Trojan problem help!

  LIVING_ON_BORROWED_TIME 19:07 26 Dec 04
Locked

Hi

I've got a "Downloader.winhow.bg" located in "C:\Windows\System32\ftyco.dll" and I can't get rid of it.

I use AVG and have also tried Trend but can't get rid of it.

Also Trend picked up "TROJ HIDEPROC.B" located in my local temp file but I can't delete it as it says its running.

Are they linked?

Can anyone help?

Thanks in advance.

  VoG II 19:16 26 Dec 04

Try running a² click here

  LIVING_ON_BORROWED_TIME 19:26 26 Dec 04

Thanks vog but I can't seem to download anything. Its as though its like a pop up stopper (which i don't have)

  LIVING_ON_BORROWED_TIME 19:27 26 Dec 04

Although I am getting plenty of ad pop ups from this damn trojan!

  VoG II 19:33 26 Dec 04

Do you have Windows XP with SP2?

If so when you try to download it may be blocked and a thin yellow band will appear just under the toolbar. Click this and select the option to allow the download.

  LIVING_ON_BORROWED_TIME 19:38 26 Dec 04

Hi

Yeah I have XP but I haven't installed SP2. I've managed to start downloading it now but its knocked my Download Accelator!

  JoeC 19:47 26 Dec 04
  Nellie2 20:10 26 Dec 04

Download accelorator is supported by adware, you would be doing yourself a favour if you uninstalled it. For a spyware free utility how about Leechget click here

If you are still having problems after running the trojan scan then download Hijackthis see click here

Run a scan and post the logfile here, you may have to do it in a couple of posts as there is an 800 word limit here. Do NOT fix anything yourself as a lot of what hijackthis lists is useful and even essential to the running of your pc

  gorgon 20:16 26 Dec 04

Have a look here for info
click here

  LIVING_ON_BORROWED_TIME 20:54 26 Dec 04

Logfile of HijackThis v1.99.0
Scan saved at 20:46:45, on 26/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\crpd32.exe
C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\winfq.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

  LIVING_ON_BORROWED_TIME 20:56 26 Dec 04

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fhtfb.dll/sp.html#76985
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fhtfb.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fhtfb.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fhtfb.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fhtfb.dll/sp.html#76985
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fhtfb.dll/sp.html#76985
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = click here
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2FF6767A-BCD1-C176-FEEA-A1B2B283DFE0} - C:\WINDOWS\system32\javahx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winfq.exe] C:\WINDOWS\winfq.exe
O4 - HKLM\..\Run: [EC.tmp] C:\DOCUME~1\Matt\LOCALS~1\Temp\EC.tmp.exe 0 10001
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

This thread is now locked and can not be replied to.

What is Amazon Go and will it come to the UK? The store without checkouts or queues

1995-2015: How technology has changed the world in 20 years

Why ecommerce hasn't taken off on social media

New MacBook Pro 2016 review | MacBook Pro with Touch Bar review: Apple's expensive and powerful…