Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 11 of 11 Posts

·
Registered
Joined
·
10 Posts
Discussion Starter · #1 ·
Ive always liked cleaning my computer with programs and have never gotten problems removing spyware because I search at google, search at forums and have also have the programs Ewido, SpywareGaurd, CounterSpy, Ad-Aware, SpyBot SD and Spyware Blaster but I dont know why some spyware keep coming back called Trojan.Pakes, Downloader.Small, and a file that adds a BHO called vtsqo.dll which is at the system32 folder. I use Windows XP which is up-to-date and have all my programs updated and I scan at Safe Mode but after a while a popup comes up from Ewido saying im infected with Trojan.Pakes/Downloader.Small and/or Spyware Gaurd comes up saying vtsqo.dll is trying to add a BHO and when I click "Remove the BHO" it just keeps coming back to the same window again so I cant take it off. I even went to Safe Mode, scanned with Ewido and then used a program to remove all my temp files but it keeps coming back. Please Help, I will do anything to take those things off. Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21 AM, on 28/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Home\Desktop\HijackThis.exe
C:\WINDOWS\system32\cool.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #3 ·
Please Help!!!!! No one is replying and its been quite a while. More other people that have posted their topic 1 minute ago are getting replied to but not me!!!!!!!!
 

·
Retired Moderator
Joined
·
72,209 Posts
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #8 ·
The thing is that just got mad because people who have posted a topic WAY after me have gotten answered already and I wasnt answered intill now. But im very sorry. Also its been 54 Minutes so thats pretty close :p.
 

·
Retired Moderator
Joined
·
72,209 Posts
It's very difficult to help someone when they are getting help somewhere else or running tools without being asked to do that.

TSG is staffed by volunteers and we do the best we can to help everyone. As a moderator I have other duties and part of that is running around closing duplicate threads! I have not even been to the Security forum page today to see the new threads!

Maybe you would best be served by trying http://www.techguylive.com/
 
1 - 11 of 11 Posts
Status
Not open for further replies.
Top