Username:    Password:    Remember me        
Google
 

Forums


Malwareteks :: Forums :: Malware Support :: Resolved Malware Threads
 
<< Previous thread | Next thread >>
[RESOLVED] More pain with the "Attention, User! Some dangerous trojan horses detected in your system"
Moderators: ShadowPuterDude, tayspen, D3m3nt3d, Brandon, Neal, jholland1964, TurcoLoco, Windsor, JeanInMontana, RatHat, MrCharlie, evilfantasy
This thread is now closed
Author Post
HanRyo
Sat Jul 19 2008, 10:50AM
Registered Member #220
Joined: Sat Jul 19 2008, 10:39AM
Posts: 2
Thanked 0 times in 0 posts
Dear Malwareteks

I have this problem with this trojan, it keeps showing this error message everytime i go to my computer or my documents or so. I have done everything in the Malware Cleaning Guide, but the problem still remains, i even used FixIEDef and nothing changed. Help me please!
I will attach every logs you said for me to get in the Malware Cleaning Guide and 1 or 2 others I thaught convinient.


logs__reports.rar
Back to top
ShadowPuterDude
Sat Jul 19 2008, 02:36PM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Posts: 171
Thanked 6 times in 6 posts
Using Add or Remove Programs in the Control Panel; uninstall the following:
wrote ...
Java(TM) 6 Update 3
Safari

-----------------------------------------------------------

The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 6u7 available from Sun Microsystems. Uninstall all older versions of Java on your computer, before installing the latest version of Java.

-----------------------------------------------------------

Mozilla Firefox (2.0.0.15) << Is out-of-date

Update to 2.0.0.16 or upgrade to Firefox 3.0.1

-----------------------------------------------------------

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:
wrote ...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VideoCodec Class - {926A61C9-5C20-4583-ACA7-ACE21088816E} - (no file)
O2 - BHO: VideoCodec Class - {949859A7-EB1F-400D-BDBC-C48238BDF788} - C:\Windows\system32\AswBHO.dll
Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

-----------------------------------------------------------

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:
  • Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    wrote ...
    C:\Windows\system32\AswBHO.dll
    C:\Windows\system32\tmpB684.tmp
    C:\Windows\system32\tmpB6B3.tmp
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

    Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

-----------------------------------------------------------

Run Windows Cleanup.

Run ATF Cleaner.

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

As an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

-----------------------------------------------------------

Attach fresh logs for:
  • HijackThis
  • ISeeYouXP

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
HanRyo
Sat Jul 26 2008, 12:11PM
Registered Member #220
Joined: Sat Jul 19 2008, 10:39AM
Posts: 2
Thanked 0 times in 0 posts
Thank you very much! No more that stupid error window! Thx a lot!

Here are the fresh logs:
fresh_logs.rar
Back to top
ShadowPuterDude
Sat Jul 26 2008, 03:23PM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Posts: 171
Thanked 6 times in 6 posts
Your logs look fine.

Unless you are having problems from Malware it is time to do the final steps

Delete everything in C:\!KillBox

Delete the following from your Desktop (If they exist)
ISeeYouXP.exe
ISeeYouXP.txt
ISeeYouXP.lnk (Shortcut for ISeeYouXP.bat)
FixMe.reg
FixReg.reg
FixIEDef.exe

Delete the following: (If they exist)
C:\ComboFix.txt
C:\SDFix

You can delete and unistall any programs I had you download, that you do not wish to keep on the system.

Empty the Recycle Bin

Run ATF Cleaner

In the ISeeYouXP folder double-click HideIT.bat.

Turn off System restore to flush all your restore points then turn system restore back on.

To manually turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Delete C:\ISeeYouXP

That should take care of everything.

Safe Surfing!
"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
 

Jump:     Back to top
Syndicate this thread: rss 0.92 Syndicate this thread: rss 2.0 Syndicate this thread: RDF
Powered by e107 Forum System

< ASAP Member Sites | Privacy Policy | Infected? | Want to Help? | Software Piracy | Malware Complaints | About Us | Contact Us | Terms of Service >

Content Copyright 2006-2008 - MalwareTeks
This site is powered by e107, which is released under the terms of the GNU GPL License.


Banner