Computer Virus (trojan gaslide b) Xp windows antivirus 2008

I was downloading a file and Xp windows 2008 installed itself on my pc and I uninstalled it but it keeps coming back. I ran spydoctore it deleted (trojan gaslide b) Xp windows 2008 but when I restart my pc it comes back. I've also tried zonealarm, ad aware, trend micro none work. My desktop background is blue and contains a message saying "warning, spyware is detected on your computer." I really need help because my computer is really slow now.

 

here's a hijackthis logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:31 AM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\lphc38pj0ee5j.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lphc38pj0ee5j] C:\WINDOWS\system32\lphc38pj0ee5j.exe
O4 - HKLM\..\Run: [SMrhc78pj0ee5j] C:\Program Files\rhc78pj0ee5j\rhc78pj0ee5j.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4186 bytes

 

Hi dymx,

Download and run => remove-windows-antivirus-2008

Post back and let us know if it worked and if you have any other problems.

2OG

 

it removes it but then when i restart my computer it comes back

 

Did you do 2oldgeek's instructions in safe mode?

You say that it is Xp Windows 2008? From your symptons and your hijackthis log, it would say that it sounds a whole lot more like Malware Protector 2008. Try the instructions and websites on this thread: http://forums.afterdawn.com/thread_view.cfm/675505

Also, you can fix these entries:

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [lphc38pj0ee5j] C:\WINDOWS\system32\lphc38pj0ee5j.exe
O4 - HKLM\..\Run: [SMrhc78pj0ee5j] C:\Program Files\rhc78pj0ee5j\rhc78pj0ee5j.exe

Best Regards

 

Hello
I whanted to know if you guys could help me on this one pls.

I have a trojan on my pc that's called the same way but, the effects are different. It made:

- Removed my C drive from the system, including shortcuts and everything else from it. Luckly i have the Windows installed on the E drive.

- Added 3 new icons.

- I can't go into google, it will not let me.

- It replaced my windows clock with words that say "virus found" or something like that.

- It somehow disabled the windows genuine tool because it now says my OS isn't genuine.

- It removed most of my entries on the start menu, the ones on the right side ( my computer, control panel and so on ) are gone!

- It keeps making a pop up saying that i have a virus on the machine and if i whant to visit the site to get the tool to remove it.

My antivirus it the AVG 8 free edition ( can't afford one ) it will not remove it, not even in safe mode. Can someone pls help me? The data on my hard drives is too important for me to format the machine.

 

Hi ddp, tks for the reply

I've tried that without success, the trojan had already done too much damage, and brought some smaller virus with him. I ran spy bot ( gotta love that program, free and effective ), had a look for some way to manualy delete it but, it was too late. It did give me some time to backup some of my files, almost all of them actualy, but i had to format the drives... The virus the trojan applyed on the pc damaged the OS too much.

Tks for the help just the same, and congrats for this forum, it's always good to know it's a place to go and ask for help with these things. Very well done guys