Trojan Virus infection

Posted on 2007-03-25
Last Modified: 2013-11-22
Infected with Radim Hook.  I cant seem to get rid of it. I have tried Hijack this and Webroot spysweeper.  It keeps coming back.  My gut tells me its in registry.  Can anyone advise on how to get rid of this particular virus.  Thanks in advance.

Question by:mschiff6
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 38

Accepted Solution

younghv earned 63 total points
ID: 18789659
Download and install Superantispyware
Load Superantispyware and click the "check for updates" button.
Re-boot into "Safe Mode" (tap the F8 key during boot cycle and select 'Safe Mode'

* Start Superantispyware.
Click the "scan your computer" button.
Check "Perform Complete Scan" and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click "Preferences" and then click the "statistics/logs" tab.
Click the dated log and press view log and a text file will appear.

These instructions courtesy of: rpggamergirl

Get the newest version of HJT:

Please download HijackThis 1.99.1
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> 
and click "Analyse", click "Save".  Then post the link to the saved list here.


Author Comment

ID: 18794097
There is nothing in HIjack indicative of Radim-Hook.  I am very familiar with Hijack this.  I tried both Spysweeper and your recommendation and  I still get it back on re-boot.  I am sure it is in the registry but
I cant identify the hive or key thats doing it.  Radim-Hook is probably the worst I have ever encountered.
Has anyone any  experience in getting rid of Radim-Hook trojan.  Thanks

Assisted Solution

deadite earned 63 total points
ID: 18794537
Have you tried Spybots SD, Lavasoft AdAware, or Windows defender?  All 3 are free, and clear up alot.
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI


Assisted Solution

cdnq8 earned 62 total points
ID: 18798570
Hi Yah Deadite is right,
you can use a combination of Adware and Spybot, but before using this update it and than scan your computer, but dont be connected to internet while scanning it, and scan it first by lavasoft adware and than Spybot, and fix the probs hope it will work, hopefully this will work fine.


Assisted Solution

gcook63 earned 62 total points
ID: 18807363
I manage over 3000 computers and have found that XoftSpy SE is a great spyware removal tool. You can run a free scan however; to remove anything a purchase is required.
LVL 38

Expert Comment

ID: 18808981
Many versions of malware are written to hide from "HijackThis".
If you aren't using a re-named version (as I recommended), nothing will show up.

As a side note, I USED to think I was pretty spiffy with HJT -- until I watched some of the folks here at E-E go to work on the log files.

Author Comment

ID: 18809234
OK - Spysweeper detect's and tells me its removing the threat (which it lists as very high).
However - it comes back on boot.  I ran Spysweeper in safe mode and same thing happens.
It appears to trigger in spysweeper when it is searchng the registry.   Adaware - same thing.
Spybots did not detect.  Has anyone any idea of specifically what hives and keys are hit in the registry
by RADIM-Hook.  Thanks
LVL 38

Expert Comment

ID: 18809946
Are you running Spysweeper in "Safe Mode"?
Have you turned off your "System Restore" while you're attemting to clean this up?
Do you have the Spysweeper Log (you can post it at ee-stuff as indicated above)?

Yes you have infected registry entries, but if you would take the time to try my suggestions - they will get cleaned out.

Also, if you would post the HJT log (as requested) it would show us the infected registry keys.

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about achieving the basic levels of HRIS security in the workplace.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question