Solved

Trojan Virus infection

Posted on 2007-03-25
9
779 Views
Last Modified: 2013-11-22
Infected with Radim Hook.  I cant seem to get rid of it. I have tried Hijack this and Webroot spysweeper.  It keeps coming back.  My gut tells me its in registry.  Can anyone advise on how to get rid of this particular virus.  Thanks in advance.

0
Comment
Question by:mschiff6
9 Comments
 
LVL 38

Accepted Solution

by:
younghv earned 63 total points
ID: 18789659
Download and install Superantispyware
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Load Superantispyware and click the "check for updates" button.
Re-boot into "Safe Mode" (tap the F8 key during boot cycle and select 'Safe Mode'

* Start Superantispyware.
Click the "scan your computer" button.
Check "Perform Complete Scan" and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click "Preferences" and then click the "statistics/logs" tab.
Click the dated log and press view log and a text file will appear.

These instructions courtesy of: rpggamergirl
http://www.experts-exchange.com/M_3598771.html

Get the newest version of HJT:

Please download HijackThis 1.99.1
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.

0
 

Author Comment

by:mschiff6
ID: 18794097
There is nothing in HIjack indicative of Radim-Hook.  I am very familiar with Hijack this.  I tried both Spysweeper and your recommendation and  I still get it back on re-boot.  I am sure it is in the registry but
I cant identify the hive or key thats doing it.  Radim-Hook is probably the worst I have ever encountered.
Has anyone any  experience in getting rid of Radim-Hook trojan.  Thanks
0
 
LVL 8

Assisted Solution

by:deadite
deadite earned 63 total points
ID: 18794537
Have you tried Spybots SD, Lavasoft AdAware, or Windows defender?  All 3 are free, and clear up alot.
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 1

Assisted Solution

by:cdnq8
cdnq8 earned 62 total points
ID: 18798570
Hi Yah Deadite is right,
you can use a combination of Adware and Spybot, but before using this update it and than scan your computer, but dont be connected to internet while scanning it, and scan it first by lavasoft adware and than Spybot, and fix the probs hope it will work, hopefully this will work fine.

Taher
0
 

Assisted Solution

by:gcook63
gcook63 earned 62 total points
ID: 18807363
I manage over 3000 computers and have found that XoftSpy SE is a great spyware removal tool. You can run a free scan however; to remove anything a purchase is required.

http://paretologic.com/
0
 
LVL 38

Expert Comment

by:younghv
ID: 18808981
Many versions of malware are written to hide from "HijackThis".
If you aren't using a re-named version (as I recommended), nothing will show up.

As a side note, I USED to think I was pretty spiffy with HJT -- until I watched some of the folks here at E-E go to work on the log files.
0
 

Author Comment

by:mschiff6
ID: 18809234
OK - Spysweeper detect's and tells me its removing the threat (which it lists as very high).
However - it comes back on boot.  I ran Spysweeper in safe mode and same thing happens.
It appears to trigger in spysweeper when it is searchng the registry.   Adaware - same thing.
Spybots did not detect.  Has anyone any idea of specifically what hives and keys are hit in the registry
by RADIM-Hook.  Thanks
0
 
LVL 38

Expert Comment

by:younghv
ID: 18809946
Are you running Spysweeper in "Safe Mode"?
Have you turned off your "System Restore" while you're attemting to clean this up?
Do you have the Spysweeper Log (you can post it at ee-stuff as indicated above)?

Yes you have infected registry entries, but if you would take the time to try my suggestions - they will get cleaned out.

Also, if you would post the HJT log (as requested) it would show us the infected registry keys.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now