Hello,
I have got problem with updates ,I think there is new kind of virus type that effecting computor to browse Windows update-antivirus web page update even to open all other antivirus sites at the same time.
it is really a strange type.
I use AVG 8.0 free type addition and surely cannot update+open www.avg.com site to update +to browse any other latest antivirus sites to load latest antivirus editions downloads to solve my problem.
Please help how to solve it.
I have been having the same problem with multiple computers. I work in IT and this particular infection is driving me crazy. I first saw it 2 years ago and back then smifraudfix was ll you needed. Quick, simple and easy. This latest one is ridiculous. I have used Spybot S+D, AVG, Smitfraudfix, Super Anti-Spyware and now Trojan Remover wont even run. If anybody has any other possible ideas I would greatly appreciate it. I have run trojan remover in regular and safe modes. THe last time I tried to scan with it I got BSOD. I'm ready to start hitting my head on the keyboard to see if that will help!!!! Thanks in advance.
I am glad to see that I'm not the only one having this problem. I consider myself to be fairly adept when it comes to computers and this has been the first problem of this type that I haven't been able to solve on my own. I will be trying these steps when I get home tonight to see if it fixes my problems.
Thanks in advance to all posters, in particular, Morphine.
The virus was killed by Trojan Remover 675.
thanks Guys.
Attached is the log file
***** THE SYSTEM HAS BEEN RESTARTED *****
1/9/2009 11:35:46 AM: Trojan Remover has been restarted
----------
Cleaning up TDSS keys/files:
HKLM\SOFTWARE\TDSS - key (and subkeys) deleted
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata - key (and subkeys) deleted
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS - key (and subkeys) deleted
C:\WINDOWS\system32\TDSSosvn.dll - deleted
C:\WINDOWS\system32\TDSSnrsr.dat - deleted
C:\WINDOWS\system32\TDSSnmxh.dll - deleted
C:\WINDOWS\system32\TDSSsbhc.dll - deleted
C:\WINDOWS\system32\TDSSthym.dll - deleted
C:\WINDOWS\system32\TDSStkdv.dll - deleted
C:\WINDOWS\system32\TDSSkpjp.log - deleted
----------
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSoeqh.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSoeqh.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdsspaxt.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdsspaxt.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys - removed
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv) - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys) - already removed (or did not exist)
=======================================================
1/9/2009 11:35:46 AM: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2560. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:32:43 AM 09 Jan 2009
Using Database v7254
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Norman\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Norman\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
Microsoft Windows Defender
AVG Anti-Virus
************************************************************
11:32:43 AM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
11:32:43 AM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
11:32:43 AM: ----- SCANNING FOR ROOTKIT SERVICES -----
Hidden Service Keyname: TDSSserv.sys
C:\WINDOWS\system32\drivers\TDSSoeqh.sys appears to contain: BACKDOOR.TDSS
C:\WINDOWS\system32\drivers\TDSSoeqh.sys - file backed up to C:\WINDOWS\system32\drivers\TDSSoeqh.sys.vir
C:\WINDOWS\system32\drivers\TDSSoeqh.sys - file has been erased using RAW erasure
************************************************************
11:33:05 AM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 8/3/2004
Modified: 4/14/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 8/3/2004
Modified: 4/14/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 8/3/2004
Modified: 4/14/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
-R- 98304 bytes
Created: 6/1/2008
Modified: 10/5/2006
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
-R- 114688 bytes
Created: 6/1/2008
Modified: 10/5/2006
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
-R- 94208 bytes
Created: 6/1/2008
Modified: 10/5/2006
Company: Intel Corporation
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
-R- 16126464 bytes
Created: 6/1/2008
Modified: 4/10/2007
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SkyTel
Value Data: SkyTel.EXE
C:\WINDOWS\SkyTel.EXE
-R- 1822720 bytes
Created: 6/1/2008
Modified: 4/4/2007
Company: Realtek Semiconductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
-R- 69632 bytes
Created: 6/1/2008
Modified: 5/3/2005
Company: Realtek Semiconductor Corp.
--------------------
Value Name: CmUCRRun
Value Data: C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\system32\CmUCReye.exe
-R- 237568 bytes
Created: 7/28/2008
Modified: 7/11/2006
Company:
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
75520 bytes
Created: 10/12/2008
Modified: 5/2/2007
Company: Sun Microsystems, Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 10/15/2008
Modified: 10/15/2008
Company: Adobe Systems Incorporated
--------------------
Value Name: Hiyo
Value Data: C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
C:\Program Files\HiYo\bin\HiYo.exe
300336 bytes
Created: 12/10/2008
Modified: 12/10/2008
Company: IncrediMail, Ltd.
--------------------
Value Name: SweetIM
Value Data: C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
-R- 111928 bytes
Created: 12/2/2008
Modified: 12/2/2008
Company: SweetIM Technologies Ltd.
--------------------
Value Name: Windows Defender
Value Data: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
C:\Program Files\Windows Defender\MSASCui.exe
866584 bytes
Created: 11/3/2006
Modified: 11/3/2006
Company: Microsoft Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1231752 bytes
Created: 1/9/2009
Modified: 1/1/2009
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: msnmsgr
Value Data: ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
~ [file not found to scan]
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 8/3/2004
Modified: 4/14/2008
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
11:33:07 AM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created: 11/3/2006
Modified: 11/3/2006
Company: Microsoft Corporation
----------
************************************************************
11:33:07 AM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
11:33:10 AM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
11:33:10 AM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 6/1/2008
Modified: 6/1/2008
Company: [no info]
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
147456 bytes
Created: 4/6/2003
Modified: 4/6/2003
Company: Hewlett-Packard Co.
hp psc 1000 series.lnk - links to C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
28672 bytes
Created: 4/6/2003
Modified: 4/6/2003
Company: Hewlett-Packard
hpoddt01.exe.lnk - links to C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
--------------------
************************************************************
11:33:11 AM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Norman
[C:\Documents and Settings\Norman\START MENU\PROGRAMS\STARTUP]
The Startup Group for Norman attempts to load the following file(s):
C:\Documents and Settings\Norman\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 1/2/2009
Modified: 6/1/2008
Company: [no info]
----------
--------------------
Checking Startup Group for: Wayne
[C:\Documents and Settings\Wayne\START MENU\PROGRAMS\STARTUP]
The Startup Group for Wayne attempts to load the following file(s):
C:\Documents and Settings\Wayne\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 10/2/2008
Modified: 6/1/2008
Company: [no info]
----------
--------------------
Checking Startup Group for: XPUser
[C:\Documents and Settings\XPUser\START MENU\PROGRAMS\STARTUP]
The Startup Group for XPUser attempts to load the following file(s):
C:\Documents and Settings\XPUser\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 6/1/2008
Modified: 6/1/2008
Company: [no info]
----------
************************************************************
11:33:11 AM: Scanning ----- SCHEDULED TASKS -----
Taskname: MP Scheduled Scan.job
File: C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
293144 bytes
Created: 11/3/2006
Modified: 11/3/2006
Company: Microsoft Corporation
Parameters: Scan -RestrictPrivileges
Next Run Time: 1/9/2009 6:00:00 PM
Status: The task has not yet run
Creator: SYSTEM
Comments: Scheduled Scan
----------
C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[11 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[68 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[32 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[61 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[65 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[38 loaded modules in total]
--------------------
C:\Program Files\Windows Defender\MsMpEng.exe - file already scanned
[42 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[155 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[31 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[41 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[57 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe - file already scanned
[36 loaded modules in total]
--------------------
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe - file already scanned
[29 loaded modules in total]
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[27 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[44 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
[112 loaded modules in total]
--------------------
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\CManager.exe
[51 loaded modules in total]
--------------------
C:\WINDOWS\system32\igfxtray.exe - file already scanned
[33 loaded modules in total]
--------------------
C:\WINDOWS\system32\igfxpers.exe - file already scanned
[31 loaded modules in total]
--------------------
C:\WINDOWS\RTHDCPL.EXE - file already scanned
[41 loaded modules in total]
--------------------
C:\WINDOWS\system32\CmUCReye.exe - file already scanned
[38 loaded modules in total]
--------------------
C:\Program Files\HiYo\bin\HiYo.exe - file already scanned
[42 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
[23 loaded modules in total]
--------------------
C:\Program Files\Windows Defender\MSASCui.exe - file already scanned
[62 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[31 loaded modules in total]
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
[44 loaded modules in total]
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[35 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe - file already scanned
[60 loaded modules in total]
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
[33 loaded modules in total]
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
[44 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[32 loaded modules in total]
--------------------
C:\WINDOWS\system32\wscntfy.exe
[24 loaded modules in total]
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
[90 loaded modules in total]
--------------------
C:\Documents and Settings\Norman\Application Data\Simply Super Software\Trojan Remover\uku5.exe
FileSize: 2921336
[This is a Trojan Remover component]
[71 loaded modules in total]
--------------------
************************************************************
11:33:54 AM: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
11:33:54 AM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
11:33:54 AM: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
11:33:58 AM: ------ Scan for other files to remove ------
No malware-related files found to remove
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 11:33:58 AM 09 Jan 2009
Total Scan time: 00:01:15
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
1/9/2009 11:34:03 AM: restart commenced
************************************************************
Man... this was bananas.
Had to call a friend at microsoft who told me how to even search for a solution which allowed me to find this site, TR, MBytes, etc...thanks for all the info and heads up.
Everyone should spread the word... most folks have no clue what to do in this situation and given the spread of this issue, I'd assume that it's only going to get worse.
Tell your friends!
Thanks for the help and hints on Trojan remover ! it worked like a charm and everything is fixed now. thought I still wonder how that thing got into my PC, it's for sure a nasty thing.
UMM.. Trojan remover is not working for me at all I dont know if this is a New Version of the "whatever its called Trojan DNS Changer" and im running Trojan Remover AVG and Malware, Malware detects it but will not remove it, Trojan Remover will not detect it and wont remove it so I guess im SOL.
Does everyone at all have this same problem not bein able to remove it.
To one and all, thank you so very much for helping me fix the inability to get AVG or Microsoft updates.
I too have now had the problem sorted by the Trojan Removal program.
Another thing that happened to our computer was that we couldn't make a restore point, nor could we use any previous restore points! That has also apparently been fixed.
It might be another thing to check on if anyone else has that problem. It may be related??!!
Thanks again people :-)
I have the same virus. I got it around the same time everyone else did (in Decemeber). I was able to download the trojan remover. However, I'm not able to install it. When I hit "open" or "run as" it doesn't do anything. The virus is blocking the installation. I had the same problem with a microsoft program. I downloaded microsoft program and burned it to a disk. I tried installing it from the disk and it wouldn't let me install it.
How can I install the trojan remover? Does anyone have any suggestions? Is there somehting I can do manually to allow the installation?
Hi! I downloaded the Trojan Remover set-up program (only....did not run the actual set-up) to a thumb drive from another PC, then installed the set-up program on the infected PC and ran it. Found the "Backdoor.TDSS" in about 1 second! Entire scan only took about 3 minutes....GREAT anti-virus program. Hope it works for you, also. Best of Luck to You!
It worked! Renaming the installation file worked. The internet is working good now, but I did see a pop or two appear.
Does any one have any idea how they got the virus? My boyfriend thinks he got the virus from redtube.com Did anyone else view this website prior to receiving the virus?
i was up all night trying to kill this thing, with no luck.
every site I wanted to visit it would bring me somewhere else. It was pretty smart I must admit.
I have never been so concerned about viruses but after seeing this I was little annoyed.
thanks to your info. and most of all trojan remover which worked after 2nd try. the first time I ran it was in safe mode, didnt seem to solve the problem, when windows rebooted (normal) I scanned again and all seems to work since I am able to update all virus definitions. Moving to other tools now.
Thanks for the Info Morphine I was having the same problem as most everyone here Trojan Remover worked like a charm. Sure beats reformatting the hard drive. Thanks again
I too have been the victim of this insidious malware. Not even MS's Malicious Software Removal Tool (January 2009) detected it. (Tool downloaded via an uninfected computer on my home network because even access to Microsoft website was consistently redirected to Google's search page). However, Trojan Remover did the trick!
The idiocy of this sort of malware usually takes days to rectify and then only after reinstalling the OS, but the discussion here was invaluable. Saved me heaps of frustration, anger and time.
I battled this with little success last week for 3 hours, no info due to my searches being filtered and replaced with related but not results. The PC is in a family household and used for most anything. It started with not doing updates to Windows or the AVG8.0 free edition, I uninstalled and tried a reinstall of AVG and it froze it half way through. When I went to the MS website, it said turn updates on, which I did and soon as it went to download updates, it would turn them off and say turn them on again. The culprit I suspect is the Antivirus 2009 pop up , they mistakenly installed it thinking it was their AV suite saying it, things got worse as well. MS is making a tool and its now in the news to everyone, its being blamed on Ukraine ......go figure. I used the end all solution........... back up and reinstall.
This thing is even attempted to crack passwords and spread through networks, over 9 million infected so far. I suspect its something commonly used or through an automatic update of a program, possibly from a hacked site.
My conspiracy theory for it................ the pirates have gone digital !
I have been trying to solve this issue with all the known anti spyware/malware/virus programmes known and no luck, same problem, some will not even install.
thanks for the solution! it saved my computer! I dont wish anyone to have the same problem. if anyone knows the source please post it.
Hello. Now I have the same problem. I have tried plenty of different anti-virus software. And yet, unsuccessful. I can tell you, that NOD32, McAfee, Norton, Kaspersky won't find anything. AVG is good, but when you got the infection inside, it is useless. You won't be able to update any of them, not even Malwarebytes or access their websites (e.g. avg.com, symantec.com and so on...). And the "hosts" file has nothing to do with it!
But I have found a solution if you want to be able to update your anti-virus. Is has something to do with "svchost.exe" which can be seen in the task manager (ctrl+alt+dele > Processes). First of all, make a BAT file on your desktop (just make a TXT file and rename it's extension to .BAT). Open it with your right mouse and click edit. Put the following code:
------------------
@echo off
shutdown -a
cls
------------------
and save the file.
Now access the task manager and go to Processes. Start killing all the "svchost.exe" until you have none of them running. This will make a message with a shutdown appear on your screen. Run the BAT file, this will cancel the shutdown. Now when you kill all the "svchost.exe", you will be able to update your anti-virus and go online to avg.com or other.
I also used TROJAN REMOVER and it removed several files and reg entries related to a file called kdwec.exe. When I restarted my computer still had the problem. I re-ran Trojan Remover after turning off the system restore and the computer seems to working properly.
Hi. I agree with you. Trojan Remover helped me as well. It was an awesome ending when I caught all the nasty worms sneaking inside my PC:)) Now the problems gone, thankfully.
Anyone who doesn't have Trojan Remover yet, I advise you to get it.
