Solved

Trojan Virus infection

Posted on 2007-03-25
9
775 Views
Last Modified: 2013-11-22
Infected with Radim Hook.  I cant seem to get rid of it. I have tried Hijack this and Webroot spysweeper.  It keeps coming back.  My gut tells me its in registry.  Can anyone advise on how to get rid of this particular virus.  Thanks in advance.

0
Comment
Question by:mschiff6
9 Comments
 
LVL 38

Accepted Solution

by:
younghv earned 63 total points
ID: 18789659
Download and install Superantispyware
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Load Superantispyware and click the "check for updates" button.
Re-boot into "Safe Mode" (tap the F8 key during boot cycle and select 'Safe Mode'

* Start Superantispyware.
Click the "scan your computer" button.
Check "Perform Complete Scan" and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click "Preferences" and then click the "statistics/logs" tab.
Click the dated log and press view log and a text file will appear.

These instructions courtesy of: rpggamergirl
http://www.experts-exchange.com/M_3598771.html

Get the newest version of HJT:

Please download HijackThis 1.99.1
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.

0
 

Author Comment

by:mschiff6
ID: 18794097
There is nothing in HIjack indicative of Radim-Hook.  I am very familiar with Hijack this.  I tried both Spysweeper and your recommendation and  I still get it back on re-boot.  I am sure it is in the registry but
I cant identify the hive or key thats doing it.  Radim-Hook is probably the worst I have ever encountered.
Has anyone any  experience in getting rid of Radim-Hook trojan.  Thanks
0
 
LVL 8

Assisted Solution

by:deadite
deadite earned 63 total points
ID: 18794537
Have you tried Spybots SD, Lavasoft AdAware, or Windows defender?  All 3 are free, and clear up alot.
0
 
LVL 1

Assisted Solution

by:cdnq8
cdnq8 earned 62 total points
ID: 18798570
Hi Yah Deadite is right,
you can use a combination of Adware and Spybot, but before using this update it and than scan your computer, but dont be connected to internet while scanning it, and scan it first by lavasoft adware and than Spybot, and fix the probs hope it will work, hopefully this will work fine.

Taher
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Assisted Solution

by:gcook63
gcook63 earned 62 total points
ID: 18807363
I manage over 3000 computers and have found that XoftSpy SE is a great spyware removal tool. You can run a free scan however; to remove anything a purchase is required.

http://paretologic.com/
0
 
LVL 38

Expert Comment

by:younghv
ID: 18808981
Many versions of malware are written to hide from "HijackThis".
If you aren't using a re-named version (as I recommended), nothing will show up.

As a side note, I USED to think I was pretty spiffy with HJT -- until I watched some of the folks here at E-E go to work on the log files.
0
 

Author Comment

by:mschiff6
ID: 18809234
OK - Spysweeper detect's and tells me its removing the threat (which it lists as very high).
However - it comes back on boot.  I ran Spysweeper in safe mode and same thing happens.
It appears to trigger in spysweeper when it is searchng the registry.   Adaware - same thing.
Spybots did not detect.  Has anyone any idea of specifically what hives and keys are hit in the registry
by RADIM-Hook.  Thanks
0
 
LVL 38

Expert Comment

by:younghv
ID: 18809946
Are you running Spysweeper in "Safe Mode"?
Have you turned off your "System Restore" while you're attemting to clean this up?
Do you have the Spysweeper Log (you can post it at ee-stuff as indicated above)?

Yes you have infected registry entries, but if you would take the time to try my suggestions - they will get cleaned out.

Also, if you would post the HJT log (as requested) it would show us the infected registry keys.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Malicious software is nothing new. Viruses have been created and spread since before physical networks became popular; back then viruses spread via floppy disk and modem connections with shared systems. Viruses weren't so rampant and protecting your…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now