Please help me with removing these trojan files. Keep showing up even after removing it. If I click on the quarantine tap, it says error code 724 (0,9).
Thank you so much in advance.

jaykim,

The reason the files keep coming back is because your machine is still infected with something. I see that you have run malwarebytes on the machine. Did that prevent the files from coming back? I'm going to guess no, since if it did you probably wouldn't be posting here. There is an excellent tutorial written by one our senior members, JeanInMontana and it can be found here: http://www.malwarebytes.org/forums/index.php?showtopic=2936. It is a lot of work but it tells you step by step what actions you need to take to make sure your machine is clean again. Try this out and post back if you have any troubles or to let us know if it worked.

Thanks,
Mike

I just thought of something else. If you can't delete the files, you can try rebooting into "Safe Mode" and the files may no longer be locked. To boot into safe mode, as soon as Windows starts to come up, hit the F8 key and you will get a menu of various alternate modes that Windows has. One of them is safe mode. Select that and hit enter. Things will look different because many drivers and other things that Windows can run without, will not be loaded. Try deleting the files in this mode. If that doesn't work, Malwarebytes has a product called FileASSASSIN which is able to delete locked files.

Thanks,
Mike

Actually, I have tried in safe mode but still didn't work. I am not sure you have seen my malwarebytes log file but these files are all executable files and some of files seem to be pretty important. On top of that, I was not even able to locate these files either. here are the lists files that keep showing up on malwarebytes.

C:\bfsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\fveupdate.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\HelpPane.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\hh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\HideWin.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\IFinst27.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\notepad.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\regedit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RtHDVCpl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RtlUpd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Setup1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ST6UNST.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\twunk_16.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\twunk_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\winhelp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\winhlp32.exe (Trojan.Agent) -> Quarantined and deleted successfully.


I am having little problem uploading my hijackthis log file. Whenever i try to upload on this thread, it says "forbidden" and was not able to upload the file.

Thank you!

I am also scaning panda active scan right now. I will try to upload the lof file if I can.

Jaykim,

If you would like for one of our experts to assist you with removing the malware from you computer, please follow the instructions here and create a topic in the HijackThis forum with the logs.

Also, please refrain from sending your logs as attachments; instead, please copy and paste the logs into the topic.

Derek

I don't know why you would not be able to upload your HJT file. I'm not senior enough to help you out in that department. Take a look at some of the help files in that forum or try using search for an answer.

Some of those files are indeed important Windows files. I don't know how your machine would even boot without explorer.exe. That is actually the main part of Windows that you interact with. It's called the shell. You can probably find most, if not all of those files in a hidden folder where Windows keeps backups for just such a problem. The path to the folder is c:\windows\system32\dllcache. You will probably need to be in safe mode to copy the good file from dllcache to where ever it belongs on the system. Most will go into c:\windows or c:\windows\system or c:\windows\system32. All 3 of these locations are in your PATH statement (or should be) so it's not super critical that they be placed in the right folder, it's just good to keep the machine as close as you can to the way it was originally setup. You also can check to see if there is a malware program that is running at startup. Check your startup folder first. There are also 2 places in the regestry where startup programs can go. If you need help to check there I'll send it in a seperate post. While in safe mode you should also empty all your temp and internet temp folders. They turn out to be handy places for malware writers to put their code.

Good luck,
Mike

Hello jaykim,

Those are all False Positives in Windows Vista.

You need to restore them and update Mbam database.
Then your log will show clean.

Here is a list of FPs that were fixed in XP.

http://malwarebytes.org/forums/index.php?showtopic=5383