Trojan Horse?

[dach162]

Lately my HP 6620 is slow. Ran defrag, chkdsk, McAfee, Malwarebytes, Max Secure Spyware, System Mechanic (will not do a full analyze anymore). Ran Spybot Search & Destroy and it stops for quite awhile on Win32.bicololo. Googled this and it says it's a trojan. I can't find it anywhere in the computer with windows explorer or search. Has anyone ever had this and how do I get it out of here. None of the previously mentioned programs remove it.
Dave

 

[AddRAM]

Why don`t you have Microsoft Security Essentials installed ?

Microsoft Security Essentials - Microsoft Windows


All those programs you have listed except MBAM do more harm then good. Especially MucAfee.

There are a lot of guides on how to remove it.

 

[Jacee]

Let's flush the DNS cache and restore MS's Host Files:

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Next, download DDS from one of these links:
DDS.com
DDS.pif

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.

 

[dach162]

Copied & pasted, placed on desktop, ran as admin, it asks if I want to allow changes, I say yes, I get a quick flash on the screen then nothing happens. Everything is as it was before I ran it as admin. Did I miss something?

 

[7user78]

hello dach, the PC should reboot, I just run the bat file a few moments ago.
Did you rename the file (flush.bat) and change the extension from .txt to .bat ?

 

[dach162]

I evidently had something wrong. I deleted the batch file and re-downloaded. This time it worked. Both files are too long to post here. How do I zip it and attach it that way?

 

[dach162]

I just figured out how to zip both files. Now how do I attach them? I just figured out how to do that too. Both files are zipped because of their size.

 

[Jacee]

Download AdWareCleaner AdwCleaner Download
or from here Téléchargements - Outils de Xplode - AdwCleaner
to your desktop
1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please uninstall Max Secure Spyware!! This program costs money to clean false infections it found

 

[dach162]

I uninstalled Max Secure Spyware and I also have a MAJOR problem with it. I have been on line with them for over a week trying to straighten it out. And then I messed it up myself. I have a file called TempData that I absolutely cannot get rid of. It won't go out on an uninstall nor a delete. I tried moving it to the desktop (successful) but that wouldn't help so I was trying to put it back where it came from and when I was about to drop it, my mouse hit the end of the mouse pad and I dropped it into iTunes as another file. I still can't get rid of it. It lists over 2 million 1KB files and counts them when accessed. You're absolutely right when you say to dump it. I did but it won't fully go away.
Here's the file from AdwCleaner:

 

[dach162]

I finally figured out how to completely remove Max Secure Spyware TempData. I used the cmd prompt and typed in CD /D C:\PROGRAM FILES to get to where it was then DIR/X to see where it was, then DEL /Q /S (EXACTLY HOW THE FILE IS WRITTEN)(MY CASE WAS MAXSEC~1) It now took 3 hours to get rid of the 2 million 1KB files that were there but it DID get rid of it.