D_Trojanator

Volunteer Security Advisor
  • Content Count

    53
  • Joined

  • Last visited

Community Reputation

0 Neutral

About D_Trojanator

  • Rank
    Advanced Member
  • Birthday 11/26/1989

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    London, England.
  1. Hi there TukTuk, Sorry for the delay in the reply, I've been a bit busy recently. There is one more thing I need you to do, but it's quite small. The AVG log you posted is very promising, and I would happily declare this computer to be clean after completing the following. You should have no problems at all going online now, I'd be confident to say this computer is clean. One thing I want you to do, is as follows. Firstly make sure your system can view all hidden files as per previous instructions. Open HJT, and check the following entry: O4 - HKLM\..\Run: [{E0BC8662-0710-1031-0225-050412060031}] "C:\Programme\Gemeinsame Dateien\{E0BC8662-0710-1031-0225-050412060031}\Update.exe" te-110-12-0000273 Hit "Fix Checked", then reboot the PC into safe mode. Find and delete this folder if you can find it: C:\Programme\Gemeinsame Dateien\{E0BC8662-0710-1031-0225-050412060031} Now reboot back into normal mode. Let me know how the system is running, I think you are good to go now!
  2. Ok, good. Run the ADSspy again, and find and check the following entry: C:\WINDOWS\system32\svchost.exe : exe.exe (35840 bytes) Then press the "Remove Selected" selected button, then reboot. Then let me know how the system is running. I see clean logs now!
  3. Hi there, good work! It is a good idea to print off these instructions: This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost. Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out! If you have any queries about the process or just general questions, just ask. Please find and delete this file: C:\WINDOWS\system32\lnwin.exe Run HijackThis, click on Open the Misc Tools Section Click on Open ADS Spy uncheck the "Quick Scan" uncheck the "Ignore safe system info data streams" Finally, click Scan button. ADS Spy will scan the system and report all the ADS present in the system. Click Save log. I will need that later on. I want you to clean your cache and cookies from your internet explorer. There are a few infected files which need to be removed from your system. ° Close all instances of Internet Explorer . ° Go to your control panel and open "Internet Options". ° Click on the "General" tab. ° Click the "Delete Cookies" button, then the "Delete Files" button. ° When prompted, place a tick in the "Delete all offline content" box and click OK. Also, please clean other Temporary files and Empty the Recycle Bin ° Go to start and click on the "run" button. ° Type the following in the fox --> cleanmgr and click ok. ° Let it scan your system for files to remove. ° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked. ° Press OK to remove them. We need to purge your infected system restore points. On the Desktop, right-click My Computer, then click Properties. Click the System Restore tab near the top of the window. Check Turn off System Restore, click Apply, and then click OK. More information on how to disable your system restore can be found here. We want to create a new, clean restore point. Please first reboot your computer. On the Desktop, right-click My Computer, then click Properties. Click the System Restore tab near the top of the window. Uncheck "Turn off System Restore", click Apply, and then click OK. Click Start > All Programs > Accessories > System Tools, and select System Restore. In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button. Type a description for your new restore point - Something like "After trojan/spyware cleanup". Click Create, and after it has created the restore point, click "Close". Further instructions on creating a restore point can be found here Please post the ADS spy log in your next reply.. David
  4. Glad to here it was sorted out, after a reformat of the hard-drive I have no doubt that you've cleaned the PC of the malware you had. A reformat is often the best option with an infected PC. Follow this list and your potential for being infected again will be reduced dramatically. Use an Anti Virus Software - * It is very important that your computer has an anti-virus software running on your machine. * This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs: * Click here for more information on -> Computer Safety On line - Anti-Virus * I would recommend Grisoft's AVG or AVAST. * These are the more secure and better ones. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - * I can not stress how important it is that you use a Firewall on your computer. * Without a firewall your computer is susceptible to being hacked and taken over. * Simply using a Firewall in its default configuration can lower your risk greatly. * For an article on Firewalls and a listing of some available ones see the link below: * Click here for more information on -> Computer Safety On line - Software Firewalls * I would recommend ZoneAlarm as a firewall as it's easy to use. Visit Microsoft's Windows Update Site Frequently - * It is important that you visit http://www.windowsupdate.com regularly. * This will ensure your computer has always the latest security updates available installed on your computer. * If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option. * This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. * You should also scan your computer with program on a regular basis just as you would an anti virus software. * A tutorial on installing & using this product can be found here: * Click here for more info -->Instructions for - Spybot S & D and Ad-aware Install Lavasofts© Ad-Aware - Install and download Ad-Aware. * You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. * A tutorial on installing & using this product can be found here: * Click here for more info -->Instructions for - Spybot S & D and Ad-aware Install Javacools© SpywareBlaster - * SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. * A article on anti-malware products with links for this program and others can be found here: * Click here for more info -->Computer Safety on line - Anti-Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. If you have any addition questions just ask... David
