The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Lots of Trojans Need some advice

Posted 4/8/2009 10:40 AM
#73094
User avatar

UnbrokenPedra Valued member

Date Joined Nov 2016
Total Posts: 17
Hi......I am looking at a Laptop which a collegue has brought to me for some TLC. After finding the Winlogin.exe appearing to be currupt I thought I would attach it to another system and doa virus scan. Below is what I found :-S

Trojan Horse Small.BHF
Trojan Horse BackDoorGeneric11.CEG
Trojan Horse Downloader.Small.FOS
Trojan Horse Exploit_c.AAO
Virus Identified Exploit.PDF
Trojan Horse SHeur2.YNO
Virus Found HTML/Framer
Virus Identified Exploit.PDF

Now because this is a laptop with an essentially currupt System Disc it wont let me run hijackthis but I do however have the laptop attached to my system in Target Disc Mode. Can I get Hijack this to look at this essentially external drive or will I need to wipe and reload windows.

Cheers

Any help would be great :smurf:
Posted 4/8/2009 11:25 AM
#73095
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :smile:




Winlog[color=red>i[/b]n.exe]o[/color]n.exe



It is worth a try from, Target Disc Mode.



However, I´ll prefer you follow this ->




Download: CCleaner
[color=#0000ff>https://www.majorgeeks.com/download4191.html[/url]]https://www.ccleaner.com/[/color]

Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data


Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok


Then click Run Cleaner (bottom right) then Exit

Reboot



Please download Malwarebytes' Anti-Malware:

[color=#0000ff>https://www.spywarefri.dk/downloads1/mbam-setup.exe[/url]



Or here:

https://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968[/color]



to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch




Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Please connect all your external hard drive/flash drive before running Malwarebyte



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.







NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.



Click here: https://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe



to download HJTinstall.exe

Save HJTinstall.exe to your desktop.
Double click on the HJTinstall.exe icon on your desktop.

By default it will install to C:\Program Files\Trend Micro\Hijack This.

Click I accept

Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.

Click Save to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Come back here to this thread and Paste the log in your next reply.

DO NOT have Hijack This fix anything yet.

Most of what it finds will be harmless or even required.

Post hijackthis log along with Malwarebytes' Anti-Malware log

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/9/2009 11:31 AM
#73103
User avatar

UnbrokenPedra Valued member

Date Joined Nov 2016
Total Posts: 17
Hi

Thanks for that. It worked. Although the winlogon.exe was currupt I had to replace it but the rest worked a treat and now the laptop is in fully working order. If you like I can post up the Logs from hijackthis and the others you have sudgested.

regards

:smurf:
Posted 4/9/2009 2:50 PM
#73106
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Great. No need for log files, since the laptop are running fine :smile:

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, August 10, 2022, 1:53 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
51 Guest(s), 0 Registered Member(s) are currently online.