Trojan.Zlob et al

A friend (no really ) of mine is having problems with some
persistent little critters and I am out of ideas.

This is the relevant bits of his last email



Has anyone got a fix for this?

Cheers
Elija

heres a link which goes into how to remove it.

Get you mate to also download adaware, spybot and ewdio (commercial but free trial). Get him to update all of them & make sure he has updated his virus scanner as well.

When scanning get him to turn off system restore, reboot into safemode and run full scans against his machine.

A trip to pandasoft probably wouldnt go amiss either.

This should remove most/all of the nasty critters from his machine.

Displeaser

If still having problems after, run HijackThis and post the log on here for us to have a look at.

Thanks guys, I have sent this info on to him. Now I just have to
wait and see...

OK, I have finally received a HijackThis log which I have attached. Also
this is the contents of his email

Can you also get him to download, update the definitions and run Trojan Hunter but in normal mode. After which, post a fresh HJT log for us to look at.

I now have a new Hijack this log for you.... Finally checked my
spam folder and it had been put there...

Hi,

I think your still infected.

Did your friend download, install, update and run full system scans of the software above?

Can you download smitfraudfix. Turn off system restores. Reboot into safemode and run smitfraudfix, it creates a log so can you post that here. If he hasnt run ewido,adaware etc he should run full system scans now. Run hijackthis, delete the following lines if they still exist.

O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt0.dll
O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe

save the hijackthis log and post that here with the smitfraudfix log.

Displeaser

He did

I'll pass your comments on and see where we go..

Thanks

Also, on the HJT log, have it fix:

C:\WINDOWS\System32\issearch.exe
O4 - HKLM\..\Run: [Teammagsdeaddelete] C:\Documents and Settings\All Users\Application Data\dog error team mags\flag hope.exe
O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
O4 - HKCU\..\Run: [SinglesMSetup.exe] C:\DOCUME~1\TEMP\MYDOCU~1\MYRECE~1\SINGLE~1.EXE /r
O16 - DPF: {139DD48B-3684-2520-4309-46B93A6200BA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1B4E983C-601B-6D87-F023-71FC5E4095E9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1D07629B-8870-2324-6802-7E6E668C5794} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {28FD1044-F4F3-70EE-CD23-0B4B01F4D199} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4141B288-1E4E-067C-2CD4-7DCC0308114D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6025F285-BB51-45A9-C03E-071C301EB37D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {64D6A350-C621-20E6-7534-483C36830328} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {68AED5DC-4277-5892-53E9-5714695AE40C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6D3B5277-D6AE-6EC5-DE5B-54265DD49D53} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7D970B90-BB1D-00C9-8024-1E6401973EC7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba2218.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{369DB834-937A-4775-B34E-BE61092B9192}: NameServer = 195.112.4.4,195.112.4.7
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: fairydom - {5839511e-ec1b-4f91-ace3-fb88e52f5239} - (no file)