  5. No that's fine, just as expected. Please perform this online scan: Kaspersky Webscan Read the Requirements and Privacy statement, then select "Accept" A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab Select "Install" to download the ActiveX controls that allows ActiveScan to run. When the download is complete it will say ready, click "Next" Select a target to scan: Click on "My Computer" When the scan is complete choose to save the results as "Save as Text" Post the Kaspersky scan results in your next reply, along with a new Hijackthis log. David
  6. Ok, good work! Please download, install, and update AVG antispyware Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update. After the update finishes (the status bar at the bottom will display "Update successful") Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine. Click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared. Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will display "All actions have been applied" on the right hand side. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop). Close AVG antispyware and reboot!! Please post the log in your next reply. David
  7. Your welcome Jacksaar! Thanks for the feedback, I have updated a few of my canned speeches. I now use this for the system restore points: "We need to purge your infected system restore points. On the Desktop, right-click My Computer, then click Properties. Click the System Restore tab near the top of the window. Check Turn off System Restore, click Apply, and then click OK. More information on how to disable your system restore can be found here. We want to create a new, clean restore point. Please first reboot your computer. On the Desktop, right-click My Computer, then click Properties. Click the System Restore tab near the top of the window. Uncheck "Turn off System Restore", click Apply, and then click OK. Click Start > All Programs > Accessories > System Tools, and select System Restore. In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button. Type a description for your new restore point - Something like "After trojan/spyware cleanup". Click Create, and after it has created the restore point, click "Close". Further instructions on creating a restore point can be found here" I know use this canned speech for emptying Norton Quarantine: I want you to remove a few infected quarantined files from your Norton Antivirus. The instructions depend on the version of Norton that you are running Please visit the following link, and follow the instructions by clicking the on the appropriate version: http://service1.symantec.com/SUPPORT/nav.n...000041213443506 You can go ahead now and remove anything that you've downloaded in the clean-up process. It's been a real pleasure helping you, you've repaid me by fixing my speeches! The latest log is looking clean! Follow this list and your potential for being infected again will be reduced dramatically. Use an Anti Virus Software - * It is very important that your computer has an anti-virus software running on your machine. * This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs: * Click here for more information on -> Computer Safety On line - Anti-Virus * I would recommend Grisoft's AVG or AVAST. * These are the more secure and better ones. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - * I can not stress how important it is that you use a Firewall on your computer. * Without a firewall your computer is susceptible to being hacked and taken over. * Simply using a Firewall in its default configuration can lower your risk greatly. * For an article on Firewalls and a listing of some available ones see the link below: * Click here for more information on -> Computer Safety On line - Software Firewalls * I would recommend ZoneAlarm as a firewall as it's easy to use. Visit Microsoft's Windows Update Site Frequently - * It is important that you visit http://www.windowsupdate.com regularly. * This will ensure your computer has always the latest security updates available installed on your computer. * If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option. * This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. * You should also scan your computer with program on a regular basis just as you would an anti virus software. * A tutorial on installing & using this product can be found here: * Click here for more info -->Instructions for - Spybot S & D and Ad-aware Install Lavasofts© Ad-Aware - Install and download Ad-Aware. * You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. * A tutorial on installing & using this product can be found here: * Click here for more info -->Instructions for - Spybot S & D and Ad-aware Install Javacools© SpywareBlaster - * SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. * A article on anti-malware products with links for this program and others can be found here: * Click here for more info -->Computer Safety on line - Anti-Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. If you have any addition questions just ask... David
