I've run every possible scan there is, and this thing is still in the system.

Trojan hunter
Norton antivirus
avg
ad-aware
bit defender online scanner
cwshredder
stinger
winsockxpfix
cleanup
s&d

it first started with the computer logging onto the net and playing audio, random audio with nothing open. norton blocked a few things with the messages indicating trojans - couldn't get the names. widows defender also block stuff (stop working now - cant run it)

i tried to log into safemode but im thinking something is blocking this as i only get a black screen after selecting a user. i did however manage to run all the above by ctrl+alt+del then start new task

hijack this looks clean too

the appz only seem to be piking up Trojan.agent.alz in avg / agent.100 in trojanhunter

ive run out of ideas..... help plz

You don't say what OS but I take its XP ?

If so the first I'd try is see if system restore has a restore point that precedes this problem.

You can also try

AOL AVS (http://www.activevirusshield.com/antivirus/freeav/index.adp?) (free Kaspersky 6.0)

AntiVir free (http://www.free-av.com/) has one of the best Trojan detections. Set (in advance settings) heuristics to high.

You said AVG, is that the AV or AVG Anti-Spyware Free (http://free.grisoft.com/doc/20/lng/us/tpl/v5), if it was the AV then use the AntiSpyware.

Give SUPERAntiSpyware (http://www.superantispyware.com) a try.

If you use the other AV's make sure Norton real time protection is disabled.

You don't say what OS but I take its XP ?

If so the first I'd try is see if system restore has a restore point that precedes this problem.

You can also try

AOL AVS (http://www.activevirusshield.com/antivirus/freeav/index.adp?) (free Kaspersky 6.0)

AntiVir free (http://www.free-av.com/) has one of the best Trojan detections. Set (in advance settings) heuristics to high.

You said AVG, is that the AV or AVG Anti-Spyware Free (http://free.grisoft.com/doc/20/lng/us/tpl/v5), if it was the AV then use the AntiSpyware.

Give SUPERAntiSpyware (http://www.superantispyware.com) a try.

If you use the other AV's make sure Norton real time protection is disabled.

yes its xp and its AVG Anti-Spyware

there seem to be two, tojan.agent and trojan.vundo

tojan.agent is generic and all the things you tried should get rid of that, where is this being found, what files ?

trojan.vundo can be nasty if deep rooted or you have a program such as WinFixer that keeps reinstalling itself. AOL, AntiVir, SuperAntiSpyware should get rid of that...but...you might need to visit an AV site and get the removal tool.

Did you try system restore ?

hijack this looks clean too

Hmm it should have shown vundo.

run security taskmanager to see whats running on your system..

Curio turned me onto this gem

Security Task Manager displays detailed information about all running processes (applications, DLL's, BHO's and services). For each Windows process, it improves on Windows Task Manager, providing:

file name and directory path
security risk rating
description
start time
CPU usage graph
embedded hidden functions (e.g. keyboard monitoring, browser supervision or manipulation)
process type (e.g. visible window, systray program, DLL, IE-plugin, startup service)
The Security Task Manager recognizes also virtual driver software, services, BHO and other processes hidden from the Windows task manager.



http://www.neuber.com/taskmanager/

tojan.agent is generic and all the things you tried should get rid of that, where is this being found, what files ?

trojan.vundo can be nasty if deep rooted or you have a program such as WinFixer that keeps reinstalling itself. AOL, AntiVir, SuperAntiSpyware should get rid of that...but...you might need to visit an AV site and get the removal tool.

Did you try system restore ?



Hmm it should have shown vundo.

i cannot figure out what roots its in, none of the scans come back with an address.

no, my system restore was off

im ran a app i foudn, VundoFix.exe, it seems to have taken some stuff out.

im going to restart and re-run all the scans to see if anything is still left.

You might also want to run "Combofix" as well. You can find it here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe).

So I ran all of the scans again, and all came up clean. I ran:
Ad-Aware
AVG Anti-Spyware
Spybot - Search & Destroy
TrojanHunter Scanner
Windows Defender

I thought everything was fixed, too check, I powered down fully and power up few hours later. as soon as i logged in, pop up in ie - (didnt go anywhere bc my wireless was off). I also noticed everything that suppose to be in my taskbar is missing.

the last hijack this looked clean, so i renamed it to shahdad.exe, and for first time ive got some stuff in it.

im currently running ComboFix. im going to run AOL AVS, AntiVir free and SUPERAntiSpyware right after the scan is finished

can i post logs here?

