hi lads anyone help with this one,malwarebytes found Trojan.dropper and Trojan fakealert,i delete them both and reboot PC done another scan and there back,turned of system restore done scan there still there.
thanks paddy
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:37, on 23/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Wow, that HjT log is long!! Let's try to shorten it quite a bit before I take the time to really look at it. We are going to download a few programs. This post is going to be long, so I would suggest that you highlight everything then press Ctrl + C to copy it. Open Notepad or MS Word and press Ctrl + V to paste it, and then feel free to print so you have something to follow!
ERUNT & NTREGOPT (in same download of ERUNT) This program is a complete registry backup. I even have it set to run a backup every time I restart my machine. It stores the backups by date in a folder called ERDNT on your hard drive located at C:\Windows I highly recommend this program to everyone. Link to ERUNT
CCleaner Link Two things to remember when running this program. First make sure to back up your registry with ERUNT. Second remember to run the cleaner on each step two or three times, to ensure all items are removed. You do not need to save a backup of your registry with CCleaner because ERUNT will have a full registry backed up before you even run it.
EndItAll2 Link We may not even need to use this program, but it is a nice little tool to have. It will show you all processes running on your machine and you may kill the process if you wish.
After all programs are downloaded make sure that SUPERAntiSpyware has the latest definition updates. Now run the program ERUNT to get a complete backup of your current registry. It will ask you if you would like to change the default name for the folder to save the backup in, but I always keep it at ERDNT.
Make sure to turn off system restore before we go any further. This may be turned back on later. Click the Start icon and scroll up to "Computer". Right click "Computer" and select "Properties". Now select the "System Protection" link on the left hand side. Now uncheck all drives that may be selected for system restore, and you will be presented with a box that says, "Are you sure you want to turn System Restore off", click the button that says the same thing!! You may turn that back on after your system is repaired.
Now that all programs are updated and installed reboot your machine into safe mode: Press F8 repeatedly during boot. This will bring you to a screen where you may tell the computer to start in Safe Mode.
NOTE: Safe Mode does not run any programs except for Windows system files. Once you are up and in safe mode follow these steps (ignore the quotation marks, they are just there so you know what to type!):
1) Click Start icon and in the little text box type "msconfig". You will then see under Programs "msconfig", select that to open it. Vista is going to ask you for a User name and Password. You will need to have the Admin User name and password to continue.
2) Select the tab at the top that says "Startup" Scroll down the list and make sure that "msxml71.dll" and "a.exe" are not selected. They should not be in that list and I just want to ensure that they are not.
3) Now select the tab "Services" and make sure that they are not selected in there. Hopefully you did not have to deselect anything! Now open the "Task Manager" by selecting Ctrl + Alt + Esc to make sure the process is not running under the process tab.
4) Now open EndItAll2 and after it scans it will give you a display of all running processes. Make sure the two files do not show up. If they do, then highlight the process and tell it to kill it.
5)Show hidden files and folders follow the steps.
A. Close all programs so that you are at your desktop.
B. Click on the Start button. This is the small round button with the Windows flag in the lower left corner.
C. Click on the Control Panel menu option.
D. When the control panel opens you can either be in Classic View or Control Panel Home view:
If you are in the Classic View do the following:
1. Double-click on the Folder Options icon.
2. Click on the View tab.
3. Go to step 5.
If you are in the Control Panel Home view do the following:
1. Click on the Appearance and Personalization link .
2. Click on Show Hidden Files or Folders.
3. Go to step 5.
E. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
F. Remove the checkmark from the checkbox labeled Hide extensions for known file types.
G. Remove the checkmark from the checkbox labeled Hide protected operating system files.
H. Press the Apply button and then the OK button and shutdown My Computer.
I. Now Windows Vista is configured to show all hidden files.
6) Now select the Start icon and click the tab called "Computer" Now select the C:\ drive and all of the folder following. C:\Users\user\AppData\Local\Temp. Delete all folders in the Temp folder. Hey they were just temporary anyway!! :p
You may go back and reverse the "Show all hidden files and folders" whenever you like!
7) Now run SUPERAntiSpyware and remove all that it finds.
8) Now run CCleaner, remember that you already have a backup of your registry so you do not need to save a backup. Remember to also run both test at least 3 times or until it does not find anything to remove.
9) Now run malwarebytes and see if it still finds the guys. I'm hoping the SUPERAntiSpyware and CCleaner took care of the problems.
10) you may like turn System Restore back on as well as turning off the show hidden files and folders. After this is done reboot the machine back to standard mode. You may post a new HjT log at this time, unless we were able to nip it in the bud, so to say!!
