Virus [Trojan.Win32.BHO.kse ]

almost :) now, regi.sys not in your system, so you will not find it.
We have an answer- all clean.
very strange. I am not agree.
Do you know what is jlozvsbouz.dll ? in my opinion it some adware program.
if you don't know what is this, my advice is to delete.
Use this script for deletion:

again unload your antivirals, right click on avz(run as administartor) and execute this script:
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelBHO('{0749B30F-E0C3-AB2F-D11F-5FAFDA3735DF}');
DeleteFile('C:\Windows\system32\jlozvsbouz.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/code]

i did your last description...is my computer clean now...how can i check it...

tnx for all your help anyways till now...now and than i have been a pain in the ass..

gr metino

What symptoms were before execution this script? What symptoms are now? Or no difference? You can make a new logs again, we will look on them :) In this way we will be able to check your update status.

You didn't answered me, do you know what is jlozvsbouz.dll ? From where you did download it ?

i dont know??? never heard of it...i dont dowload that much...but iam a dj and i downloaded virtual dj and after that the problems began a little bit..

[size="1"][color="#666686"][B][I]Добавлено через 1 минуту[/I][/B][/color][/size]

what logs...???al of them..hyjack kaspersky and avz???

avz +hijack this only :)
Now your problems persists or not? Please describe your problems?computer is more slower or something else, please explain.

P.s. virtual dj - could you provide link to us too ? just make it inactive :) for example insert
[code] :http: [/code] before a link.

i took ik from mininova.org...i had the virtual dj...and downloaded an extension...

http: [url]www.mininova[/url]. org/tor/1913206 (just put the empty spaces between together to go to the website)

You can see in the comments that another guy had trojans opened with it...this is the file

i will make you logs...via attachments or uploading...does it matter???

[size="1"][color="#666686"][B][I]Добавлено через 14 минут[/I][/B][/color][/size]

i did a log file for hijackthis in notepad...and for avz in text and zip...what should i send you

and do i have send them by attachments or uploading...or both...

hello i uploaded the zipfile afz_sys21.info ....it contains two folders...one tekst and the other a explorer folder..

here is the Hyjackthis file

ohh the 21 behind sys is what i put on it...

logs should be in your post.Please, don't upload any other files by link, that we don't request . Unless you want to get more red cards ;)

what do you mean...i just uploaded...the avz..zipfile...how you want me to upload it than...i did exactly the same as the time you said that i did right???i really do not understand your policy

[size="1"][color="#666686"][B][I]Добавлено через 36 секунд[/I][/B][/color][/size]

did you get the right files ornot???

our policy is simple as 2+2:
logs need to be attached (virusinfo_syscure.zip, virusinfo_syscheck.zip, hijackthis.log ) in your post
quarantine should be uploaded by link and only when you asked to do so.


P.S. So far, i see just hijackthis.log, and i didn't request from you any quarantine in post #45. Now you understand?

yesss...where should i send you the virusinfo_syscure.zip??

do you need it...

am i finished now???i did an online pandasoftwarescan yesterday..and it removed i trojan...

my computeris running a bit faster..but i want to know sure???

Please attach a new log in your post, don't send it by link.
what file panda did removed?
I did request reanalyze your files, did not get an answer yet.

what do you mean in your post..i already have done that.,,,the file panda removed did not have a name...it was called trojan.dll or something..and what do you mean with reanalyze your files??? never heard of it

I thought you have read our rules, if you don't remember you are welcome read them again: [url]http://virusinfo.info/showthread.php?t=9184[/url] You will know how to create and where to attach virusinfo_syscure.zip, virusinfo_syschek.zip

no..i now how to create them...where where where should i post them...thats what i asked...if i put them in attachments you say its rong if i upload its wrong...what do you want???

as attachment, but only logs and not a quarantine :)

so you mean not zip...or only log in zip...okk i will send you again then...AVZ and Hijack this..

