Help - Search - Members
Full Version: Cannot get rid of adware/trojans
Kaspersky Lab Forum > English User Forum > Virus-related issues
Nanny
I have done several scans with Kaspersky and the problems keep coming back. I disabled my system recover and booted into safe mode and ran a scan. It only found and deleted one object. I restarted my computer and the same things keep happening. I get lots of alerts from Kaspersky and when I'm on the internet, pages keep popping up that I don't ask for. I also have Spy Bot which found Smitfraud-C.toobar888. I deleted it but it comes back. I have Adaware SE PLUS and it doesn't solve the problem either.

Here is a copy of my detected items in Kaspersky:

detected: riskware Invader Running process: C:\WINDOWS\system32\winlogon.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\rundll32.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.ir File: c:\windows\system32\edyehkbt.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.hb URL:
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ir URL:
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.ir File: C:\System Volume Information\_restore{A1B7EF41-FEF0-45A3-961C-94F744650990}\RP120\A0015513.dll
deleted: adware not-a-virus:AdWare.Win32.NewDotNet File: G:\System Volume Information\_restore{A1B7EF41-FEF0-45A3-961C-94F744650990}\RP45\A0006313.exe//WiseSFX Dropper//WISE0017.BIN
deleted: adware not-a-virus:AdWare.Win32.Relevant.a File: G:\System Volume Information\_restore{A1B7EF41-FEF0-45A3-961C-94F744650990}\RP45\A0006313.exe//WiseSFX Dropper//WISE0024.BIN
deleted: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\WINDOWS\system32\kgjhvvpw.dll
deleted: Trojan program Trojan-Dropper.Win32.Agent.bhc File: C:\WINDOWS\system32\WinFlyer32.dll
deleted: adware not-a-virus:AdWare.Win32.WinAD.a File: G:\My Documents G\Overnet Incoming\incoming\incoming\Cinema Craft Encoder (CCE-SP) v2.62.ShareReactor.rar/cce225.zip/cctsp_patch.exe//UPX
detected: riskware Invader Running process: C:\Program Files\Spyware Doctor\swdsvc.exe
detected: riskware Invader Running process: C:\Documents and Settings\Administrator\Local Settings\Temp\is-URJTC.tmp\is-U6A21.tmp
detected: riskware Invader Running process: C:\WINDOWS\system32\cmd.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\net.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\services.exe
detected: riskware Invader Running process: C:\WINDOWS\Explorer.EXE
detected: riskware Invader Running process: C:\Program Files\Spyware Doctor\SDTrayApp.exe
detected: riskware Invader Running process: C:\Program Files\Spyware Doctor\sdloader.exe
detected: riskware Invader Running process: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
detected: riskware Invader Running process: C:\Program Files\Spyware Doctor\swdoctor.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\nvsvc32.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\svchost.exe
detected: riskware Invader Running process: C:\WINDOWS\System32\svchost.exe
detected: riskware Invader Running process: C:\Program Files\Spyware Doctor\unins000.exe
detected: riskware Invader Running process: C:\Documents and Settings\Administrator\Local Settings\Temp\_iu14D2N.tmp
detected: Trojan program Trojan-Spy.Win32.VBStat.h
detected: virus Packed.Win32.Klone.j URL:
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.ir File: C:\WINDOWS\system32\lrviwuye.dll


Would someone please help me?

Thanks,
Nanny
Lucian Bara
hello
invader with spyware doctor is normal. (IMO you should drop spyware doctor and use something like superantispyware)
for the virtumonde problem use vundofix: http://www.atribune.org/content/view/24/2/
(follwo the steps on that page).
when you are done perform a scan with superantispyware: http://www.superantispyware.com/
Nanny
Thank You Lucianbara for your quick reply I uninstalled Spydoctor and bought the Lavasoft Adaware SE PLUS. I never did buy the Spydoctor just tried it and didn't like it so I uninstalled it right away. My problems started before I downloaded Spydoctor though. Should I download the other programs you suggest even though I have Spy Bot and Adaware?

I will try the virtumonde to fix the other problem.

QUOTE(lucianbara @ 5.05.2007 15:17)
hello
invader with spyware doctor is normal. (IMO you should drop spyware doctor and use something like superantispyware)
for the virtumonde problem use vundofix: http://www.atribune.org/content/view/24/2/
(follwo the steps on that page).
when you are done perform a scan with superantispyware: http://www.superantispyware.com/
*
Baz^^
Yes, do download SUPERantispyware, it is much better that Adaware and spybot (in my humble opinion). wink.gif
Nanny
Thank You MAPKOBKA!

I ran the vundofix and fixed that problem. I will download the SUPERantispyware and run it. I really appreciate all the help you people give me.

Thanks again to all of you.

Nanny

QUOTE(MAPKOBKA^^ @ 5.05.2007 15:32)
Yes, do download SUPERantispyware, it is much better that Adaware and spybot (in my humble opinion). wink.gif
*
Baz^^
Let us know how it goes, if you are still having problems be sure to tell us!

I use SUPERantispyware myself, and I have used it when disinfecting machines infected with all sorts of nasty malware, I can honestly say it is one of the better apps I have used in conjunction with Kaspersky Anti Virus.
Nanny
Hi MAPKOBKA,

Thanks for worrying about me. I had to run the vundofix 4 times and the SUPERantispyware 3. I ran my Kaspkersky and my Adaware too! LOL My machine is finally clean! WooHoo. I guess one has to be stubborn and keep trying but it works!

This forum is excellent! I appreciate the quick and knowledgable responses I got. I wrote on several different forums and you were the only one that answered fast and actually helped me.

Thank You...Thank You...Thank You!

Hope you have a Fantastic Weekend! biggrin.gif

Nanny

BTW, Nice Rig you've got there. Love the
QUOTE
20GB HDD and a hampster in a wheel to power it.
and liquid cooled! You must be a big gamer!?! biggrin.gif


QUOTE(MAPKOBKA^^ @ 5.05.2007 16:07)
Let us know how it goes, if you are still having problems be sure to tell us!

I use SUPERantispyware myself, and I have used it when disinfecting machines infected with all sorts of nasty malware, I can honestly say it is one of the better apps I have used in conjunction with Kaspersky Anti Virus.
*
Baz^^
Good to hear you sorted out your problem wink.gif

You have yourself a good weekend too!
Baz^^
Oh yes Nanny, I am a big gamer wink.gif

I think that hampster is the best psu I have ever had so far. Beats the one in my main desktop- it is very quiet, except it has an annoying squeak every time the wheel turns tongue.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.