  8. Sorry tuk-tuk, that was an error on my part. Please replace step 1, with the following: Open notepad and copy and paste the following text in the quote box into the window: Save this as fix3.bat Choose to save as all files. This is how the batch must look afterwards: Doubleclick fix3.bat and let the program run. A small black dos window will flash, this is normal.
  9. Glad I could help Aaron! The latest log is looking clean! Follow this list and your potential for being infected again will be reduced dramatically. Use an Anti Virus Software - * It is very important that your computer has an anti-virus software running on your machine. * This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs: * Click here for more information on -> Computer Safety On line - Anti-Virus * I would recommend Grisoft's AVG or AVAST. * These are the more secure and better ones. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - * I can not stress how important it is that you use a Firewall on your computer. * Without a firewall your computer is susceptible to being hacked and taken over. * Simply using a Firewall in its default configuration can lower your risk greatly. * For an article on Firewalls and a listing of some available ones see the link below: * Click here for more information on -> Computer Safety On line - Software Firewalls * I would recommend ZoneAlarm as a firewall as it's easy to use. Visit Microsoft's Windows Update Site Frequently - * It is important that you visit http://www.windowsupdate.com regularly. * This will ensure your computer has always the latest security updates available installed on your computer. * If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option. * This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. * You should also scan your computer with program on a regular basis just as you would an anti virus software. * A tutorial on installing & using this product can be found here: * Click here for more info -->Instructions for - Spybot S & D and Ad-aware Install Lavasofts© Ad-Aware - Install and download Ad-Aware. * You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. * A tutorial on installing & using this product can be found here: * Click here for more info -->Instructions for - Spybot S & D and Ad-aware Install Javacools© SpywareBlaster - * SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. * A article on anti-malware products with links for this program and others can be found here: * Click here for more info -->Computer Safety on line - Anti-Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. If you have any addition questions just ask... David
  10. Good work! We've just got a couple of things left to do. 1) Open Norton AntiVirus by double clicking the 'Shield' icon located in the right hand bottom corner of your computer screen. Double click the 'View' folder. It is located on the left side of the Norton AntiVirus window. This will expand the folder and display the contents. Click on the 'Quarantine' icon. The right side of the Norton AntiVirus window will now list the contents of your quarantine folder. Select the item you wish to remove and click on RED 'X' icon to delete it. This will open the 'Take Action' window. Click the 'Start Delete' button to remove the infected file from your computer. Repeat for any other quarantined files you want to remove. When you are done removing files, click the 'Exit' button in the bottom left hand corner of the Norton AntiVirus window. 2) Please open notepad and and copy and paste next bold in it: (don't forget to copy and paste REGEDIT4) Save this as "fix.reg" Choose to save as *all files and place it on your desktop.It should look like this: Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok. 3) We need to purge your infected system restore points. On the Desktop, right-click My Computer, then click Properties. Click the System Restore tab near the top of the window. Check Turn off System Restore, click Apply, and then click OK. We want to create a new, clean restore point. Please first reboot your computer. You will be asked to turn system restore on again, click "yes". On the Desktop, right-click My Computer, then click Properties. Click the System Restore tab near the top of the window. Check Turn off System Restore, click Apply, and then click OK. Click Start > All Programs > Accessories > System Tools, and select System Restore. In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button. Type a description for your new restore point - Something like "After trojan/spyware cleanup". Click Create, and after it has created the restore point, click "Close". Reboot a final time, how is the computer running now?
