Serious malware/trojan problem

My computer has a serious dose of something..

"win32:dialer-gen13 [TRJ]" this comes up in various different forms, i've run multiple scans/windows defender/spy-bot/ad-ware se ect nothing finds it..avast catches it but it wont move to the quartine chest it says process is in use.

This started last night, it crippled my computer at the start, IE would load then crash.

Ive noticed that there is multiple copies of svchost.exe running in Windows task manager..normally there is only one running.

Help?

format put 3 av and 4 firewalls on max secirity and dont do anything except playing guild wars ... works for me
its normal to have multiple svchosts
http://support.microsoft.com/kb/314056

If that is what it looks like (a dialer) watch your bills and check for anything weird. And you should consider a switch to firefox/opera aswell as what dronex said.

Done this check after browsing a tech forum, came up with this


SmitFraudFix v2.106

Scan done at 17:24:51.53, 09/10/2006
Run from C:\Documents and Settings\Darren\My Documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\screen.html FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Darren


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Darren\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Darren\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\wmfhotfix.d ll"


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Got Avast?

It's a very good antivirus program. Think you can find it on google or something.

Kills virus, trojans and all that junk in no time.

Edit: Avast is free. www.avast.com

Admins Bane,

Also, you may want to download and run this little app.

http://www.softpedia.com/get/Antivirus/VundoFix.shtml

It doesn't need installing, just download the file and run it. Once it's finished scanning your system let it 'fix' them and it'll ask you to reboot. Click yes and, if it did find anything, you should have a clean system.

Install bittorrent..hmm no thanks.

Think I've managed to get rid of it, time will tell.

Still, Avast is a good antiviurs program

Should get it, if you don't have any super-duper fantastic program I never heard of.

Ok, if you don't want to use torrent, I use uTorrent by the way, you can grab it here as a direct download instead. It's only 68K so it's not going to take long.

http://www.majorgeeks.com/download4954.html

It's worth running even if you think you've got rid of the problem.

I have Avast. its ok but its better at finding viruses then it is stopping them.

Azagoth, thanks.

wow...Avast offically sucks comapred to this one...my computer is seriously infected

its not finished but its found

12 severe
1 dangerous

If it's found that many, just wait till you see how fast your PC re-boots once you've let it remove them. The first time I ran it I found three, and after removal the PC booted back up in about 25 secs.

Well I paid for the full version but I have one question is it a full antivirus or do I need to keep Avast?

It's mainly a tool to get rid of most of the spy/malware that others like Spybot and AdAware miss. You know, like those bloody "Your PC is infected, buy our anti-spyware" pop-up messages that you get mainly with IE.

I'd keep some sort of anti-virus software on there though. Like you I use Avast, but between Vundofix, Spybot and AdAware there's nothing left for Avast to catch. I only use Avast on a weekly basis now, just for peace of mind and to be on the safe side.

Give your computer a whole clean up, a big nice virus scanning and all that, and let it finish. Might take some hours.

I had sorta the same, and Avast cleaned it up. And get SpyBot Search and Destroy, another good program. Haven't used it so much.

CCleaner to clean up all junk that might lay around in your system. ^^

(I'm no good at getting rid of virus, trojans etc, mostly the programs o.O)

Edit: Azagoth said the same, I'm just slow.
(That rhymed.)

If things aren't getting removed then boot into safe mode and run your antivirus scans.
IE? Switch to Firefox immediatly.

When you get one virus, it's hard to prevent yourself from getting more, so usually if you have one you will have others. Other than that, as long as you aren't going to suspicious websites, I don't know how you got the viruses.

Multiple svchosts are ok. Just make sure that they are only in the system32, i386, or prefetch folders when searching or it. Otherwise, look into seeing if they are a virus in other locations.

Meh after all those hours it came back again...will do a scan in safe mode if that doesn't work then I'll trash the comp.

Trash the comp? If you are willing to take such drastic measures, just get a new hard drive.

or do a low level format and dump windows back in.

Run SpywareBlaster, CCleaner, CWShredder, Ad-Aware, Spybot, AVG Anti-Spyware (formerly ewido) and then post a HijackThis log.

Also do a boot-time scan of your drives with Avast.

I have read this entire post, and maybe I missed it, but the first thing you should do is delete ALL of your restore points BEFORE you run a scan. I also suggest going to Trend Micro website, they have a free scanner and its HYPER accurate. ITs a ALL in ONE scanner, scans for viruses, malware, and security problems. If you do all this and it cleans your system and then it returns again, that means its imbedded in your registry. You may succeed in removing the virus itself, but if its registry key is left behind, it can regenerate the virus (ie redownload it). If this happens again, then I agree, do a low level format of the drive, then do a regular format on the drive, then reinstall the OS

Delete restore points..how? I'm a computer noob, if you don't explain it in plain English I'll get lost.

click on the start menu, click control panel, then click on the system icon if in classic window view or click on performance and maintenance then click on system, look for a system restore tab, check the turn off system restore on all drives,click on apply, and and hit on yes.

Windows XP backs up system files automatically or when there is new software installed. The problem is if you machine gets a virus and it's not caught. System Restore will back it up as well. So you can clean up your system.. but there still may be a copy of it on the computer.

It's fine but if you use system restore to bring back your pc like it use to be.. complete with undetected virus... it brings it back as well.

You don't delete your restore points until your system is clean. This way you have something to fall back on, even if infected or semi-infected.

Once clean, you first create a new point and label it Clean System, then you can use the Disk Cleanup > More Options tab and clean the System Restore by removing all except the last known good point.

I would suggest something that may seem more drastic, but is probably the best full solution.

Backup your data, and do a full wipe and reload. For a lot of virus and trojans, that is really the only way to really get rid of them. It sounds like you have multiple "dropper trojans" running in the background.

The problem with most of them is that they come out almost daily. It takes 3-14 days for the AV companies to discover them and write a removal. The problem is that by the time they find one, you have 2-5 newer versions already in your system that it can't detect yet.

It sounds like this is the circle you are in. You find some, and remove them. But since you are still infected with newer versions, it happens all over again.

Probably 75% of the computers that come into my shop are infected with virus and other malware. And it truely is an epidemic. And so far, every system that came in with P2P software (including Torrent, Kazaa, Limewire, etc) has had multiple infections. And the same goes for people that use the gambling sites. PartyPoker inserts multiple trojans and spyware when you use it, and other gambling sites are even worse.

Backup your data, then do a complete wipe and reload of your OS. Install all the updates, and a good antivirus (Norton, AVG, or Avast). And install multiple spyware programs and run them regularly. I install AdAware, SpyBot, and Microsoft Defender on every system I build or reload.

And stay away from what I call the "Dark Alleys of the Internet". That includes peer-to-peer file trading, gambling, hacker sites, and porn sites (other then the more "legitimate" ones like Playboy). This is where most trojans and malware tends to come from.

I agree that most of the computers I have to fix have been infected through file sharing programs or porn. If you are gonna do it, don't do it on your main computer. This is a reason you should back up your files regularily.

Reinstalling the OS is a sure thing to get rid of it, and it is sometimes quicker than fighting with the spyware and viruses on multiple reboots and safe mode/msconfig. Although, you will lose ALL your files unless you have a separate partition that isn't infected (if you end up learning how to do partitions). If it isn't a business computer this is how I set up people in the beginning. After this they can do whatever they want to it (buy different anti-virus/spyware removal if that floats their boat).

AVG Free for an anti-virus
Mozilla Firefox for a web browser
Zonealarm Free for a firewall
Ad-Aware and Spybot Search and Destroy for anti-spyware