|
| ||
| How do I get rid of trojan.bookmarker.gen? Hi, I have tried Adaware, CWShredder, Spybot and Norton Anti Virus, but I still keep getting "Trojan.Bookmarker.gen removed" notices on my system. I've run Hijak This and thought I'd found it (log below), but it keeps coming back. I've noticed a temp file appears after rebooting, so it must be in my registry somewhere, right? But where? Any help much appreciated. Logfile of HijackThis v1.97.7 Scan saved at 18:27:01, on 24/08/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)[/COLOR] Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\Navnt\npssvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe D:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe D:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by netbreeze R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [BootWarn] D:\Program Files\Norton AntiVirus\BootWarn.exe /a O4 - HKLM\..\Run: [System Process] C:\WINDOWS\csrss.exe /i O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\update.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\NAVAPW32.EXE O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O14 - IERESET.INF: START_PAGE_URL=http://www.netbreeze.co.uk/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093338746131 O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...217.3676041667 O17 - HKLM\System\CCS\Services\Tcpip\..\{66E68CAB-933D-48C8-B6EA-67F062BBDCE9}: NameServer = 194.168.4.100 194.168.8.100 |
| ||
| Re: How do I get rid of trojan.bookmarker.gen? This worked for me with the same problem; first go to: http://www.resplendence.com/reglite Download and install Registrar Lite, and then run the program. Copy and paste this line to reglite's address bar: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs and hit the "GO" tab. On the right side panel find the "Appinit_Dlls" value; double-click it (if you don't double-click, it won't work), and then copy and post the information that comes up in the "Value" field here in this thread for instructions on what to do next. |
| ||
| Re: How do I get rid of trojan.bookmarker.gen? Quote:
Well, I have the same Trojan Bookmark problem. I've followed the instructions above and hwere is the "value" that the program responded with. C:\WINNT\System32\wdm.dll What's next please? |
| ||
| Re: How do I get rid of trojan.bookmarker.gen? -Run reglite : type-- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs into the address bar, or expand the same key. -Rename the Folder Windows to NotWindows highlighted as a purple folder in the left hand pane of reglite. -Click "AppInit_DLLs" again and clear the data value: C:\WINDOWS\System32\wdm.dll (random named dll) <- delete this line , 'Apply' and 'ok' to set. -Rename the NotWindows folder back to its original name Windows -Restart computer Check in the system32 folder if the culprit dll is visible & delete it. |
| ||
| Re: How do I get rid of trojan.bookmarker.gen? Hello from the Hollow, Thanks a LOT. That seems to have done it. I've fought this beast for months and it's a great relief to be done with it. Again, many, many thanks. The Headless Horseman |
| ||
| Re: How do I get rid of trojan.bookmarker.gen? You are welcome :). |
| All times are GMT -4. The time now is 11:54 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC