A trojan virus wiped my computer out.
Solved/Closed
Related:
- What is a trojan virus on a computer
- What is trojan virus in computer โ - Viruses & Security Forum
- Can a jpg have a virus - Guide
- Trojan remover - Download - Antivirus
- Goose virus - Download - Other
- Online virus scan - Guide
33 responses
Anonymous User
Oct 23, 2011 at 12:23 AM
Oct 23, 2011 at 12:23 AM
Do not filter,
Just scan for files,and see if you can recover your lost icons
Check your recycle bin too
If you do not get your icons,just copy the icons of softwares from C:/program files folder and create a shortcut in desktop
I think you have successfully replaced your startmenu icons so missing some desktop icons should not worry you because it can be replaced
About the black screen
Go to start and type
services.msc and press enter
Make sure that themes service started
Now select a theme in display properties and see how it works
Just scan for files,and see if you can recover your lost icons
Check your recycle bin too
If you do not get your icons,just copy the icons of softwares from C:/program files folder and create a shortcut in desktop
I think you have successfully replaced your startmenu icons so missing some desktop icons should not worry you because it can be replaced
About the black screen
Go to start and type
services.msc and press enter
Make sure that themes service started
Now select a theme in display properties and see how it works
loukas78
Posts
19
Registration date
Thursday October 20, 2011
Status
Member
Last seen
November 3, 2011
Oct 23, 2011 at 09:34 AM
Oct 23, 2011 at 09:34 AM
sundar7701
First of all thank you for your help.
I think I "traveled" from Europe to USA through the north pole (didn't follow the easiest way) in order to solve the problems...
You really helped me. I followed your last orders and I have ~90% of the previous desktop conditions with the screen looking great (i am missing some shortcuts but I don't remember all the programms that I had on the desktop).
Moreover, I have a couple of last questions:
1. Is there any "light" anti-virus or anti... call it whatever you want that I should install on my PC? I prefer something that won't slow it down and work in real time. I have Windows Vista installed on a HP Pavilion dv6000 laptop, with Intel Core(TM)2 CPU T 5200@1.6GHz, 1.00 GB RAM and a 120 GB hard disk
2. Does missing the smtmp folder makes my laptop valnerable or disoperationable etc???
3. What short of anti spyware-malware or .... so should I regularly run? I have spybot and Malwarebytes. The first one doesn't seem to detect lots of stuff anymore
THANKS A LOT BODY
First of all thank you for your help.
I think I "traveled" from Europe to USA through the north pole (didn't follow the easiest way) in order to solve the problems...
You really helped me. I followed your last orders and I have ~90% of the previous desktop conditions with the screen looking great (i am missing some shortcuts but I don't remember all the programms that I had on the desktop).
Moreover, I have a couple of last questions:
1. Is there any "light" anti-virus or anti... call it whatever you want that I should install on my PC? I prefer something that won't slow it down and work in real time. I have Windows Vista installed on a HP Pavilion dv6000 laptop, with Intel Core(TM)2 CPU T 5200@1.6GHz, 1.00 GB RAM and a 120 GB hard disk
2. Does missing the smtmp folder makes my laptop valnerable or disoperationable etc???
3. What short of anti spyware-malware or .... so should I regularly run? I have spybot and Malwarebytes. The first one doesn't seem to detect lots of stuff anymore
THANKS A LOT BODY
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,171
Oct 23, 2011 at 10:19 AM
Oct 23, 2011 at 10:19 AM
Hello Loukas,
Spybot is far outdated.
If you wish a free antivirus application, I highly recommend AVG which you can download here:
https://www.avg.com/en-us/free-antivirus-download
If you decide to adopt AVG, Spybot may create a conflict, so you must uninstall Spybot.
As for your the smtmp folder, it just might be still in you system, it is usually hidden and you can't see it. That the little trick on the part of this Trojan Horse, it hides in the stable. If it was not deleted it's there.
I also believe that it's hidding in your system recovery.
If you wish for me to make a final check for virus, I will pass on the results to you and Sundar.
, I require a log.
Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Save the file on your Desktop.
Double click on ZHPDiag.exe and follow the instructions.
the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).
Double click on the short cut ZHPDiag on your Destktop.
Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
Close ZHPDiag.
To transmit the report, click on this link :
https://authentification.site
Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).
Select the file ZHPDiag.txt.
Click on "upload ยป
Copy the url and post it here
Best regards
Spybot is far outdated.
If you wish a free antivirus application, I highly recommend AVG which you can download here:
https://www.avg.com/en-us/free-antivirus-download
If you decide to adopt AVG, Spybot may create a conflict, so you must uninstall Spybot.
As for your the smtmp folder, it just might be still in you system, it is usually hidden and you can't see it. That the little trick on the part of this Trojan Horse, it hides in the stable. If it was not deleted it's there.
I also believe that it's hidding in your system recovery.
If you wish for me to make a final check for virus, I will pass on the results to you and Sundar.
, I require a log.
Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Save the file on your Desktop.
Double click on ZHPDiag.exe and follow the instructions.
the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).
Double click on the short cut ZHPDiag on your Destktop.
Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
Close ZHPDiag.
To transmit the report, click on this link :
https://authentification.site
Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).
Select the file ZHPDiag.txt.
Click on "upload ยป
Copy the url and post it here
Best regards
loukas78
Posts
19
Registration date
Thursday October 20, 2011
Status
Member
Last seen
November 3, 2011
Oct 23, 2011 at 10:57 AM
Oct 23, 2011 at 10:57 AM
Here is the link
https://authentification.site/files/30885385/ZHPScan.txt
Please let me know of what you think.
Except of Malwarebytes do you suggest any other kind of anti spyware-malware software?
https://authentification.site/files/30885385/ZHPScan.txt
Please let me know of what you think.
Except of Malwarebytes do you suggest any other kind of anti spyware-malware software?
Didn't find the answer you are looking for?
Ask a question
loukas78
Posts
19
Registration date
Thursday October 20, 2011
Status
Member
Last seen
November 3, 2011
Oct 23, 2011 at 11:12 AM
Oct 23, 2011 at 11:12 AM
I don't think the previous file is the good one.
(I couldn't find any under the name ZHPDiag.txt. so I send you that one).
DISREGARD IT.
I have just pasted the scan in a text file and uploaded through the website you gave me
https://authentification.site/files/30885676/ZHP_My_scan.txt
THIS MUST BE WHAT YOU WANT. Please suggest me softwares as well.
Thank you very much
(I couldn't find any under the name ZHPDiag.txt. so I send you that one).
DISREGARD IT.
I have just pasted the scan in a text file and uploaded through the website you gave me
https://authentification.site/files/30885676/ZHP_My_scan.txt
THIS MUST BE WHAT YOU WANT. Please suggest me softwares as well.
Thank you very much
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,171
Oct 23, 2011 at 04:21 PM
Oct 23, 2011 at 04:21 PM
Loukas,
I already mentioned an antivirus to you (AVG) which is free.
Otherwise, from experience, Kaspersky, F-Secure and AVG pro, as far as I am concerned are the best. You are worried that the antivirus may slow down your computer. At the moment anything will slow down your computer because I just saw that you have only 17% of available RAM left. If I were you, I would seriously consider buying 1gb additional RAM.
Looking at your log:
1. you have
a) parasite called Parasite.Pugi and
b) an adware called .open candy..
c) another adware called: Adware.AskBarDis
2. You contracted the initial virus on Bittorent
3. You no longer require Malwarebyte, Superantispyware, E-set online scanner and Spybot - Search & Destroy. I suggest removing them to avoid conflicts with the antivirus software you will install.
4. There is also some Norton Symantec junk on your machine
5. I question the necessity for you to have Net framework.
6. You may have an autorun infection on F
If you don't mind, lets get rid of the bugs
1. On your desktop, you have ZHP Fix, please launch it
2. Copy the following files in it:
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} . (...) -- C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} . (...) -- C:\Program Files\vShare\vshare_toolbar.dll
O18 - Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} . (...) -- C:\Program Files\vShare\vshare_toolbar.dll
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O43 - CFD: 7/31/2011 - 1:12:48 PM - [31275710] ----D- C:\Users\MAKIS\AppData\Roaming\OpenCandy
O43 - CFD: 8/1/2011 - 1:53:22 AM - [0] ----D- C:\Users\MAKIS\AppData\Local\OpenCandy
O69 - SBI: SearchScopes [HKCU] {043C5167-00BB-4324-AF7E-62013FAEDACF} - (Web Search...)
O69 - SBI: SearchScopes [HKCU] {C93ADDC3-D3CF-4E1B-8C10-BE14B17055B2} - (Ask.com)
C:\Users\MAKIS\AppData\Roaming\OpenCandy
C:\Users\MAKIS\AppData\Local\OpenCandy
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) /h ccCommon (file missing)
Now click on GO
Your system is now free of infection.
Let me know.
P.S. Next you wish to recover your icons do this:
reboot your computer in the Safe mode with command prompt.
Once Windows loaded, command prompt (black window) opens. Type notepad and press Enter.
A notepad window opens. Type the following text into notepad:
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
AddReg=regsec
[regsec]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
HKLM, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,0x00000020,"Explorer.exe"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad). Close Notepad.
In the command prompt type Explorer.exe and Press Enter. Windows Explorer opens. Locate the fix.inf, click right button and select Install. Close Windows Explorer.
In the command prompt type shutdown -r and press Enter. Your computer will be rebooted.
I already mentioned an antivirus to you (AVG) which is free.
Otherwise, from experience, Kaspersky, F-Secure and AVG pro, as far as I am concerned are the best. You are worried that the antivirus may slow down your computer. At the moment anything will slow down your computer because I just saw that you have only 17% of available RAM left. If I were you, I would seriously consider buying 1gb additional RAM.
Looking at your log:
1. you have
a) parasite called Parasite.Pugi and
b) an adware called .open candy..
c) another adware called: Adware.AskBarDis
2. You contracted the initial virus on Bittorent
3. You no longer require Malwarebyte, Superantispyware, E-set online scanner and Spybot - Search & Destroy. I suggest removing them to avoid conflicts with the antivirus software you will install.
4. There is also some Norton Symantec junk on your machine
5. I question the necessity for you to have Net framework.
6. You may have an autorun infection on F
If you don't mind, lets get rid of the bugs
1. On your desktop, you have ZHP Fix, please launch it
2. Copy the following files in it:
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} . (...) -- C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} . (...) -- C:\Program Files\vShare\vshare_toolbar.dll
O18 - Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} . (...) -- C:\Program Files\vShare\vshare_toolbar.dll
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O43 - CFD: 7/31/2011 - 1:12:48 PM - [31275710] ----D- C:\Users\MAKIS\AppData\Roaming\OpenCandy
O43 - CFD: 8/1/2011 - 1:53:22 AM - [0] ----D- C:\Users\MAKIS\AppData\Local\OpenCandy
O69 - SBI: SearchScopes [HKCU] {043C5167-00BB-4324-AF7E-62013FAEDACF} - (Web Search...)
O69 - SBI: SearchScopes [HKCU] {C93ADDC3-D3CF-4E1B-8C10-BE14B17055B2} - (Ask.com)
C:\Users\MAKIS\AppData\Roaming\OpenCandy
C:\Users\MAKIS\AppData\Local\OpenCandy
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) /h ccCommon (file missing)
Now click on GO
Your system is now free of infection.
Let me know.
P.S. Next you wish to recover your icons do this:
reboot your computer in the Safe mode with command prompt.
Once Windows loaded, command prompt (black window) opens. Type notepad and press Enter.
A notepad window opens. Type the following text into notepad:
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
AddReg=regsec
[regsec]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
HKLM, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,0x00000020,"Explorer.exe"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad). Close Notepad.
In the command prompt type Explorer.exe and Press Enter. Windows Explorer opens. Locate the fix.inf, click right button and select Install. Close Windows Explorer.
In the command prompt type shutdown -r and press Enter. Your computer will be rebooted.
loukas78
Posts
19
Registration date
Thursday October 20, 2011
Status
Member
Last seen
November 3, 2011
Oct 23, 2011 at 05:08 PM
Oct 23, 2011 at 05:08 PM
I Did all the previous carefully.
