Trojans etc.

I am experiencing 2 recurring problems that I can't seem to solve:

Spybot Problem:

Spybot finds "DSO Exploit" and lists 5 separate entries that appear to be registry changes to my "/Default" HKEY_USERS keys. Spybot will successfully fix these problems, but when I reboot and re-run Spybot, the DSO Exploit problem reappears.

Trojan Problem:

I run AVG 6.0 in the background, and when I boot it finds the following 2 viruses:

(1) Trojan Horse Proxy.5.AS (C:\Windows\system32\asuigg.dll)
(2) Trojan Horse Proxy.5.AQ (C:\Windows\system32\adarros.dll)

AVG then reports that it successfully cleans the viruses, but when I reboot, the same two appear.

Any ideas on how to eliminate these recurring problems? Thanks again.

 

The DSO Exploit is a glitch in the new Spybot version, still awaiting a fix. More here at post #15.

Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. Yes to restart. This will restart your computer in safe mode.

Now in safe mode, delete the two infected files.
Open C:\Windows\Temp, select all and delete.
Open C:\Documents and settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
Open C:\Windows\Prefetch, select all and delete.
Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and OK.
Uncheck the /safeboot box in msconfig and ok to reboot.

Scan again to see if they're gone. If so, re-enable system restore.

 

Thanks for your quick response and help. The steps you suggested appear to have worked...I've rebooted, and the viruses/Trojans haven't come back.

The only hitch in the steps you listed: when I attempted to delete the "temp" folder in my "localsettings," I got a message that a file ( "Sectio~1.htm ") couldn't be located/check directory.

The only files in my temp folder now are in the IE5content folder; I found 4 files that have a VERY long file name that I cannot delete manually (I presume these are the files that the message is referring to). They have names like "section=news&richmedia=yes&station=orlpm.... "

Any idea why I cannot delete these files? Thanks again...at least I am now virus-free.

 

Install Move-on-boot. It will give you a new right click option when used on files, to 'delete on the next boot'. Use it to tag those files and reboot. Then delete everything from the temp folder.

 

Hmmm...Move-on-Bot doesn't seem to do it. I am unable to "drag" these 4 files onto the Move-on-Bot delete screen. When I designated the entire "IE5Content" folder to be deleted on the next boot, it doesn't happen.

 

The app only does file, not folders ( I know this from making the same observation about removal failure on a folder and being told that it won't do those ).

The folder should be willing to go away with a normal delete though and especially if you are booted to safe mode. IE will create a new one when next run.

 

You don't drag the files anywhere. Just open the folder and right click on the file, select 'delete on the next boot'. Do that to all four files and reboot. They should be gone when you get back in windows and you can delete the folder too.

 

All files deleted...clean reboot, virus scan good. Thanks for all your help.

 

Glad to hear it. Thanks for posting back.