|
-
November 7th, 2004, 06:30 AM
#21
Member
done
Just finished up running Housecall and it found nothing. Going to reboot into safe mode and run the others suggested. Wondering if you could advise as to the "good trojan cleaner" . Will check back again. Thanks!
-
November 7th, 2004, 06:50 AM
#22
There a 3 different trojan cleaners that I would recommend.
The best is the 'Cleaner by Moosoft' http://www.globalshareware.com/Utili...ofessional.htm it is a pay program, but does have a 30 day evaluation period with it.
Then there is Swatit http://swatit.org/ , it is a free program and very good, but it is slow but in depth (and has an ugly GUI (LOL)).
The next is A-Squared which I don't have a link for (server is down or something) it is also free.
I would suggest trying the 30 day trial of the cleaner and also adding either Swatit or A-squared for later use when the evaluation period of the 'Cleaner' runs out, if you don't wish to buy it. (If you do buy it, it will be all you should need)
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
November 7th, 2004, 07:01 AM
#23
Member
to further update
well ran all in safe mode and came up empty.
I am certainly at a loss of ideas, but it is definately still there as it activated at precisely the same time again this evening.
-
November 7th, 2004, 07:22 AM
#24
Try the 'Cleaner'. Your hijack logs have several items I would question, but I am not the person to be able to tell you just what is bad on them. There are several others, including Tiger, who are much better at it than I probably will ever be. So on the hijackthis logs you will have to wait untill someone competent comes online and has a chance to look them over.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
November 7th, 2004, 07:24 AM
#25
Member
thanx moxnix...appreciate your advise! actually just ran the cleaner and nothing surfaced with it either. really baffles me.
-
November 7th, 2004, 07:31 AM
#26
OK....I just found this.
What it did, was to place the trojan in a temp folder on my C drive every time the PC was restarted, and none of the more common solutions for trojans and adware were working. Every time I would delete the file, and every time it would come back.
I found the solution is actually very simple, or at least it was in my case, running WinXP home edition.
I went to add/remove programs, scrolled down, and lo and behold, there it was. Windows SyncroAd.
I uninstalled it, then I went to my C drive, found the folder (it was named "temp", right there on the main level of the C) and completely removed it using shift-delete.
After that, I restarted my PC, and I've yet to see a return of SyncroAd, the temp folder, or the trojan horse.
this is from http://computercops.biz/postitle79405-0-0-.html
Try that and see if it has any similarities to what you have....it was also named Dropper.Delf.3.L
Edit> here is another thread that outlines a means to fix the same problem http://www.cybertechhelp.com/forums/...ad.php?t=55231
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
November 7th, 2004, 12:52 PM
#27
Lady:
I think I see your problem.....
C:\Program Files\Win Comm\WinComm.exe
C:\Program Files\Win Comm\WinLock.exe
This is a version of AgoBot.
It probably won't work but open Task Manager and see if you can end the processes. (If not boot to safe mode and do the following things). If it does work take steps below in normal mode.
1. right click My Computer - Manage - Services and Apps. - Services
2. Locate the services they may be starting under (WinLock and WinComm) and disable then.
3. In Explorer navigate to c:\Program files and rename the folder \Win Comm to \Trojan Agobot
4. Restart the PC in normal mode let it's boot cycle run to completion, log in and wait about a minute.
5. Rerun HijackThis
6. If both these files no longer appear then you can just delete the \Trojan Agobot folder
7. If they do appear repost the HiJackThis log please.....
8. Turn off all autoprotect AV stuff and navigate to C:\Documents and Settings\Name\Local Settings\Temporary Internet Files\Content.IE5 and delete everything under that folder - not everything will disappear - don't worry.
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
November 7th, 2004, 07:07 PM
#28
Member
Good day Tiger Shark.
I am in "services" but I am not finding windomm or winlock....can u give any further advise how to try to located these items?
thank u
-
November 7th, 2004, 07:10 PM
#29
Member
I think the time difference between us is getting in the way! lol
-
November 7th, 2004, 08:26 PM
#30
just rename the folder.... In safe mode if necessary then repost a new hijack this log
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
