Files\mIRC\mirc.exe
I:\WINDOWS\system32\drwtsn32.exe
I:\WINDOWS\system32\drwtsn32.exe
I:\WINDOWS\system32\drwtsn32.exe
I:\WINDOWS\system32\drwtsn32.exe
I:\WINDOWS\explorer.exe
I:\Documents and Settings\Freddy\Desktop\HiJackThis\HijackThis.exe
I:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neti.ee/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O1 - Hosts: 89.45.116.164 l2authd.lineage2.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: AVG Safe Search - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - I:\WINDOWS\system32\AVIRAS~1.DLL
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - I:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - I:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - I:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [VFD_DISPLAY] I:\WINDOWS\sddetect.exe
O4 - HKLM\..\Run: [nod32kui] "I:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StormCodec_Helper] "I:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 I:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] I:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] I:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AdVantage Setup] I:\Program Files\Webteh\BSplayer\AdVantageSetup.exe
O4 - HKLM\..\Run: [Jigsaw] I:\DOCUME~1\Freddy\LOCALS~1\Temp\3913574.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "I:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "I:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] I:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "I:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] I:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdVantage] "I:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O9 - Extra button: TrioBet Poker - {019BB34E-96AC-4aa7-A5DE-3CC7442D4E38} - I:\Microgaming\Poker\TriobetMPP\MPPoker.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1194294711250
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194295345203
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/down...auncherNew.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames...e.cab60231.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/n...fyLauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/TrioBet/FlashAX.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://games.bigfishgames.com/en_wed...h.1.0.0.47.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://members.driverguide.com/direc...e=toolkit_lite
O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - I:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - I:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - I:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - I:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Stormser - ???? - I:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
--
End of file - 10031 bytes
please try to help -.-
evill33t, i would use your antivirus too, but it seems its in..german?
http://www.free-av.de/en/index.html
and reading your log ....
so
you have "MyWebSearch" Malware
and the bittorrent dns service also looks suspicious (But not 100% sure about this)
spybot search&destroy should be able to handle it
download @ http://www.safer-networking.org
if that doesnt work we figure out something else
alright. read it and tell me what you think, whats the problem. and should i actually get rid of NOD32? i dont really find it quite trustworthy as it is now.
Nod32 has an 80% detection rate for unknown viruses (and that was using a month old virus definition file)Originally Posted by penihop
Other antiviruses have 40-60% detection rates for unknown viruses
here a little test on 174770 samples
1. Kaspersky version 7.0.0.43 beta - 99.23%
2. Kaspersky version 6.0.2.614 - 99.13%
3. Active Virus Shield by AOL version 6.0.0.308 - 99.13%
4. ZoneAlarm with KAV Antivirus version 7.0.337.000 - 99.13%
5. F-Secure 2007 version 7.01.128 - 98.56%
6. BitDefender Professional version 10 - 97.70%
7. BullGuard version 7.0.0.23 - 96.59%
8. Ashampoo version 1.30 - 95.80%
9. AntiVir version 7.03.01.53 Classic - 95.08%
10. eScan version 8.0.671.1 - 94.43%
11. Nod32 version 2.70.32 - 94.00%
...
20. McAfee version 11.0.213 - 86.13%
21. Norton Professional 2007 - 86.08%
i still recommend nr. 9, for a free scanner it has a great engine :)
i have this now -.- and that search&destroy didnt fix it too. it occurs when i enter into folders.
after pressing Yes or no it pops up an mozilla firefox with free scanner.
Requesting Assistance! please help.
Last edited by IcyBoy; 06-07-08 at 04:43 AM.
http://www.softpedia.com/get/Antivir...-Remover.shtml
I have used that a few times. and has helped Greatly. Not saying its a 100% chance it will remove it. but everyone iv gotten it has. Install for use. and uninstall.
free 30day use, which is why you uninstall.
not sure if it did help, but yeah i think it somewhat did. i went to shop and came back saw NOD32 popping virus notes about trojan. so i downloaded that remover wich you provided here and havent seen those notification so far...but this is only the battle we have won. i still have war left to fight.
Are those known viruses or unknown?
"When it comes to proactive protection, Eset's NOD32 was the hands-down winner in "Virus Stoppers," our eight-program antivirus roundup. In our tests, it caught 79 percent of unknown malware samples when using one-month-old signature files. The next-closest program, BitDefender Antivirus 10, came in with a distant 61 percent.
NOD32's overall malware detection rate wasn't stellar, however. When pitted against AV-Test.org's nearly 900,000-strong "zoo" of Trojans, viruses, and other malware, NOD32 caught only 90 percent, compared to the 96 percent rate of top performers Kaspersky Anti-Virus 6, Symantec Norton AntiVirus 2007, and BitDefender Antivirus 10."
Just reformat chances are if you are dumb enough to get one Virus .... you are so dumb that you don't realize the other 2000 running in the background.
Chances are That remove got rid of it. if it comes up again, Like he said. Reformat. Just be sure to make a backup on a External HDD of all the things that you need, and are sure are not infected,
ok genuis - how would he know what is infected and what is not if he cannot detect the viruses and malware right now ?
how do you do a clean backup ?
more useless advice ... from misc members...
IcyBoy: my instructions may make some of your crap not work but should remove any traces of any malware.
TICK everything in hijackthis and fix it.
get a rootkit revealer
http://technet.microsoft.com/en-us/s.../bb897445.aspx
get autoruns
http://technet.microsoft.com/en-us/s.../bb963902.aspx
read the docs and generally look for stuff you find suspicious and google the dll or the .exe attached to processes or services.
learn to use task manager, and the services mmc (go to run type "services.msc") disable all non microsoft services (this may disable some printers, wireless cards, and other peripherals and antivirus software) if you are unsure GOOGLE the service name or right click on service > properties and you should see all the params it runs under.
repair is always more difficult than starting fresh, but trying to repair this will teach you much more than downloading a pirate copy of modded windows and clicking next for 30 mins.
My advice to this guy is....
1) stop watching so much porn, and if you must... go to sites like badjojo.com or something and keep some kind of antivirus on ... atleast avg free or something....
Now that we got the reason and habits tidbit taken care of... haw about explaining ways to keep yourself out of this mess or rather ways to recover from a total loss with some preparation...
A) When installing an OS on a computer for the first time... if you have a fairly large HardDrive, it would be wise to set aside a small partition of around 5- 10gb's just for backup purposes, This way when you do get a god awful virus from the hell pits of the internets... you can have a "life boat" if you will... where your important documents and data can "jump ship" o boy i love analogies that involve boats ^^
b) Install your programs on a 2ndary Hard drive or maybe another partition if your hard drive is big enough to accommodate needed space for everyday use on a separate part. Aether way hard Drives are so cheap nowadays. . .
c) Install your OS on its OWN partition sepperate from your backup "life boat"
and your intended drive where you can install your junk like games and apps...
d) Now if the need arives you can do a
COMPLETE wipe of the OS while leaving all Your Important documents and apps intact...
e) Now I know what your saying " But hey what about all those reg entries that those apps need to function" Well this may be a shock to some of you ... but you can backup your registry ! 0o yes i know you might have to sit down after hearing the word "registry"... anyways its simple to do....
start => Run => regedit select your reg entries and click top left => export and save now throw that reg key back up into the backup folder after your done installing all your junk.
Simple as that....
PS:
Id thought what i'd do is pretend i was one of those deaf-mutes. XD
Reply With Quote