No changes on the desktop ( should the installation of fix.inf have taken much time? While doing this in safe mode no window poped up on the screen. I am not sure it worked)
I uninstalled some programs through control panel. HOWEVER I don't know what to do with
4,5,6 in your last contact.
ALSO CAN YOU EXPLAIN ME WHAT YOU MEAN BY "You contracted the initial virus on Bittorent". I have never use this bittorent!!!
Here is the report from ZHPFix
Rapport de ZHPFix 1.12.3365 par Nicolas Coolman, Update du 18/10/2011
Fichier d'export Registre :
Run by MAKIS at 10/23/2011 5:27:49 PM
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Registry Key ==========
DELETED Key: CLSID BHO: {043C5167-00BB-4324-AF7E-62013FAEDACF}
NOT FOUND Key: Service: AudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
DELETED Key: SearchScopes :{043C5167-00BB-4324-AF7E-62013FAEDACF}
DELETED Key: SearchScopes :{C93ADDC3-D3CF-4E1B-8C10-BE14B17055B2}
NOT FOUND Key: Service: CLTNetCnService) /h ccCommon (file missing)
========== Registry Value ==========
DELETED Toolbar: {043C5167-00BB-4324-AF7E-62013FAEDACF}
========== Registry Data Items ==========
ERROR CLSID PAPP: {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
========== Repertory ==========
DELETED Folder: C:\Users\MAKIS\AppData\Roaming\OpenCandy
DELETED Folder: C:\Users\MAKIS\AppData\Local\OpenCandy
========== File ==========
DELETED File: c:\program files\vshare\vshare_toolbar.dll
NOT FOUND File: c:\program files\vshare\vshare_toolbar.dll
DELETED File: c:\windows\system32\drivers\xaudio.exe
NOT FOUND Folder/File: c:\users\makis\appdata\roaming\opencandy
NOT FOUND Folder/File: c:\users\makis\appdata\local\opencandy
========== Summary ==========
5 : Registry Key
1 : Registry Value
1 : Registry Data Items
2 : Repertory
5 : File
End of clean in 11mn AMs
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 10/23/2011 5:27:49 PM [1560]
Thank you again for your help
No changes on the desktop ( should the installation of fix.inf have taken much time? While doing this in safe mode no window poped up on the screen. I am not sure it worked)
I uninstalled some programs through control panel. HOWEVER I don't know what to do with
4,5,6 in your last contact.
ALSO CAN YOU EXPLAIN ME WHAT YOU MEAN BY "You contracted the initial virus on Bittorent". I have never use this bittorent!!!
Here is the report from ZHPFix
Rapport de ZHPFix 1.12.3365 par Nicolas Coolman, Update du 18/10/2011
Fichier d'export Registre :
Run by MAKIS at 10/23/2011 5:27:49 PM
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Registry Key ==========
DELETED Key: CLSID BHO: {043C5167-00BB-4324-AF7E-62013FAEDACF}
NOT FOUND Key: Service: AudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
DELETED Key: SearchScopes :{043C5167-00BB-4324-AF7E-62013FAEDACF}
DELETED Key: SearchScopes :{C93ADDC3-D3CF-4E1B-8C10-BE14B17055B2}
NOT FOUND Key: Service: CLTNetCnService) /h ccCommon (file missing)
========== Registry Value ==========
DELETED Toolbar: {043C5167-00BB-4324-AF7E-62013FAEDACF}
========== Registry Data Items ==========
ERROR CLSID PAPP: {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
========== Repertory ==========
DELETED Folder: C:\Users\MAKIS\AppData\Roaming\OpenCandy
DELETED Folder: C:\Users\MAKIS\AppData\Local\OpenCandy
========== File ==========
DELETED File: c:\program files\vshare\vshare_toolbar.dll
NOT FOUND File: c:\program files\vshare\vshare_toolbar.dll
DELETED File: c:\windows\system32\drivers\xaudio.exe
NOT FOUND Folder/File: c:\users\makis\appdata\roaming\opencandy
NOT FOUND Folder/File: c:\users\makis\appdata\local\opencandy
========== Summary ==========
5 : Registry Key
1 : Registry Value
1 : Registry Data Items
2 : Repertory
5 : File
End of clean in 11mn AMs
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 10/23/2011 5:27:49 PM [1560]
Thank you again for your help
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,171
Oct 24, 2011 at 05:17 AM
Oct 24, 2011 at 05:17 AM
Hello Loukas,
Seems that the Fix worked. The deleted items don't make icons return.
Sorry but the fix I gave you didn't work it was too late.
You have bittorent in your system which is a peer to peer application. Most often, infections are transmitted through downloads.
As I told you, your RAM is at a critical point. While you are thinking of investing here is a small tool which you can use to stop unnecessary applications for starting at boot time. That should save some ram.
https://www.malwarebytes.com/mwb-download/
If you never use Net Framework you don't need it, it's only for certain special applications, you can delete it.
After you deleted netframework, download, install and run this totally free yet very efficient registry cleaner :
https://ccm.net/download/download-13339-eusing-free-registry-cleaner
Click on scan ans once finished on repair.
The above may also rid traces of Norton
Don't be surprised is you get hundreds of errors.
As for the autorun, I suggest you wait to see if you encounter any problem on "F". There are all kinds of solved topics on autorun on this forum including the faq.
Good luck
Seems that the Fix worked. The deleted items don't make icons return.
Sorry but the fix I gave you didn't work it was too late.
You have bittorent in your system which is a peer to peer application. Most often, infections are transmitted through downloads.
As I told you, your RAM is at a critical point. While you are thinking of investing here is a small tool which you can use to stop unnecessary applications for starting at boot time. That should save some ram.
https://www.malwarebytes.com/mwb-download/
If you never use Net Framework you don't need it, it's only for certain special applications, you can delete it.
After you deleted netframework, download, install and run this totally free yet very efficient registry cleaner :
https://ccm.net/download/download-13339-eusing-free-registry-cleaner
Click on scan ans once finished on repair.
The above may also rid traces of Norton
Don't be surprised is you get hundreds of errors.
As for the autorun, I suggest you wait to see if you encounter any problem on "F". There are all kinds of solved topics on autorun on this forum including the faq.
Good luck
I got this virus the other day and this post helped me get rid of it in the amount of time it took to download the programs and run a scan. THANK YOU for the help!!!!!!!
Anonymous User
Oct 25, 2011 at 12:11 AM
Oct 25, 2011 at 12:11 AM
loukas78
Follow the steps provided by ambucias and that should make your PC clean.
Do not download fake softwares,in your case you should have downloaded '' Data recovery software which had caused you so much trouble.
I think you have got almost all the answers from ambucias
// Does missing the smtmp folder makes my laptop valnerable or disoperationable etc??? //
SMTMP folder is not your system folder but a folder created by the virus to backup your icons.It doesnot have any executable that can bring back your virus.Losing it will not cause you any trouble.
jbcorcor
Appreciate your feedback
Follow the steps provided by ambucias and that should make your PC clean.
Do not download fake softwares,in your case you should have downloaded '' Data recovery software which had caused you so much trouble.
I think you have got almost all the answers from ambucias
// Does missing the smtmp folder makes my laptop valnerable or disoperationable etc??? //
SMTMP folder is not your system folder but a folder created by the virus to backup your icons.It doesnot have any executable that can bring back your virus.Losing it will not cause you any trouble.
jbcorcor
Appreciate your feedback
Ambucias and sundar,
I followed your last instructions as well as the previous ones. I got rid off a lot of stuff with the registry cleaner.
I am also planning to buy an extra RAM. AVG is already installed on my PC.
You were really patient, helpfull and topic specific.THANK YOU SO MUCH
I followed your last instructions as well as the previous ones. I got rid off a lot of stuff with the registry cleaner.
I am also planning to buy an extra RAM. AVG is already installed on my PC.
You were really patient, helpfull and topic specific.THANK YOU SO MUCH
Hi,
i'm brazilian, I have this problems.
after you remove de malware you have to set de explorer settings, -> see my file and directories hidden.
the file and the programs are HIDDEN thats why we don't see the files on the pastes and directories,
i'm brazilian, I have this problems.
after you remove de malware you have to set de explorer settings, -> see my file and directories hidden.
the file and the programs are HIDDEN thats why we don't see the files on the pastes and directories,
