Trojan Downloader and AVG trouble
 

Wheeee Im back lol My Norton was out of date so I saw AVG on another post and decided to give it a shot. Welllll... found a couple things Norton didnt, but there are 4 Trojan Downloaders that are on my computer and AVG is no help in deleting them! I have Downloader.Stubby.C on my computer twice and Downloader.Agent.AS is on twice also. The status on these is "infected, embedded object" is there a way to go into it manually and get rid of these buggers or are they gonna sit in my computer till i get a up to date ($$) antivirus? Also, the item that is infected is a HUGE address and i couldnt find it on my computer... :?: could someone help me out? Many thanks :D

Re: Trojan Downloader and AVG trouble
 

are you sure AVG did not put them in the Virus Vault ? might look and see? rescan ur pc
with AVG
might try adware personal http://www.lavasoft.de/

Re: Trojan Downloader and AVG trouble
 

errrrrrr nope... i checked... i have Downloader.Dyfica.3.E and Downloader.Small.12.BJ in there but the others arent... I also have AdAware SE Personal :cry: I dont think I can put them in the virus vault can I? I try looking up the details on the downloaders but there isnt any on avg. Havent gotten used to this new anti virus yet :)

Re: Trojan Downloader and AVG trouble
 

They’re a few options for you. Pull your HDD and put it in anther computer and then scan it with at least two or more virus scanners. The other option is to boot from a live CD and then run two or more scanners. I suggest two or more scanners, well for example had a 60Gb HDD I knew was infected with a multitude of virus, Norton Antivirus found and removed 300+, AVG found and removed 20 and then PC Cillin found and removed an additional 8. If you are trying to extract the virus from the file it has become part of open the only way I can think of is to open the file and export the data, do a scan or three, and import.

Useful links
Bart PE


Good Luck

Re: Trojan Downloader and AVG trouble
 

Can you get the latest version of hijackthis (1.99) and post another log so we can see where these pests are residing?

Re: Trojan Downloader and AVG trouble
 

dlh is gonna save me again!!! :) here ya go... thank you!!!

Logfile of HijackThis v1.99.0
Scan saved at 1:11:05 AM, on 12/21/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ana\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mchsi.com/belleplaine
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Re: Trojan Downloader and AVG trouble
 

Remember to close all browser windows before scanning with HJT :)

Have HJT fix this entry:
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

That's the only thing I see. When AVG and/or Norton find the problems you mentioned, does it tell you where they are located? It's possible they could have been included in a Restore Point, in which case they wouldn't show up in your HJT log, but you would still want to remove them so you don't 'Restore' them at some point.

Re: Trojan Downloader and AVG trouble
 

:rolleyes: i always forget that... ummm yeah it tells me where it is (only have avg now) but it is a HUGE location file and I can never find it... if u want the location let me know... i am not sure how to even begin fixing this type of stuff... darn us rookies :cheesy:

Re: Trojan Downloader and AVG trouble
 

oh also should i delete O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab ?
it looks like pretty much the same thing as what you told me to delete

Re: Trojan Downloader and AVG trouble
 

We're all rookies of some sort :)

The location would be helpful, but if it starts like this:
C:\System Volume Information\_restore folder
Then check this thread:
http://www.daniweb.com/techtalkforums/thread13362.html

If it doesn't, then try to give us the location.