Virus + Software to remove

[BenJ]

Ok my brother downloaded a file last night which must have contained a virus of some sort.

Now a pop up keeps comming up on his pc.

I've scanned the pc with AVG 7.5 Free Edition and it finds:

"eugbcwka.dll - Trojan horse Generic5.GQ - C:\Documents and Settings\Ash\Local Settings\Temp\eugbcwka.dll"
"tlpierin.dll - Trojan horse Collected.11.B - C:\Documents and Settings\Ash\Local Settings\Temp\tlpierin.dll"

says they are healed/removed then they are there again on the next scan.

Also a scan with Spybot 1.4 finds:

Virtumonde
Smitfraud-C.Toolbar888

It says Smitfraud-C.Toolbar888 has been removed when you click fix selected problems, and restart to fix the other problem because its in the system memory, but afer a restart it still wont go.


So as you can see they are pesky little things that im having trouble removing. Does anyone have any ideas of ways to get rid? Possibly anyone had these before and managed to remove them? I dont really want to have to show him how to reformat e.t.c so im hoping there is some software out there.

Help much appreciated guys.

 

[kirbz]

have you tried ad-aware 2007? spyware terminator is 1 too, may also be worth running ccleaner

 

[BenJ]

Going to try a ad-aware 2007 check now, and see what the results are. Ill post back.

 

[rickyt]

If it came in as an .exe file you may get rid of it on a virus scan , but as soon as you re-boot it will come back . First ,delete all TIF [temporary internet files] this is where they start ,then will most probably procede to windows & windows/system files .Delete the files in your profile ie .C:\Documents and Settings\Ash\Local Settings\Temp\eugbcwka.dll" . Lots of virus leave there mark in the registry , So , get a cleaner and scan your Registry . I use Wise Registry Cleaner [free] for this .Once you do this do another virus scan and see what shows up .I often have a look in Windows for a suspicious .exe file . This is how the old dialers started , as an .exe file in Windows ,XXdialer.exe for instance , as soon as you deleted the icon from the desktop , when you did a re-boot the XXdialer.exe started the whole process again . Once you got rid of the source , it never happened again .

ps .if the dll files are hard to get rid off ,try re-booting in SAFE mode and doing a scan , or deleting the files in TEMP folder .

 

[BenJ]

Ok ill give those steps a go once ive finished this AVG anti spyware scan.

Just one thing, I cant find how to boot in safe mode with this mobo - Gigabyte GA-965P DS4. There is bios, express recovery and boot devices on the splash screen, but no safe mode option.

 

[Dano]

F8 for safe mode.

 

[BenJ]

tried f8, didnt work.

 

[Duke]

Give NOD32 a go. 30 day trial on their site.

 

[Azagoth]

If it's virtuomonde then download and run this, should clear it up no problem.

http://www.softpedia.com/get/Antivirus/VundoFix.shtml

Just run the file, let it scan then fix all it finds. Reboot and it's done.

 

[BenJ]

thanks aza, legend, got rid of it. Just need to make sure the rest has gone now

 

[BenJ]

Ok still have the Smithfraud spyware poping up in spybot everytime i search. Are there any specific fixes for this spyware?

 

[firewallblocked]

Smitfraud-C.Toolbar888 is a nasty one, you run lots of different removal tools and like a B-Movie trilogy it's back again! I'll add VundoFix 6.5.0 to my collection of anti-spyware software.

I often use AutoRuns for Windows v8.61 as it shows what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. It may now be owned by Microsoft but is a great tool, so good they bought the company & guys who wrote it.

CAUTION!!!!
Be careful what you untick (remove/delete) as deleting the wrong thing can cause problems, but I have through practice worked out what looks bad and whats not. Most startup items show Publisher & discription which does help to root out the bad entries. Just don't be too eager to untick stuff, a google search for a entry name/image path will often shed light on unwanted spyware.

CAUTION!!!!

Use at your own risk, it's NOT a scan, remove, delete program but it did help with my smitfraud removal when used with other removal tools.

http://www.microsoft.com/technet/sysinternals/utilities/Autoruns.mspx

 

[BenJ]

cheers firewallblocked, but i used spybot startup organiser or the windows command (i forget it now) so i probs dont need a 3rd start up organiser.

 

[firewallblocked]

http://www.bleepingcomputer.com/files/smitfraudfix.php

SmitFraudFix is one I have used before, but it is at your own risk. If you have anything of life or death on your pc always worth backing it to cd/dvd before you attempt spyware removal as some of the removal tools are pretty hardcore and may even be picked as spyware by your antivirus program!

 

[firewallblocked]

cheers firewallblocked, but i used spybot startup organiser or the windows command (i forget it now) so i probs dont need a 3rd start up organiser.

Autoruns shows up a vast amount more than spybot. What you see below in the window ticked is only about 1/16th of all the enteries you can view/remove.


Shot at 1969-12-31

 

[firewallblocked]

Take note if you were to untick all the boxes you see, things would go from bad to 11. (Very Very BAD.) I finshed removing spyware yesterday but I don't have any screen prints to show what was shown in autoruns.

One thing I removed wasn't detected! I just googled what I thought looked dodgy and it turned out to be an infection.

 

[BenJ]

All clear now guys. Spybot and AVG find nothing

Thanks for the help.

 

[bledd]

turn of system restore
run..
ccleaner slim
nod32
avg antispyware
windows defender
adaware 2007
spybot s&d

proceed to batter brother