Solved

Trojan Virus infection

Posted on 2007-03-25
9
780 Views
Last Modified: 2013-11-22
Infected with Radim Hook.  I cant seem to get rid of it. I have tried Hijack this and Webroot spysweeper.  It keeps coming back.  My gut tells me its in registry.  Can anyone advise on how to get rid of this particular virus.  Thanks in advance.

0
Comment
Question by:mschiff6
9 Comments
 
LVL 38

Accepted Solution

by:
younghv earned 63 total points
ID: 18789659
Download and install Superantispyware
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Load Superantispyware and click the "check for updates" button.
Re-boot into "Safe Mode" (tap the F8 key during boot cycle and select 'Safe Mode'

* Start Superantispyware.
Click the "scan your computer" button.
Check "Perform Complete Scan" and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click "Preferences" and then click the "statistics/logs" tab.
Click the dated log and press view log and a text file will appear.

These instructions courtesy of: rpggamergirl
http://www.experts-exchange.com/M_3598771.html

Get the newest version of HJT:

Please download HijackThis 1.99.1
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.

0
 

Author Comment

by:mschiff6
ID: 18794097
There is nothing in HIjack indicative of Radim-Hook.  I am very familiar with Hijack this.  I tried both Spysweeper and your recommendation and  I still get it back on re-boot.  I am sure it is in the registry but
I cant identify the hive or key thats doing it.  Radim-Hook is probably the worst I have ever encountered.
Has anyone any  experience in getting rid of Radim-Hook trojan.  Thanks
0
 
LVL 8

Assisted Solution

by:deadite
deadite earned 63 total points
ID: 18794537
Have you tried Spybots SD, Lavasoft AdAware, or Windows defender?  All 3 are free, and clear up alot.
0
Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 1

Assisted Solution

by:cdnq8
cdnq8 earned 62 total points
ID: 18798570
Hi Yah Deadite is right,
you can use a combination of Adware and Spybot, but before using this update it and than scan your computer, but dont be connected to internet while scanning it, and scan it first by lavasoft adware and than Spybot, and fix the probs hope it will work, hopefully this will work fine.

Taher
0
 

Assisted Solution

by:gcook63
gcook63 earned 62 total points
ID: 18807363
I manage over 3000 computers and have found that XoftSpy SE is a great spyware removal tool. You can run a free scan however; to remove anything a purchase is required.

http://paretologic.com/
0
 
LVL 38

Expert Comment

by:younghv
ID: 18808981
Many versions of malware are written to hide from "HijackThis".
If you aren't using a re-named version (as I recommended), nothing will show up.

As a side note, I USED to think I was pretty spiffy with HJT -- until I watched some of the folks here at E-E go to work on the log files.
0
 

Author Comment

by:mschiff6
ID: 18809234
OK - Spysweeper detect's and tells me its removing the threat (which it lists as very high).
However - it comes back on boot.  I ran Spysweeper in safe mode and same thing happens.
It appears to trigger in spysweeper when it is searchng the registry.   Adaware - same thing.
Spybots did not detect.  Has anyone any idea of specifically what hives and keys are hit in the registry
by RADIM-Hook.  Thanks
0
 
LVL 38

Expert Comment

by:younghv
ID: 18809946
Are you running Spysweeper in "Safe Mode"?
Have you turned off your "System Restore" while you're attemting to clean this up?
Do you have the Spysweeper Log (you can post it at ee-stuff as indicated above)?

Yes you have infected registry entries, but if you would take the time to try my suggestions - they will get cleaned out.

Also, if you would post the HJT log (as requested) it would show us the infected registry keys.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
"There is a problem with this website's certificate" 6 68
Web Browsers Start Page Hijacker 14 189
Sudden performance loss on a Vista system. 14 154
Anti-virus for Linux Server 15 159
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question