Trojan virus in globalroot. and 2 iexplore.exe

Hello, im new to the forums and not that computer literate but I got a virus of some sort that really messes with me. I use Norton antivirus scan and it dounf a trojan horse in the globalroot place and I know its ultra hidden. how can I get it off?

 

Also, I've been monitoring my task manager and saw that iexplore.exe is processing. I dont even have internet explorer on and it keeps giving me pop-ups and sometimes a radio in the background. (This doesnt happen much but its still do it) Then the strangest thing. theres 2 iexplore.exe working. heres a screenshot

 

 

 

anyone know how I can resolve this?

 

[edit: fixed image tag.]

 

 

Message Edited by MikeLee on 07-26-2009 09:27 PM

Heres the log

Hi

 

Now  (read carefully) If you have Spybot S&D uninstall it.

 

Also during the restarts with Avenger if Your PC has a Startup repair center like with HP and Toshiba tell it to start Normally if it kicks in.

 

1. Download Avenger to your desktop,

 

Unzipped version http://homepages.slingshot.co.nz/~crutches/Avenger/

Creators website http://swandog46.geekstogo.com/avenger2/avenger2.html with zipped version to the unzip to desktop 

 

2. Click to run "Avenger.exe"  (right click "Run as Administrator" if using Vista)

 

3. In the "Input script here:" copy and paste the script between the lines

 


Drivers to disable:

UACd.sys

 

Drivers to delete:

UACd.sys

 

Files to delete:

C:\Autorun.inf

D:\Autorun.inf

C:\WINDOWS\system32\drivers\UACkuxgyujcut.sys

C:\WINDOWS\system32\uacinit.dll

 

Registry keys to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\UAC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UACd.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\UACd.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\UACd.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\UACd.sys 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\UACd.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\UACd.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\UACd.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\UACd.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\UACd.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\UACd.sys


 

Here is a screenshot (script updated since shot)

 

Avenger.jpg

 

Make sure the "Automatically disable any rootkits found" is NOT selected

 

4. Click "Execute"

 

You will be asked to restart the PC click "Yes", when the PC restarts the load screen will takes slightly longer, then when it looks as though windows is loading the PC will restart again.

Then when Windows fully loads the Avenger log will be loaded, showing files it could or could not find.  C:\Avenger.txt

 

Then download, install, update definitions and run a Full Scan with Malwarebytes http://www.filehippo.com/download_malwarebytes_anti_malware/ 

 

 

Quads

that worked dude! thank you!

Hello, im new to the forums and not that computer literate but I got a virus of some sort that really messes with me. I use Norton antivirus scan and it dounf a trojan horse in the globalroot place and I know its ultra hidden. how can I get it off?

 

Also, I've been monitoring my task manager and saw that iexplore.exe is processing. I dont even have internet explorer on and it keeps giving me pop-ups and sometimes a radio in the background. (This doesnt happen much but its still do it) Then the strangest thing. theres 2 iexplore.exe working. heres a screenshot

 

 

 

anyone know how I can resolve this?

 

[edit: fixed image tag.]

 

 

Message Edited by MikeLee on 07-26-2009 09:27 PM