Expert: Brian Benosky - 2/16/2008

Question
Hi Brian I have one! I got infected aprox 3 wks ago using Norton 2006. At first Norton ID the virus which I chose to remove. Case closed or so I thought. The next day and everytime thereafter when I scanned (sometimes 3 or 4 times a day) lo and behold back it came. I then went to Sysmantec's site and followed their instructions to the T on how to get rid of Trojan in spite of their program saying "it had been removed". Now that's the part that really tick's me off...Needless to say those instructions didn't work. Next I went to Symantec's live help site. Well that was a waste of time. The "analyst" ended up telling me that after all my explanation he couldn't really help me but if I paid $99.95 a "consultant" would look into my problem and fix it. First I needed to give them acces to my computer, remotely. Not toooo comfortable doing that. Then the $$$ and I would be "good to go" as they say. My question then was what if "they couldn't remove the Trojan"? His answer, than they would refund my money. Now how about that for an answer. I chose to instead update my software to Norton 360 and start over again. Well after repeating everything that I had done previously, Trojan is still there. As a matter of fact while typing this info, Norton came on with their recent scan notice that they found "Trojan" in my computer. What a surprise. Right now I have 128 Reg Entries and 9 files infected...I also picked up something called a "drive cleaner" that is in 144 Reg Entries, 19 files and 1 cache. I found another "suggestion" by Symantec to use a "Tool to reset shellopencommand registry keys" by downloading a file called "UnHookExec". But with a WARNING not to use this tool unless a Symantec Technician directs you to do this.  BTW I was asked to take a Symantec Survey after buying Norton 360. On the rating of Completely Satisfied to Completely Dissatisfied, I rated it the latter. And in the comments section I wrote almost exactly what I have written to you. That was two days ago and no answer yet. And on the news last night, I caught the tail end of a story on the Trojan Virus causing all kinds of problems throughout the country but without any advice so far, from the Security Software folks.   So at this point, here I sit in front of my sick computer with my heart in my hand saying,,, "Brian please help me". Thank You..
Phil Grincewich
San Jose, CA

Answer
Hi Phil

Of course I'll be happy to help you (and won't charge you a penny, I promise!).  While I haven't totally trashed Symantec and their security tools, you can see why I don't recommend them.  In any event, I will need to find out just what we're dealing with.  Please download TrendMicro HijackThis! from the following link:
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis.
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) into your question.
* DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
* DO NOT have Hijackthis fix anything yet. Most of what HJT lists will be harmless or might even be required by your Operating System.

I will be on and off here for the remainder of the day and evening, so I will checking for replies and follow-ups as we sort this out.

Brian