Trojan problem help!

  LIVING_ON_BORROWED_TIME 19:07 26 Dec 2004
Locked

Hi

I've got a "Downloader.winhow.bg" located in "C:\Windows\System32\ftyco.dll" and I can't get rid of it.

I use AVG and have also tried Trend but can't get rid of it.

Also Trend picked up "TROJ HIDEPROC.B" located in my local temp file but I can't delete it as it says its running.

Are they linked?

Can anyone help?

Thanks in advance.

  VoG II 19:16 26 Dec 2004

Try running a² click here

  LIVING_ON_BORROWED_TIME 19:26 26 Dec 2004

Thanks vog but I can't seem to download anything. Its as though its like a pop up stopper (which i don't have)

  LIVING_ON_BORROWED_TIME 19:27 26 Dec 2004

Although I am getting plenty of ad pop ups from this damn trojan!

  VoG II 19:33 26 Dec 2004

Do you have Windows XP with SP2?

If so when you try to download it may be blocked and a thin yellow band will appear just under the toolbar. Click this and select the option to allow the download.

  LIVING_ON_BORROWED_TIME 19:38 26 Dec 2004

Hi

Yeah I have XP but I haven't installed SP2. I've managed to start downloading it now but its knocked my Download Accelator!

  JoeC 19:47 26 Dec 2004
  Nellie2 20:10 26 Dec 2004

Download accelorator is supported by adware, you would be doing yourself a favour if you uninstalled it. For a spyware free utility how about Leechget click here

If you are still having problems after running the trojan scan then download Hijackthis see click here

Run a scan and post the logfile here, you may have to do it in a couple of posts as there is an 800 word limit here. Do NOT fix anything yourself as a lot of what hijackthis lists is useful and even essential to the running of your pc

  gorgon 20:16 26 Dec 2004

Have a look here for info
click here

  LIVING_ON_BORROWED_TIME 20:54 26 Dec 2004

Logfile of HijackThis v1.99.0
Scan saved at 20:46:45, on 26/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\crpd32.exe
C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\winfq.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

  LIVING_ON_BORROWED_TIME 20:56 26 Dec 2004

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fhtfb.dll/sp.html#76985
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fhtfb.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fhtfb.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fhtfb.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fhtfb.dll/sp.html#76985
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fhtfb.dll/sp.html#76985
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = click here
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2FF6767A-BCD1-C176-FEEA-A1B2B283DFE0} - C:\WINDOWS\system32\javahx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winfq.exe] C:\WINDOWS\winfq.exe
O4 - HKLM\..\Run: [EC.tmp] C:\DOCUME~1\Matt\LOCALS~1\Temp\EC.tmp.exe 0 10001
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Alienware 17 R4 2017 review

Illustrator Sylvain Tegroeg created thousands of intricate line drawings for the mobile game…

Best iPad buying guide 2017

Comment télécharger une application indisponible en France ?