  11. You are welcome Lauren! The steps in my last post are all recommended ways of increasing your protection and security on the PC. If you follow these steps then your computer should be well on the way to being protected against a whole host of threats that could infect your computer. Also, I see that you are running yahoo antivirus. Now, this may be your antivirus of choice, but it is not as reputable as most of the others on the market. There are various free antivirus programs such as AVG and Avast which I can promise you will do a much better job of protecting your computer. It might be an idea to install one of the above and run a full scan; if you do, note that you must uninstall Yahoo Antivirus, as I do not recommend that you have more than one anti virus product installed and running on your computer at a time. In general terms, the two programs may conflict and cause false alarms - When the anti virus software tells you that your PC has a virus when it actually doesn't. You might also like to read here In the mean time http://www.bleepingcomputer.com/forums/topic2520.html; it's excellent info that's not too time consuming to read. Some of it is replicated in my own all-clean speech, but there are specific instructions for securing internet explorer. It is up to you whether or not you wish to switch to Firefox or not, most will say that Firefox is more secure. However, I've been using internet explorer for years without a single problem. Also have a read here: http://users.telenet.be/bluepatchy/miekiem...prevention.html I hope this helps... David
  12. Good work online! It is a good idea to print off these instructions: This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost. Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out! If you have any queries about the process or just general questions, just ask. Please download SmitfraudFix (by S!Ri) Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop. Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present: R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file) O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - I:\Program Files\Video ActiveX Object\isaddon.dll (file missing) O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - I:\WINDOWS\system32\nbbrhbd.dll Click on Fix Checked when finished and exit HijackThis. Make sure your Internet Explorer is closed when you click Fix Checked! Now reboot into Safe Mode. This can be done tapping the F8 key as soon as you start your computer You will be brought to a menu where you can choose to boot into safe mode. Make sure you choose the option without networking support. Once in Safe Mode, open the SmitfraudFix folder again. Double-click smitfraudfix.cmd. Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt Warning : running option #2 on a non infected computer will remove your Desktop background. Also post a new Hijackthis log. David
  13. Great work! Things are looking a lot better! I want to run a scanner of the whole PC, looking for any leftover infected files. Also I want to export the contents of your msconfig entries to look for anything suspcious. Please perform this online scan: Kaspersky Webscan Read the Requirements and Privacy statement, then select "Accept" A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab Select "Install" to download the ActiveX controls that allows ActiveScan to run. When the download is complete it will say ready, click "Next" Select a target to scan: Click on "My Computer" When the scan is complete choose to save the results as "Save as Text" Post the Kaspersky scan results in your next reply. Please download Combofix to your desktop. Doubleclick combo.exe to launch the application. Follow the prompts that will be displayed on the screen. Don't click on the window while the fix is running, because that will cause your system to hang. When finished, it should produce a log, combofix.txt. Post this log in your next reply together with a new hijackthislog. Also post the Kaspersky log. You may need several replies, as the logs can be quite long...
  14. Okay, good work! Basically you've uncovered a lot more things that need to be done, and I have to break the news that you have quite a nasty rootkit infection. However, don't be put off by the word, most are fixable, it is just going to take a bit more work on both our parts. I can see from the reg log that you have windows firewall allows a few malware files to access the internet, although those files should now be deleted, I think it's best to remove these left over entries with a simple regedit. I've a got few things I want you to do, then we'll run the rootkit remover tool. Oh, and the system errors that you received about the "mistake" is possibly something to do with the rootkit you have installed - Rootkits often can cause a system to become unstable. 1) Firstly, click start > run and copy and paste the following, then hit enter: attrib -a -h -r -s "C:\WINDOWS\system32\sdmvdlxe.exe" Do the same for the following, after doing the first command: del /q "C:\WINDOWS\system32\sdmvdlxe.exe" 2) Please open notepad and and copy and paste next bold in it: (don't forget to copy and paste REGEDIT4) Save this as "fix.reg" Choose to save as *all files and place it on your desktop.It should look like this: Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok. 3) Download the Rustock.b removal tool from the link below...and save it to your desktop: http://www.uploads.ejvindh.net/rustbfix.exe Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (C\avenger.txt & C\rustbfix\pelog.txt). 4) Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present: O4 - HKLM\..\Run: [{E0BC8662-0710-1031-0225-050412060031}] "C:\Programme\Gemeinsame Dateien\{E0BC8662-0710-1031-0225-050412060031}\Update.exe" te-110-12-0000273 Click on Fix Checked when finished and exit HijackThis. Make sure your Internet Explorer is closed when you click Fix Checked! 5) Exit and reopen Hijackthis, and run a scan and save its log. Post the C\avenger.txt & C\rustbfix\pelog.txt along with a new Hijackthis log. David