[quote=metin;337459]so you mean not zip...or only log in zip...okk i will send you again then...AVZ and Hijack this..[/quote]
no, i mean follow the rules: [url]http://virusinfo.info/showthread.php?t=9184[/url]

i know...i am doing the rules now...if you follow the rules...YOU WILL GET A HYJACK LOG...WILL YOU YES YOU WILL..AND YOU WILL GET A AVZ LOG..TOO..dont tell me i am wrong because thats why we are getting no where...i know how to follow the rules...

fine :)

have done al the logs and now i want to attach them...but wich ones..

[B]4. Create a new thread in the "Help Me" section only. The header should contain a brief description of the problem and the body should provide the details. Attach the logfiles created during the system analysis (AVZ - virusinfo_syscure.zip, AVZ - virusinfo_syscheck.zip, HJT - hijackthis.log) to the message. There should be 3 logs in general. We will do our best to help you.[/B]

can i do it in this tread or must i create a new one...and i attached the zipfile earlier and you gave me a red card...virusinfo_syscure.zip...in my log there are 3 different files of
- virusinfo_syscure.zip
- virusinfo_syscheck.zip

xml document
firefox doxument
zip documennt

this ar 6 files..and there is also 1 virusinfo_cure zip file

so in total 7 files...

gr metino

read again(in red is better ?)
only these:[B][color=red]
virusinfo_syscure.zip
virusinfo_syscheck.zip
[/color][/B]

i did this earlier and i read it well...but than you gave me a red card//thats why i ask...

nevermind...

here are the 3 logs

Cause earlier you did attached a quarantine twice :) After first time i did just removed it and told you, on second time i must too do so :) It is my duty, sorry for that.Hope you are understand.
Now i see in your logs, that you steel have an infection.
Disable [B]system restore[/B], because of [B]system restore[/B] your infection is steel inside your computer.It is protect now on your trojan :)

Again , unload all anti and execute this script(remember do it with right click, run as administrator, otherwise it will not work):
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
DelBHO('{0749B30F-E0C3-AB2F-D11F-5FAFDA3735DF}');
DeleteFile('C:\Windows\system32\jlozvsbouz.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
RebootWindows(true);
end.[/code]
You better uninstall all your avptool- i see some different installation.

Open KVRT (Kaspersky Virus Removal Tool) then click "Complete Antivirus Protection" . It will open default web browser (open Kaspersky website) and uninstall KVRT.



After that, please make just a new [B]virusinfo_syscure.zip[/B] and attach it to your next post, i want to see that your system is clean from malware.

i turned of system restore....but what do you want me to do next.where do i execute this in (avz or Kaspersky) and i dont have avztool installed...it is just when i start fighter...thats when it works...and i cannot open avz by administrator...it just opens...and why do you want me to uninstall KVRT...???i realy do not understand your stepsss

[B]Again , unload all anti and execute this script(remember do it with right click, run as administrator, otherwise it will not work):
Code:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
DelBHO('{0749B30F-E0C3-AB2F-D11F-5FAFDA3735DF}');
DeleteFile('C:\Windows\system32\jlozvsbouz.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
RebootWindows(true);
end.

You better uninstall all your avptool- i see some different installation.

Open KVRT (Kaspersky Virus Removal Tool) then click "Complete Antivirus Protection" . It will open default web browser (open Kaspersky website) and uninstall KVRT.[/B]

[size="1"][color="#666686"][B][I]Добавлено через 38 минут[/I][/B][/color][/size]

and what do i have to do on the website????do not know what you mean..

[size="1"][color="#666686"][B][I]Добавлено через 4 минуты[/I][/B][/color][/size]

[quote=drongo;337719]Cause earlier you did attached a quarantine twice :) After first time i did just removed it and told you, on second time i must too do so :) It is my duty, sorry for that.Hope you are understand.
Now i see in your logs, that you steel have an infection.
Disable [B]system restore[/B], because of [B]system restore[/B] your infection is steel inside your computer.It is protect now on your trojan :)
[B]
Did al af things above[/B]

Again , unload all anti and execute this script(remember do it with right click, run as administrator, otherwise it will not work):
[code]begin [U][B]where in AFZ or Kaspersky[/B][/U] a[U][B]nd i cannot run fighter by administrator[/B][/U]
[I]SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
DelBHO('{0749B30F-E0C3-AB2F-D11F-5FAFDA3735DF}');
DeleteFile('C:\Windows\system32\jlozvsbouz.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
RebootWindows(true);
end.[/I][/code][I]You better uninstall all your avptool- i see some different installation.[/I]

