Username:    Password:    Remember me     
Google
 

Forums


Malwareteks :: Forums :: Malware Support :: Resolved Malware Threads
 
<< Previous thread | Next thread >>
[RESOLVED] FixIEDef didn't work for me
Moderators: ShadowPuterDude, tayspen, D3m3nt3d, Brandon, Neal, jholland1964, TurcoLoco, Windsor, JeanInMontana, RatHat, MrCharlie, evilfantasy
This thread is now closed
Author Post
KawaSteve
Fri Jul 18 2008, 05:57PM
Registered Member #219
Joined: Fri Jul 18 2008, 05:47PM
Posts: 2
Thanked 0 times in 0 posts
You've fixed a lot of that free-virusscan.com virus with FixIEDef but it didn't work for my computer. Here's my HijackThis log. Hope you can help me.

Thanks!
hijackthis.log
Back to top
ShadowPuterDude
Fri Jul 18 2008, 06:54PM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts
Moving this thread to Malware Removal.

This variant is not yet in the FixIEDef database for removal.

Download
- Pocket Killbox to Your Desktop
- ATF Cleaner to Your Desktop
- ExplorerXP

Install ExplorerXP

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).
wrote ...
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19B8572F-894F-41E0-9309-00091B688905}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4937D5D1-2039-409A-BD83-FEC9B39B2356}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAF9D798-C659-4B9B-8E19-EE27C3D04EE7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoNew.Bho]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoNew.Bho.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19B8572F-894F-41E0-9309-00091B688905}]
Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following:
wrote ...
C:\WINDOWS\system32\tbs.dll
C:\WINDOWS\system32\tbsch.dll
C:\WINDOWS\system32\tbsrch.dll
C:\WINDOWS\system32\tbrs.dll
C:\WINDOWS\system32\tbrsch.dll
C:\WINDOWS\system32\tbrsrch.dll
C:\WINDOWS\system32\toolbars.dll
C:\WINDOWS\system32\toolbarsch.dll
C:\WINDOWS\system32\toolbarsrch.dll
Now run ATF Cleaner.

Delete the contents of C:\WINDOWS\Prefetch.

As an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to .

Attach a fresh logs for:
HijackThis
ISeeYouXP

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
KawaSteve
Fri Jul 18 2008, 07:41PM
Registered Member #219
Joined: Fri Jul 18 2008, 05:47PM
Posts: 2
Thanked 0 times in 0 posts
OK That seemed to work (at least IE appears to be functioning properly now). But I only had one of the WINDOWS\system32 files that you said to delete - tbsrch.dll. Is that strange or ok?

Here are the fresh logs.
hijackthis.log
iseeyouxp.txt
Back to top
ShadowPuterDude
Fri Jul 18 2008, 07:59PM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts
Only finding the one file is a good thing. Sometimes you can have more that 1 copy of the Trojan on your system. The files I posted are the names the Trojan can have.

Your logs look fine.

Unless you are having problems from Malware it is time to do the final steps

Delete the following from your Desktop (If they exist)
ISeeYouXP.exe
ISeeYouXP.txt
ISeeYouXP.lnk (Shortcut for ISeeYouXP.bat)
FixMe.reg
FixReg.reg
FixIEDef.exe

You can delete and unistall any programs I had you download, that you do not wish to keep on the system.

Empty the Recycle Bin

Run ATF Cleaner

In the ISeeYouXP folder double-click HideIT.bat.

Turn off System restore to flush all your restore points then turn system restore back on.

To manually turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Delete C:\ISeeYouXP

That should take care of everything.

Safe Surfing!

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
 

Jump:     Back to top
Syndicate this thread: rss 0.92 Syndicate this thread: rss 2.0 Syndicate this thread: RDF
Powered by e107 Forum System

< ASAP Member Sites | Privacy Policy | Infected? | Want to Help? | Software Piracy | Malware Complaints | About Us | Contact Us | Terms of Service >

Content Copyright 2006-2008 - MalwareTeks
This site is powered by e107, which is released under the terms of the GNU GPL License.


Banner