suspected trojan viurs

[Freakinoldguy]

Hi folks,

I've got a suspected trojan virus. The problem is that when I run panda scan nada zip nothing. I have run trojan hunter and it comes up with two suspected trojans I have run hijack this and tried removing this stuff with the system restore feature shut off nothing. I have taken the file C:\WINDOWS\atlpj.exe and tried incinerating it with system mechanic and still no luck. I can't even find out what trojan this is. Does anyone know what this thing is and how to get rid of it. BTW I had it before and formated and reloaded windows xp. I'd do it again but I'm running out of registration turns and don't want to phone redmond washington when I want to upgrade some stuff in the future.

Here's the hijack this profile.


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\atlpj.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\system32\sysqd.exe
C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Some freakinoldguy\Local Settings\Temp\Temporary Directory 12 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wpbou.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://wpbou.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://wpbou.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wpbou.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://wpbou.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wpbou.dll/sp.html#96676
O2 - BHO: (no name) - {201166BC-FF75-D1B9-E36A-D1964D800CF1} - C:\WINDOWS\d3pw32.dll
O4 - HKLM\..\Run: [atlpj.exe] C:\WINDOWS\atlpj.exe
Thanks in advance

F.O.G.

[jmatt]

Here is how to read the hijackthis logfile .
Compare it with yours .
http://homepage.ntlworld.com/dvk01uk/tutorial.htm
http://www.spywareinfo.com/~merijn/htlogtutorial.html
http://www.help2go.com/article153.html
http://hjt.wizardsofwebsites.com/
http://www.spywareinfo.com/bhos/
http://www.spychecker.com/program/bholist.html
http://www.spywareinfo.com/~merijn/htlogtutorial.html#r
http://www.computercops.biz/postt6393.html
http://www.google.com/search?q=spyware+list
Beginners Guides: Browser Hijacking & How to Stop It
http://www.pcstats.com/articleview.cfm?articleID=1579

==========================================

This program is good for hard to fix stuff .

Bazooka
http://www.webgrid.co.uk/security_2.html
http://www.winsite.com/bin/Info?17000000037943
http://www.kephyr.com/
Here is the current list of Bazooka fixes .
http://www.kephyr.com/spywarescanner...ource=appvisit
Bazooka is freeware and Windows 95/98/ME/NT/2000/XP compatible
Click on the files found & you will be taken to a site that will show you how to remove , either with a program or manually .
It reports on all drives & partitions , so remember to check all these , when doing manual remove .
After the Download - It is important to remember that once the installation of Bazooka is completed , that you should update the File Signatures by clicking on the Update tab and check for an update .
Make sure you Update after installing & then regularly .

[Freakinoldguy]

Thanks jmatt,

I got it out but I didn't use any programs. I found some uninstall instructions on a site called short-media forum. Although the hijacker didn't match mine exactly I followed the instructions and voila it's gone. I think the thing to work with is the task manager and delete the files. Mine was atljp.exe where the one thats in the forum is atlck. Also I went and did a registry search and deleted all the files that matched the ones that trojan hunter picked up. Like I said anyway thanks and next time I'll try spyblaster since it would be easier(and probably safer).

Cheers

F.O.G.

[Freakinoldguy]

sorry I should have said Bazooka. I guess I got about 12 thousand spyware programs running through my head.

Cheers again

F.O.G.

[jmatt]

I would still run Bazooka , probably still a few remants left .

[Flyfsh]

jmatt, thanks for the link to Bazooka. There are lots of good & usefull programs on the WebGrid.


Just a thank you

[jmatt]

That's OK Flyfsh