Home > Problem With > Problem With Trojan-aax5

Problem With Trojan-aax5

For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. i am not sure about that if it was those ones but i have seen a few threats at startup. the windows security scan found 4 items as well which i deleted. by Marianna Schmudlach / May 30, 2008 3:17 PM PDT In reply to: it worked!! have a peek here

If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, I ran Hijackthis i'll attach the DDS report, but one thing that stuck out to me is this: O17 - HKLM\System\CCS\Services\Tcpip\..\{B04E3CDC-6C37-4C59-A8DE-6A177436613E}: NameServer =, I don't know what it is but Methods of Infection Trojans do not self-replicate. C:\WINDOWS\SYSTEM32\IPAJRqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully. https://forums.malwarebytes.org/topic/61610-problem-with-trojan-aax5/?do=email&comment=307984

Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47b9ed04-6fb3-471b-9f13-72054b434c7d} (Trojan.Vundo) -> Quarantined and deleted successfully. Click my user name and select Send message. The Webroot program still indicates that it is infected with Trojan-aax5 and those keys are still locked which will prevent the update of the Acrobat Reader. ??? PixelOz: Here are the addresses of the first two files scans:http://virusscan.jotti.org/en/scanresult/e6852ba9f5888fca2f933434f3accef4b4eb4b49http://virusscan.jotti.org/en/scanresult/b1128c2f49b2d1c2543fc22ed0c1b2aba36b7255/150ad70df8416dd28bc88abe502f9a8fea5a6d98Here is the new ComboFix log:ComboFix 10-09-03.02 - Gladimir 09/04/2010 7:35.2.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.530 [GMT -3:00]Running from:

delete the following files\folders:C:\WINDOWS\system32\scvhost.exeThen download CCleaner - http://www.ccleaner.com/downloadbuilds.aspDownload and scan with CCleaner1. The rule of thumb is if we can't fix something within a reasonable amount of time, we reimage the machine.I don't like doing this. Preview post Submit post Cancel post You are reporting the following post: nasty spyware or virus problem need help This post has been flagged and will be reviewed by our staff. OTC should delete itself once it finishes, if not delete it yourself.******************************************************Looking over your log it seems you don't have any evidence of a third party firewall.Firewalls protect against hackers and

On windows XP: Insert the Windows XP CD into the CD-ROM drive and restart the computer.When the "Welcome to Setup" screen appears, press R to start the Recovery Console.Select the Windows Malwarebytes' Anti-Malware 1.24 Database version: 1033 Windows 5.1.2600 Service Pack 1 4:19:41 PM 8/8/2008 mbam-log-8-8-2008 (16-19-40).txt Scan type: Quick Scan Objects scanned: 62476 Time elapsed: 15 minute(s), 1 second(s) Memory Processes Back to top #4 quietman7 quietman7 Bleepin' Janitor Global Moderator 47,010 posts ONLINE Gender:Male Location:Virginia, USA Local time:08:07 PM Posted 08 August 2008 - 02:37 PM Did you reboot the i actually just stuck the xp cd in and rebooted but this message did not come up, "Press any key to boot from CD", so i got scared and stopped it.

the two links you provided for malwarebytes my computer is not letting me go there. Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. A folder named SmitfraudFix will be created on your Desktop.How to extract (decompress) zipped or compressed files Flag Permalink This was helpful (0) Collapse - thanks for replying by secretlies /

i didnt know what to do. Infected with Trojan.Win32.Dialer.ext? she ran an antivirus (not sure which) and it found 44 items. C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.

same thing happened when i tried to do a system restore. navigate here and which version of AVG are you using?Regarding Invalid Boot.ini file - have a look here, IF that will help you:http://www.daniweb.com/forums/thread6199.html otherwise I would suggest posting in the Windows XP forum:http://forums.cnet.com/5204-6142_102-0.html?forumID=5&tag=dir.forum&tag=dir.forum C:\Documents and Settings\Janice\Desktop\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully. Don't delete this folder.

Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". For the safety of your computer, Trojan.Win32.Dialer.ext should be removed immediately. What do I do? 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com → Security → Am I infected? Check This Out Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy


C:\Program Files\AV9 (Rogue.Antivirus2009) -> Quarantined and deleted successfully. i reran smitfraud and it did not say can't access file. Popup processes, right-click them and select ?End Process?

Right click the My Computer icon. 3.

If we simply replace something whenever it breaks, we stop learning.I spent the better part of my morning working on this. Please try again now or at a later time. Some of the malware you picked up could have been saved in System Restore. This makes me suspect even more that the PC is indeed infected with this nasty cause I used the link in Internet Explorer to go to the Windows Update page to

quit. It's important as an IT person to understand the how and why. button.3. this contact form PC that I'm fixing is Acer Aspire One ZG5 notebook with Atom n270 CPU Processor running Windows XP Home with SP3.

Flag Permalink This was helpful (0) Collapse - yes by secretlies / May 18, 2008 5:34 AM PDT In reply to: o.k.... Each vendor uses different criteria as to what constitutes a "bad" entry. Thank you very much Marianna. SuperDave: The scans show no evidence of Trojan-aax5 .