Member Avatar for raa4

How do you get rid of these, they are i a file called msdirectx but every time i delete it it comes back with the trojan

I've tried the following:
ad-aware-only deals with spyware and wont delete the trojan
spywaredoctor-recognises it but won't remove it
avg- recognises it but wont remove it , stores it in the virus vault but wont heal it of delete it
norton trial- does not even acknowlege i have a trojan
trend micro- does not even acknowlege i have a trojan
zonealarm-does not acknowlege i have a trojan
pandascan-does not even recognise i have a trojan

what will get rid of it? i'm begging you
Please help?:cry:

  • 3 Contributors
  • 2 Replies
  • 335 Views
  • 1 Year Discussion Span
  • Latest Post Latest Post by igribbish

Recommended Answers

All 2 Replies

Member Avatar for dlh6213

Get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log and paste it here in this thread.

Member Avatar for igribbish

Hi,

I too have been informed by my AVG that I have a - presumably this - virus. AVG identified it as Collected 5.V

I downloaded and ran the self-extracting version of HijackThis and received this log below. I'd now be very grateful to know what to do next! Thanks, and best wishes, Alan

Logfile of HijackThis v1.99.1
Scan saved at 3:21:42 AM, on 24/09/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOW\SYSTEM\KERNEL32.DLL
C:\WINDOW\SYSTEM\MSGSRV32.EXE
C:\WINDOW\SYSTEM\SPOOL32.EXE
C:\WINDOW\SYSTEM\MPREXE.EXE
C:\WINDOW\SYSTEM\MSTASK.EXE
C:\WINDOW\SYSTEM\KB918547\KB918547.EXE
C:\WINDOW\SYSTEM\HIDSERV.EXE
C:\WINDOW\SYSTEM\mmtask.tsk
C:\WINDOW\EXPLORER.EXE
C:\WINDOW\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOW\SYSTEM\SYSTRAY.EXE
C:\WINDOW\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.optusnet.com.au/?brand=ODSL&panel=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOW\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - C:\PROGRAM FILES\PIXVUE.COM\PIXVUE\BIN\PIXVUE.DLL
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOW\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOW\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOW\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - Startup: Microsoft Find Fast.lnk.disabled
O4 - Startup: Office Startup.lnk.disabled
O4 - User Startup: Microsoft Find Fast.lnk.disabled
O4 - User Startup: Office Startup.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182YYAU
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: Subscribe in NewzSpider - file://C:\PROGRAM FILES\NEWZSPIDER\addfeed.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O15 - Trusted Zone: *.ebay.com.au
O15 - Trusted Zone: ebay.com.au
O15 - Trusted Zone: www.commbank.com.au
O15 - Trusted Zone: *.paypal.com
O15 - Trusted Zone: http://www.bcdb.com
O15 - Trusted Zone: images.bcdb.com
O15 - Trusted Zone: *.bcdb.com
O15 - Trusted Zone: angelfire.lycos.com
O15 - Trusted Zone: www.lycos.com
O15 - Trusted Zone: *.lycos.com
O15 - Trusted Zone: www.angelfire.com
O15 - Trusted Zone: *.angelfire.com
O15 - Trusted Zone: www.homestead.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/PopSwatterFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.