Open KVRT (Kaspersky Virus Removal Tool) then click "Complete Antivirus Protection" . It will open default web browser (open Kaspersky website) and uninstall KVRT. [U][B]w[/B][B]hy should i go to the website?? there is nothing there??
[/B][/U]


After that, please make just a new [B]virusinfo_syscure.zip[/B] and attach it to your next post, i want to see that your system is clean from malware.[/quote] [B][U]in AFZ or Kaspersky???
[/U][/B]

[B]So what shoul i do[/B]

wherever you like :) avz or avptool will understand it too, just make sure to run a tool with administrator rights.
KVRT=avptool for detection/curing just for single use, because it hasn't ability to update. For that reason i advice you to uninstall it. In order to unistall it, you should follow what i did sad.

Open KVRT (Kaspersky Virus Removal Tool) then click "Complete Antivirus Protection" . It will open default web browser (open Kaspersky website) and uninstall KVRT.

this is what you say how to uninstall....but this hasnt anything to do with it...

and why i must uninstall...you are not answering my questions

[size="1"][color="#666686"][B][I]Добавлено через 1 минуту[/I][/B][/color][/size]

i cannot open avz (fighter) with right click either...

Because i don't see a reason to see 4 drivers of kaspersky, when you don't need them :) In my opinion, having more active drivers from different antiviruses in system folder may lead to strange things :)
You can try execute in avptool or normal avz, if fighter.pif on your vista is not working .

fighter pif is working now...i am executing now and will send you teh files

grtz

Here are the new logs..

grtzz

Finally, your trojan is history :)
Logs looks clean. No need more, at least for now :)

Hmm ok...thats good news...tnx a lot for all your time and support..it may not
have been easy all the time....another thing my com is still slower...strange

about that your computer still slower...-possible that software that you did installed lately, not so good to your system. Unistall it, after that do "cleaning" with portable ccleaner ([url]http://www.ccleaner.com/download/builds/downloading-portable[/url])

P.S. With my insistence and your assistance
kaspersky will call it( jlozvsbouz.dll-) as Trojan.Win32.BHO.kse

i uninstalled it earlier...but i will do the cleaner.....do i have to put system restore on again???

[size="1"][color="#666686"][B][I]Добавлено через 25 минут[/I][/B][/color][/size]

i did cleaner and there more more than 300 problems in registry and cleaner...fixed them all..now i am doing regcure and it says more than 300 problems????very strange

[size="1"][color="#666686"][B][I]Добавлено через 1 минуту[/I][/B][/color][/size]

regcure cleaned another 880 errors..hope me com will work faster now

[size="1"][color="#666686"][B][I]Добавлено через 2 минуты[/I][/B][/color][/size]

is it true that you have to do more than 1 scan with ccleaner en regcure to clean better...because the first time there are a lot errors second time less and third time nothing...???

You may enable windows restore, but...
The original Microsoft system restore didn't restore all, it is useless in most cases after virus attack(on the contrary, virus creators using "windows system restore" to protect their creations by disabling ability to shut it off) it doesn't helps with serious bugs either; use some 3th company product with image creation ability(that you can burn on dvd ) , for example: [url]http://www.acronis.com/homecomputing/products/trueimage/[/url]

About ccleaner:i am personally use one time under limited user (my regular account) and after that one time with administator rigts. Don't know why in your case 3 times- you can ask ccleaner developer. ;-)

okkk..should i enable system restore???

and my comp...is running faster...but it shutted down instantly 10 minutes ago...a blue screen came up...and said some software isnt right installed etc etc..

and in security center i can not turn it on....

about: system restore-> it is up to you, i did told you my advice.
in blue screen you should see what it cause, and uninstall the conflict program. if you unable understand, you can post it here.
i don't use any security center - i am a security center myself :)
Perhaps this script will help:
[code]begin
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
RebootWindows(true);
end.
[/code]

it says error expected at position 4 when i try to excetuce