HOLY SMOKY!!!

i ran ComboFix, shit! it fixed everything, insane!!

what the heck is that app? a better ver of hijack this!

ive got my taskbar items back and no pop ups on log in

looks good so far, final check to come but i think that did it

haha nope

superantispyware is picking up trojan.winfixer - 6 items

ComboFix is like and used with HijackThis, the logs should be posted at Spyware Warrior (http://www.spywarewarrior.com/index.php) so one of the experts can help you remove the correct things. ComboFix and HijackThis aren't really made for the general public to use, one needs to understand the logs.

haha nope

superantispyware is picking up trojan.winfixer - 6 items
trojan.vundo can be nasty if deep rooted or you have a program such as WinFixer that keeps reinstalling itself
U lucky dog......

You're going to need more scanning (also in safemode if you can) rebooting, more scanning.

I just did the most infected PC in the world, normally I don't fix things that bad, format and reinstall is my motto on the bad ones. Anyhoo I decided to take the challenge :) 8 hours of scanning with the things in this thread and the PC was clean as a whistle :D Only problem was that XP wouldn't work afterwards :p XP repair fixed that...

Keep scanning and keep us posted.

BTW don't forget AOL AVS and AntiVir ;) and don't forget to disable the real time protect of the AV's not in use while using another :cool:

ComboFix is like and used with HijackThis, the logs should be posted at Spyware Warrior (http://www.spywarewarrior.com/index.php) so one of the experts can help you remove the correct things. ComboFix and HijackThis aren't really made for the general public to use, one needs to understand the logs.



U lucky dog......

You're going to need more scanning (also in safemode if you can) rebooting, more scanning.

I just did the most infected PC in the world, normally I don't fix things that bad, format and reinstall is my motto on the bad ones. Anyhoo I decided to take the challenge :) 8 hours of scanning with the things in this thread and the PC was clean as a whistle :D Only problem was that XP wouldn't work afterwards :p XP repair fixed that...

Keep scanning and keep us posted.

BTW don't forget AOL AVS and AntiVir ;) and don't forget to disable the real time protect of the AV's not in use while using another :cool:

LOL nice!!!

i think i pulled out everything in my think tank for this one. glad it came of use to someone else.

but i give up.... haha

im going to just do a format and fresh install of everything. i think its time for one anyways.

I was wondering though, is there guide, like top 10 things to do before and after re-install to avoid problems like this in the future/save your self time and hassle of a full format?

this is what im going to do

format, PARTITION this time haha, put windows in the smaller partition and save the larger partition for files (next time for once i wont have to burn everything to cd)

then defrag, install my appz, defrag again
clean out System Restore, set a new one

then somehow figure out how to take an image to keep all stuff at that point in time.... hmm... other than system restore

now a guide that has all that plus anything i may have missed & extra tips would be awesome.

you only realize afterwards that you missed something. if theres a guide, many others have made the mistakes already so we can learn from them :)

thanks for all the help

i just thought of the other things i will need do after ive installed xp

so... revision of thought
1. format
2. partition
3. install xp
4. defrag after install
5. install appz off cd's (no internet connection yet) office, norton wow thats it, haha, everything else is downloaded of the net
6. degrag again
7. set clean system restore point here.

now connect to the net
8. update norton
9. windows update
10. dl & install windows defender
11. dl & install firefox - also about:config at this pioint for tweaks:
---> use detailed guide at www.tweakfactor.com/articles/tweaks/firefoxtweak/4.html
12. dl & install fiirefox preloader
13. dl & install adobe reader
14. dl & install anything else that comes to mind at this point that i may have missed now
15. degrag
16. set another system restore point
17. now im on my marry way to screw up the computer again :)

wow i think i just made a guide, haha

so any tips or input on the above? i miss or skip anything crucial or even minor?

Looks like you pretty much have it covered. Good Luck!