Question

Locked

Virus or Trojian

By matwell ·
Hi. I'm working on a Dell, running xp and the symptons are sluggish (virus) and the \\\\ is constantly being inputted all by itself (trojian /Hijacking) I have run AVG 8 along with Ad-Aware with the only thing being found were cookies. I restored the laptop back to a way earlier time, and most of the day yesterday, the \\\\ did not bother me, however at the end of the day they reappeared and that was after I ran a mcafee on line scan.

I noticed these .exe's running in the task manager, I am not sure if they are the cause or not.
dlg, dsagnt, mdm, bcmwltry, wltryswc, hkcmd, alg, pcmservice, wmiprvse.

I had just downloaded AVG 8.

Any help on what to do will be appreciated.

ML

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Answers

Collapse -

Not sure what your problem is

by ComputerCookie In reply to Virus or Trojian

most of those seem OK and a couple that I looked up as I cou;dn't be sure relate to Dell "experience" or Broadcom.

Anyway, to remove any virus/trojan that has been installed on your machine you need to turn of system restore and run your AVG, Spybot S&amp and Adaware in safe mode.

Jeff

Collapse -

Sounds like Spyware

by dmiles In reply to Virus or Trojian

The symptons suggest that it would be spy ware,virus is more apt to crash the system and cause it to be in-operable

I would suggest to download the free spy ware utilities from the net and run each on system.

Spy Sweeeper
Spy Bot
Hijack This
Ad-Aware 2008
Hope this helps,if this does not clear up the problem,stop booting system and run the anti-vius,some anti-virus tools don't get certain viruses,so get the tools that are free from the net from Norton

Collapse -

This is the next step...

by CaptBilly1Eye In reply to Virus or Trojian

What you are experiencing is most likely a trojan that re-installs itself with each boot. They are usually tough to get rid of. It was most likely installed when you took advantage of one of those advertised 'Free On-Line Scan' scams. It happens to the best of us... well, one time, anyway.

If you are using Internet Explorer, I would first check what add-ons are running and disable any that look suspicious. In Internet Explorer 6, go to Tools and select 'Manage Add-Ons'. Then scroll through the list of enabled Browser Helper Objects (BHOs) and disable the ones you don't want. In IE7, go to Tools and Then Manage Add-Ons and then Enable or Disable Add-ons to do the same.

While in IE, empty the Internet Cache.**

Next, download and run the free stand-alone version of CWShredder:
http://tinyurl.com/5lstv

I would also use this tool: RootKitRevealer (http://tinyurl.com/y3hgq9)

If the issue remains, I recommend you download and run the latest version of HiJackThis (http://tinyurl.com/b9h3s) and post the log file it creates in one of the many forums dedicated for that purpose. I recommend that you post your HiJackThis log where there are many people who specialize in working with them. Try here: http://tinyurl.com/2nxzqt
You'll have to create a login but I think you'll find it to be the easiest and best way to resolve your issue.

Additionally, here is a good source for advice: http://aumha.org/a/quickfix.htm

When you finally get everything cleaned up and running smooth, here are great free tools to help you avoid getting that garbage again:

SpywareBlaster:
http://tinyurl.com/g1d9

SpywareGuard:
http://tinyurl.com/3yj37

and to quickly clean out the places where their installers usually hide before you shut down or reboot - ATF-Cleaner:
http://tinyurl.com/2clx6g

Some would suggest using Firefox or Opera as an alternative to Internet Explorer.

Good Luck!


** To empty the Internet Cache - if you are using IE7, open to a browser window, click on Tools, select Internet Options, in the Browsing History section click on Delete and then in the next menu click on Temporary Internet Files 'Delete Files.'
If you are using IE6, click on Tools, select Internet Options and then under Temporary Internet Files click on the Delete Files button.

Collapse -

My solution at that point

by jdclyde In reply to This is the next step...

is a wipe/reload.

AV software does a decent job of preventing an infection in most cases, but once you have it, the os will never be the same. Add to that, in a work environment I don't TRUST it anymore and it takes less time to wipe/reload than it does to clean an infection.

Collapse -

That totlly depends on the infection JD

by w2ktechman In reply to My solution at that point

many infections are easy to remove/repair without causing irrepairable damage.

However, on some of the real nasties, or multiple infections, it is the best way

Collapse -

If you can identify the infection

by jdclyde In reply to That totlly depends on th ...

but so far it appears that it is doing a good job of covering it's tracks.

Collapse -

In this case -- maybe

by w2ktechman In reply to If you can identify the i ...

but I was referring to your comment which sounded like if there was any infection -- just reload.

Collapse -

crazy suggestion...

by .Martin. In reply to Virus or Trojian

Other than slowness and a constant //// input are there any other symptoms???

If not my suggestion is as follows: is there an infection at all???

All (windows) computers get to a stage in life where they slow down, hey, doesn't nearly everything???

As for a constant ///// input, have you checked the keyboard??? it may sound odd, but i have had situations where the keyboard has malfunctioned and one (or more) of the buttons have been stuck down, even though the keys were still up.

Back to Malware Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums