Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Trojan Virus infection

Posted on 2007-03-25
Medium Priority
Last Modified: 2013-11-22
Infected with Radim Hook.  I cant seem to get rid of it. I have tried Hijack this and Webroot spysweeper.  It keeps coming back.  My gut tells me its in registry.  Can anyone advise on how to get rid of this particular virus.  Thanks in advance.

Question by:mschiff6
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 38

Accepted Solution

younghv earned 252 total points
ID: 18789659
Download and install Superantispyware
Load Superantispyware and click the "check for updates" button.
Re-boot into "Safe Mode" (tap the F8 key during boot cycle and select 'Safe Mode'

* Start Superantispyware.
Click the "scan your computer" button.
Check "Perform Complete Scan" and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click "Preferences" and then click the "statistics/logs" tab.
Click the dated log and press view log and a text file will appear.

These instructions courtesy of: rpggamergirl

Get the newest version of HJT:

Please download HijackThis 1.99.1
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> 
and click "Analyse", click "Save".  Then post the link to the saved list here.


Author Comment

ID: 18794097
There is nothing in HIjack indicative of Radim-Hook.  I am very familiar with Hijack this.  I tried both Spysweeper and your recommendation and  I still get it back on re-boot.  I am sure it is in the registry but
I cant identify the hive or key thats doing it.  Radim-Hook is probably the worst I have ever encountered.
Has anyone any  experience in getting rid of Radim-Hook trojan.  Thanks

Assisted Solution

deadite earned 252 total points
ID: 18794537
Have you tried Spybots SD, Lavasoft AdAware, or Windows defender?  All 3 are free, and clear up alot.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Assisted Solution

cdnq8 earned 248 total points
ID: 18798570
Hi Yah Deadite is right,
you can use a combination of Adware and Spybot, but before using this update it and than scan your computer, but dont be connected to internet while scanning it, and scan it first by lavasoft adware and than Spybot, and fix the probs hope it will work, hopefully this will work fine.


Assisted Solution

gcook63 earned 248 total points
ID: 18807363
I manage over 3000 computers and have found that XoftSpy SE is a great spyware removal tool. You can run a free scan however; to remove anything a purchase is required.
LVL 38

Expert Comment

ID: 18808981
Many versions of malware are written to hide from "HijackThis".
If you aren't using a re-named version (as I recommended), nothing will show up.

As a side note, I USED to think I was pretty spiffy with HJT -- until I watched some of the folks here at E-E go to work on the log files.

Author Comment

ID: 18809234
OK - Spysweeper detect's and tells me its removing the threat (which it lists as very high).
However - it comes back on boot.  I ran Spysweeper in safe mode and same thing happens.
It appears to trigger in spysweeper when it is searchng the registry.   Adaware - same thing.
Spybots did not detect.  Has anyone any idea of specifically what hives and keys are hit in the registry
by RADIM-Hook.  Thanks
LVL 38

Expert Comment

ID: 18809946
Are you running Spysweeper in "Safe Mode"?
Have you turned off your "System Restore" while you're attemting to clean this up?
Do you have the Spysweeper Log (you can post it at ee-stuff as indicated above)?

Yes you have infected registry entries, but if you would take the time to try my suggestions - they will get cleaned out.

Also, if you would post the HJT log (as requested) it would show us the infected registry keys.

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question