I did a scan with AVG last night and it found some nasties  There were about 400 files affected All but 4 have been put in vault. In my HJT log i found four entries where AVG has said the virus/s are.

 

O4 - HKLM\..\RunServices: [APILE32.EXE] C:\WINDOWS\SYSTEM\APILE32.EXE
O4 - HKLM\..\RunServices: [NTES32.EXE] C:\WINDOWS\NTES32.EXE
O4 - HKLM\..\RunServices: [ADDCX.EXE] C:\WINDOWS\ADDCX.EXE
O4 - HKLM\..\RunServices: [APPIT.EXE] C:\WINDOWS\SYSTEM\APPIT.EXE

 

I am a bit concerned about fixing these in case they are essential things... I am pretty PC KNOWLEDGE CHALLENGED

 

I have done a search here regarding my problem and have tried some of the solutions ie ... the online scan and it found some things that AVG missed and files were deleted or changed but the downloader viruses just wont budge. Have run CW Shredder before attempting to do scans with spybot and adaware.  Both S&D and Adaware stop running before scan completes. I noticed during several attempts at S&D it stopped running when it reached something called Adgoblin (dont know if this is relevant). 

 

Apart from AVG telling me these critters are present, i have had problems with pc being very slow at startup ( i have disabled everything in startup via msconfig)

 

I would really appreciate some advice on how to get rid of these things. Here is my hijack log.

 

Thanks in advance.

 

 angelbabe

 

 

Hey angelbabe

 

Proud member of:

 

Thanks for reply. I did a bit of reading of help you have given other people and i used my initiative and took a few actions while waiting for you to reply.

 

I could not open the About Buster thing .. I got a message about a corrupt or missing database. Anyhow, I did all the regedit and deleted the things and also deleted some things Ihought looked a bit suspect from HJT log

 

My Latest AVG has shown i am virus free !!!!   WITH JOY !!! I really, really hope this nasty has gone .. someone told me that it can still be on pc. 

 

Here is my latest .... MUCH improved log

 

Logfile of HijackThis v1.98.2
Scan saved at 23:41:44, on 27/09/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btopenworld.com/templates/btwebcontrol.cab
O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4394/mcfscan.cab

 

I dont know if this is virus or spyware related, but I am still having a nitemare rebooting ..... it takes about 20 mins to start  I have deseletcted everything via msconfig so it isnt because there are lots of things to be loaded. I watched the whole startup process and have noticed it makes a heck of a noise and seems to take the longest when it gets to this part of startup.
C:\ > Rem [Header]
code prepare code page
code prepare function completed

Are these essential to getting windows up and running? scuse my ignorance .. i am somewhat PC knowledge *challenged*

 

I kid you not, I have been sitting here almost constantly since Friday...just having a few power naps while waiting for all the various scans to finish....some of them took 2 hours This is the most stubborn trojan i have come across.  In hindsight, I should have known something was wrong because my homepage kept on changing to about:blank and i also got Only the Best popups. I did a good clean with CC Cleaner and I think I got rid of a lot of junk ... it is a really fantastic programme. Have also installed spyware guard and if my memory allows me to I will install a firewall.

 

I really, really hope that this CRITTER has gone completely.

 

Thank you so much for all your help. After trawling the web for hours looking for a solution YOUR advice has been the best.  

 

If there are any other steps I can take to see for sure if this thing has gone, please advise.  I will delete the things in HJT I havent done yet later. 

 

Angelbabe

"someone told me that it can still be on pc."... It can be

Take a run with Trojan hunter: http://www.antivirus-online.de/english/counttro.php3?a=1204

About boot time: http://65.24.134.81/KipSolutions/W98/98PerformanceTweaks.htm

For safer surfing:
http://www.javacoolsoftware.com/spywareblaster.html
http://www.javacoolsoftware.com/spywareguard.html
https://netfiles.uiuc.edu/ehowes/www/resource.htm
http://www.unhsolutions.net/IEPK/index.shtml

And read this
http://computercops.biz/postt7736.html

Download Spybot Search and Destroy here : http://www.safer-networking.org/index.php?page=mirrors if it is not already installed on your computer
Install the program and then start it. Once the program has started make sure you are in the Spybot-S&D section. Click on the "Search for Updates" button. Download all updates. In some cases the program will restart after an update. When updated, click on the Immunize "Scan System" button. When the Check is over, fix all marked with red

Adware http://www.lavasoftusa.com/support/download/
Check-Update. choose - Perform full system scan

Tell how it goes

 

Proud member of: