Just finished up running Housecall and it found nothing. Going to reboot into safe mode and run the others suggested. Wondering if you could advise as to the "good trojan cleaner" . Will check back again. Thanks!
Printable View
Just finished up running Housecall and it found nothing. Going to reboot into safe mode and run the others suggested. Wondering if you could advise as to the "good trojan cleaner" . Will check back again. Thanks!
There a 3 different trojan cleaners that I would recommend.
The best is the 'Cleaner by Moosoft' http://www.globalshareware.com/Utili...ofessional.htm it is a pay program, but does have a 30 day evaluation period with it.
Then there is Swatit http://swatit.org/ , it is a free program and very good, but it is slow but in depth (and has an ugly GUI (LOL)).
The next is A-Squared which I don't have a link for (server is down or something) it is also free.
I would suggest trying the 30 day trial of the cleaner and also adding either Swatit or A-squared for later use when the evaluation period of the 'Cleaner' runs out, if you don't wish to buy it. (If you do buy it, it will be all you should need)
well ran all in safe mode and came up empty.
I am certainly at a loss of ideas, but it is definately still there as it activated at precisely the same time again this evening.
Try the 'Cleaner'. Your hijack logs have several items I would question, but I am not the person to be able to tell you just what is bad on them. There are several others, including Tiger, who are much better at it than I probably will ever be. So on the hijackthis logs you will have to wait untill someone competent comes online and has a chance to look them over.
thanx moxnix...appreciate your advise! actually just ran the cleaner and nothing surfaced with it either. really baffles me.
OK....I just found this.
this is from http://computercops.biz/postitle79405-0-0-.htmlQuote:
What it did, was to place the trojan in a temp folder on my C drive every time the PC was restarted, and none of the more common solutions for trojans and adware were working. Every time I would delete the file, and every time it would come back.
I found the solution is actually very simple, or at least it was in my case, running WinXP home edition.
I went to add/remove programs, scrolled down, and lo and behold, there it was. Windows SyncroAd.
I uninstalled it, then I went to my C drive, found the folder (it was named "temp", right there on the main level of the C) and completely removed it using shift-delete.
After that, I restarted my PC, and I've yet to see a return of SyncroAd, the temp folder, or the trojan horse.
Try that and see if it has any similarities to what you have....it was also named Dropper.Delf.3.L
Edit> here is another thread that outlines a means to fix the same problem http://www.cybertechhelp.com/forums/...ad.php?t=55231
Lady:
I think I see your problem.....
C:\Program Files\Win Comm\WinComm.exe
C:\Program Files\Win Comm\WinLock.exe
This is a version of AgoBot.
It probably won't work but open Task Manager and see if you can end the processes. (If not boot to safe mode and do the following things). If it does work take steps below in normal mode.
1. right click My Computer - Manage - Services and Apps. - Services
2. Locate the services they may be starting under (WinLock and WinComm) and disable then.
3. In Explorer navigate to c:\Program files and rename the folder \Win Comm to \Trojan Agobot
4. Restart the PC in normal mode let it's boot cycle run to completion, log in and wait about a minute.
5. Rerun HijackThis
6. If both these files no longer appear then you can just delete the \Trojan Agobot folder
7. If they do appear repost the HiJackThis log please.....
8. Turn off all autoprotect AV stuff and navigate to C:\Documents and Settings\Name\Local Settings\Temporary Internet Files\Content.IE5 and delete everything under that folder - not everything will disappear - don't worry.
Good day Tiger Shark.
I am in "services" but I am not finding windomm or winlock....can u give any further advise how to try to located these items?
thank u
I think the time difference between us is getting in the way! lol
just rename the folder.... In safe mode if necessary then repost a new hijack this log