Welcome to DCF :)
What are you using this for, and is it still installed?
O23 - Service: WEP key recovery service (WZCOOK) - Unknown owner - C:\DOCUME~1\CHES\LOCALS~1\Temp\Rar$EX24.266\aircrack-2.1\win32\wzcook.exe" (file missing)
Regarding your IRC Backdoor, info here:
These threats may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer."
Please print these instructions because you will be working in Safemdoe and will not have the internet available.
Let's start by disabling SpySweeper and Spyware Doctor so they do not interfere with any of our fixes - now or later. You can re-enable after you're clean.
To disable SpySweeper:
Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
Exit the program.
[After your system is fully cleaned reenable Spysweeper using the same steps but this time reverse them.]
To disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.
Exit by a right-click on the "Spyware Doctor" icon in the system tray and choose "Exit".
[To enable Spyware Doctor when you are finished, open the program, Settings>Startup Settings> CHECK "Run at Windows Startup">APPLY
Exit. Reboot.]
To disable PCTools Browser Monitor: If you are running Internet Explorer, click Tools > Manage Add-ons. If PCTools Browser Monitor is on the list, click it & select Disable. You will need to restart your browser after making the change.
Update Norton.
Reconfigure and
update ewido.
Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Right click on ewido in the system tray and uncheck "Start with Windows".
>
Go to Start > Run and type: services.msc
Press "OK".
In Services, click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
When you find the guard service, double-click on it.
In the Properties Window > General Tab that opens, click the "Stop" button.
From the drop-down menu next to "Startup Type", click on "Manual".
Now click "Apply", then "OK" and close the Services window
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update". Tthen select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, manually update with the Ewido Full database installer from here.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"
Close Ewido anti-spyware, Do Not run a scan just yet.
Reboot into Safemode: Turn on the computer. Immediately begin tapping the F8 key Use the arrow keys to highlight Safe Mode and press the Enter key.
Please run a scan with Norton in Safemode. Let it clean or quarantine what it finds. If you get a message that it cannot clean or quarrantine, please note the exact name of the trojan and WHERE it is located. Include that information in your next reply.
Then run a scan with your ewido. Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
IMPORTANT! Don't save the report before you have clicked the Apply all actions button. If you do it will make it more difficult for the helper to interpret the report.
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close ewido and reboot your system back into Normal Mode. Please post the results of the ewido report scan.
Also please post a fresh HijackThis log and let me know if you are still having problems.
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 20th, 2006 20:00
What are you using this for, and is it still installed?
O23 - Service: WEP key recovery service (WZCOOK) - Unknown owner - C:\DOCUME~1\CHES\LOCALS~1\Temp\Rar$EX24.266\aircrack-2.1\win32\wzcook.exe" (file missing)
Regarding your IRC Backdoor, info here:
These threats may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer."
http://research.sunbelt-software.com/threatdisplay.aspx?name=IRC.Backdoor.Trojan&threatid=45277
This is important if you keep any passwords or creditcard/banking info on there. If you do, you may feel more secure by doing a reformat.
If you do not keep financial records or account info on that computer, we can go ahead with cleaning:
Please print these instructions because you will be working in Safemdoe and will not have the internet available.
Let's start by disabling SpySweeper and Spyware Doctor so they do not interfere with any of our fixes - now or later. You can re-enable after you're clean.
To disable SpySweeper:
Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
Exit the program.
[After your system is fully cleaned reenable Spysweeper using the same steps but this time reverse them.]
To disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.
Exit by a right-click on the "Spyware Doctor" icon in the system tray and choose "Exit".
[To enable Spyware Doctor when you are finished, open the program, Settings>Startup Settings> CHECK "Run at Windows Startup">APPLY
Exit. Reboot.]
To disable PCTools Browser Monitor: If you are running Internet Explorer, click Tools > Manage Add-ons. If PCTools Browser Monitor is on the list, click it & select Disable. You will need to restart your browser after making the change.
Update Norton.
Reconfigure and update ewido.
Reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key
Use the arrow keys to highlight Safe Mode and press the Enter key.
Please run a scan with Norton in Safemode. Let it clean or quarantine what it finds. If you get a message that it cannot clean or quarrantine, please note the exact name of the trojan and WHERE it is located. Include that information in your next reply.
Then run a scan with your ewido. Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
Also please post a fresh HijackThis log and let me know if you are still having problems.