Tech Support Forum banner
Cancel
Create thread New Forums
Status
Not open for further replies.

How do I get rid of trojan horse SHeur2.AQXP? (Zlob?)

Jump to Latest
1.8K views 3 replies 2 participants last post by  thewall  
M
#1 ·
I have windows vista on another laptop but when I downloaded a file from the internet it prompted me to download a licence. I saved it so I could then scan it before I open it just incase there were any viruses. AVG said it was ok so I opened it and from that moment on whenever I try to open firefox it says it has crashed (when I say I want to restore it it just displays the same message again). I tried to go back in time using a system restore point but when my computer reloaded it said it didnt work because of a 'disk problem'. The same happens with IE - crash (which I never use and when I havent tried to open the program.

I have already scanned my computer with avg free and two trojans (name in the title) have been found and deleted. They were in the temp files so I have gone into the temp files and deleted the last few days worth and then tried to restore again but now it says i have no system restore points?

Avg has found another trojan and I just dont know what to do. I cant restore, I cant get onto the internet to download any more software to kill this horrible thing?

I then tried to install spybot s&d via memory stick as I have no internet access on the infected one and it wouldnt let me install it. I have downloaded and transferred kaspersky virus removal tool which I have ran (and it showed up two trojans in the recycle bin which I emptied).

I opened IE with my internet turned off in safe mode and it showed up loads of weird dodgy looking websites in the history in the last two days when I have had no access to the internet. I restored the factory settings on IE thinking that they have just been f****d up and went back into normal mode and I still have no joy.

I have also checked and the windows firewall/defender is off so i'm not sure of the next steps to take.

I have also tried to make a restore point and it won't let me do that either.
All help is much appreciated.
 
#2 ·
Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.
 
#3 ·
Hello again memememe,

First thing we are going to try and do is download and run some programs in Safe Mode and then if it is successful I will need you to transfer the logs back over to your other computer. It is important that you follow the instructions closely so we lessen the risk of infecting the clean computer.

Since you know how to get into Safe Mode please do this and choose Safe Mode with Networking. From there see if you can download the two following programs and run them. If you can you will need to copy the logs onto the USB drive.

When you start to insert the flash drive into the clean computer make sure to hold down the shift key as you do so. This is to stop the autoplay feature which can lead to infections on the clean computer. From there once you have the logs please post them here so I can look at them.


Image

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your flash drive.



Download GMER Rootkit Scanner from herehttp://www.gmer.net/download.phphttp://www.gmer.net/download.php to your desktop.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it to the flash drive, and post it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Forum
posts
4.8M
members
966K
Since
2002
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Hard Drive & SSD Support PC Gaming Support