Request for Help with Trojan Virus Removal

[abluewhale07]

Hi there an infuriating DOS window (DOS window flashed) keeps popping up but (99% of the time) it disappears. By some luck it froze and I was able to read it. The DOS window itself was empty but in the program title bar it read

C:\PROGRA~1\PDFCOM~1\pdfupd.exe

which Bill Richardson identified as a Trojan Virus.

However I'm running an up to date version of Norton Internet Security and Ad-aware (Lavasoft) as well as Malwarebyte's Anti-Malware.

I've run scans, quick and full, on all three programs to no avail. (I also used the microsoft online scan as Bill suggested, however the virus scanner would/could not download - possibly due to the virus?)

Bill proposed I take my issue up (DOS window flashed) with you to see if you could help me.

I would very much appreciate any help

[harry 48]

http://www.computerhope.com/forum/index.php/topic,46313.0.html

go to above and complete and post the 3 logs an expert will look at them

[abluewhale07]

Ok taken several hours but followed the steps given.

A more detailed account of my problem can be seen here

http://www.computerhope.com/forum/index.php/topic,98496.0.html

hope that helps.

Anyway the steps...

Step 1.

In the Add/Remove Programs directory I found a few that I don't recognise/didn't know were there:

ABBYY FineReader 6.0 Sprint
DNA (Bittorrent??)
GameSpyArcade

I'm guessing the following are updates to service pack 2 for vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)

PDF Complete

Sonic CinePlayer Decoder Pack

Thats that.

Step 2.

Done

Step 3.

Done.

Step 4.

Done.

Step 5.

Updated to latest version of Java and run the cleaner again

Step 6

Run HiJackThis

Really hope you can help me, this DOS window is infuriating and I have a feeling the virus is the cause of my computer slowing immensly over the last few months.

Logs attached

Many thanks :)


[Saving space, attachment deleted by admin]

[harry 48]

http://en.wikipedia.org/wiki/BitTorrent_DNA


This section may contain original research. Please improve it by verifying the claims made and adding references. Statements consisting only of original research may be removed. More details may be available on the talk page. (March 2009)

WeFixedTheGlitch cited concerns shortly after the launch of BitTorrent DNA about possible exploits of the software, rating it as a "high" level risk and recommending the software to be avoided.[8]. BitTorrent replied that DNA only "accelerates" authorized URLs, but the possible exploit remains untested.

Other criticism includes the fact that DNA automatically starts with Windows and is installed with the official BitTorrent client, making it hard to be noticed by some users. BitTorrent claims that this will be fixed when DNA is fully integrated into their client. Also, DNA can only be temporarily disabled and has no other method to control bandwidth usage, relying entirely on autodetection of acceptable transfer speeds[9].

Like most peer-to-peer applications, DNA might cause poor performance when running alongside other peer-to-peer delivery systems; unfortunately, due to DNA's subtleness, often the user is unaware that their content is being delivered in a manner that requires both numerous connections and utilization of their upload bandwidth, and may be surprised at a sudden drop in performance of unrelated transfers.

----------------------------------------------------------------------------------------

http://en.wikipedia.org/wiki/GameSpy_Arcade

a lot of the sites have a warning as Dangerous Downloads

--------------------------------------------------------------------------------
Please use caution before downloading anything at this site. Downloads may contain a virus or other undesirable software.
More details
SearchScanBETA powered by McAfee
Site owner support

[harry 48]

You're not running the latest version of Trend Micro HijackThis (v2.0.2) and not all threats may be found. Latest version found here.http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

We did not detect any antivirus on this computer. We suggest installing a free Antivirus


the above is from your hjt log

up-date hjt and post a new log please

-----------------------------------------------------------------------
free a/v download and run 1 only

http://www.free-av.com/

http://www.avast.com/en-gb/index

[abluewhale07]

ok downloaded the latest version of HJT and avast. made sure avast was up to date and ran both full and quick system scans. no threats were found.

i've attached the log from HJT.

many thanks

[Saving space, attachment deleted by admin]

[lonar23]

try system restore, or if you want to make it all clean..then reformat your disk much better...

[abluewhale07]

system restore keeps generating an error and won't complete. i'm not sure i know how to do a disk format or what it involves?

[harry 48]

try system restore, or if you want to make it all clean..then reformat your disk much better...

please do not give advice you are not a malware expert

[harry 48]

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039/

please go to above to remove any traces of norton , do it twice

[abluewhale07]

done it

[harry 48]

ok , run hjt and post a fresh log please

[abluewhale07]

log attached

[Saving space, attachment deleted by admin]

[harry 48]

ok , it is now a matter of waiting for a malware expert to help you , harry

[SuperDave]

Hello abluewhale07 and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

------------------------------------------------------------------------------------------

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Common Files\Java\Java Update\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

---------------------------------------------------------------------------------------------

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.