Jump to content

Two Trojan infections


Recommended Posts

I would encourage you to replace PC Tools Firewall Plus, as Symantec has ended support for all PC Tools security products effect today: http://www.pctools.com/en/product-eol/index/faq/security/

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:

  • Download the latest version of JRE 7 Update 21.
  • Click the "Download JRE" button to the right.
  • Accept the license agreement.
  • Click on the download link for your system and save it to your desktop.

    Windows x86 Offline (jre-7u21-windows-i586.exe)

  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.(Vista/7 users, right click on the JRE download and select "Run as an Administrator.")
Using Add or Remove Programs in the Control Panel; uninstall the following:

Java 7 Update 7
Java 7 Update 17
The installed version of Adobe Reader on this computer is out-dated. Install the latest version of Adobe Reader available from Adobe.

Download AdwCleaner and save it on your desktop.

  • Close all open programs and internet browsers (you may want to print our or write down these instructions first).
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open n Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
  • Attach that log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
  • If you lose that log file for any reason, you can find it at C:\AdwCleaner[s1] on your computer.
Download Junkware Removal Tool and save it on your desktop.
  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
Run OTL.exe
  • Copy & paste the entire contents of OTLfix.txt (ATTACHED BELOW) into the Custom Scans/Fixes box located at the bottom of OTL.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let my know how things are running.
Link to comment
Share on other sites

All processes killed

========== OTL ==========

Service RealNetworks Downloader Resolver Service stopped successfully!

Service RealNetworks Downloader Resolver Service deleted successfully!

File C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe File not found not found.

Service AppMgmt stopped successfully!

Service AppMgmt deleted successfully!

File %SystemRoot%\System32\appmgmts.dll File not found not found.

Service WDICA stopped successfully!

Service WDICA deleted successfully!

File File not found not found.

Service SABKUTIL stopped successfully!

Service SABKUTIL deleted successfully!

File C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys File not found not found.

Service PDRFRAME stopped successfully!

Service PDRFRAME deleted successfully!

File File not found not found.

Service PDRELI stopped successfully!

Service PDRELI deleted successfully!

File File not found not found.

Service PDFRAME stopped successfully!

Service PDFRAME deleted successfully!

File File not found not found.

Service PDCOMP stopped successfully!

Service PDCOMP deleted successfully!

File File not found not found.

Service PCIDump stopped successfully!

Service PCIDump deleted successfully!

File File not found not found.

Service lbrtfdc stopped successfully!

Service lbrtfdc deleted successfully!

File File not found not found.

Service i2omgmt stopped successfully!

Service i2omgmt deleted successfully!

File File not found not found.

Service Changer stopped successfully!

Service Changer deleted successfully!

File File not found not found.

Service catchme stopped successfully!

Service catchme deleted successfully!

File C:\Combofix\catchme.sys File not found not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection not found.

File C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\_run.bat not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit\ deleted successfully.

Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}

C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

C:\WINDOWS\system32\-1 moved successfully.

ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C31F31E6 deleted successfully.

========== FILES ==========

C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\DomaIQ.exe moved successfully.

C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\setup__120.exe moved successfully.

C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\temp folder moved successfully.

C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\software folder moved successfully.

C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin\Quickshare folder moved successfully.

C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin\MySearchDial folder moved successfully.

C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin\MyBackupPc folder moved successfully.

C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin\exe folder moved successfully.

C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin\css\images folder moved successfully.

C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin\css folder moved successfully.

C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041\bin folder moved successfully.

C:\Documents and Settings\Jane\Local Settings\temp\DIQM\Combofix_041 folder moved successfully.

C:\Documents and Settings\Jane\Local Settings\temp\DIQM folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 179861667 bytes

->Temporary Internet Files folder emptied: 274673 bytes

->FireFox cache emptied: 53633953 bytes

->Opera cache emptied: 3848536 bytes

->Flash cache emptied: 2062 bytes

User: All Users

User: All Users.WINDOWS

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 57616 bytes

User: Jane

->Temp folder emptied: 17001565 bytes

->Temporary Internet Files folder emptied: 29665025 bytes

->FireFox cache emptied: 7487863 bytes

->Google Chrome cache emptied: 16849580 bytes

->Opera cache emptied: 55027399 bytes

->Flash cache emptied: 64820 bytes

User: Jen

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 49286 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 47693 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 353220728 bytes

Total Files Cleaned = 684.00 mb

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User

->Flash cache emptied: 0 bytes

User: Default User.WINDOWS

->Flash cache emptied: 0 bytes

User: Jane

->Flash cache emptied: 0 bytes

User: Jen

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS

User: Jane

User: Jen

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05192013_200322

Files\Folders moved on Reboot...

C:\Documents and Settings\Jane\Local Settings\Temp\MPC51.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to comment
Share on other sites

Run OTL.exe

  • Copy & paste the entire contents of OTLfix.txt (ATTACHED BELOW) into the Custom Scans/Fixes box located at the bottom of OTL.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let my know how things are running.
Link to comment
Share on other sites

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
Delete the following from your Desktop: (If they exist)

AdwCleaner.exe

JRT.exe

JRT.txt

Anything else I had you use

Delete the following folders: (If they exist)

C:\AdwCleaner[s1]

Empty the Recycle Bin

Download to your Desktop:

- CCleaner Portable

  • UnZip CCleaner Portable to a folder on your Desktop named CCleaner
Run CCleaner
  • Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)
  • The following should be selected by default, if not, please select:

    4l5a4i.png

  • Click 16jox2o.png and choose 5x3nu8.gif
  • Uncheck 2wlsw11.gif
  • Then go back to 2jb4qyb.gif and click nf47ev.gif to run it.
  • Exit CCleaner.
Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:

How to Protect Your Computer From Malware

How to keep you and your Windows PC happy

Web, email, chat, password and kids safety

10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

Link to comment
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...