Trojan.Generic.IS!IK removal

[sascommando]

Hi,

a-squared free discovered but could not delete Trojan.Generic.IS!IK, I had major problems in the past with a Trojan (not sure if this is the same one but could well be) and if you read my previous posts I thought I got rid of it, but clearly not!

Grateful for any assistance to get rid of this once and for all. I've attached the report.

Thanks

[Lynx]

Hi sascommando,

Since you posted into this section pleas provide all log files as in the referred instruction below.

Give brief description of the problems and the symptoms of the system's misbehavior if any

Have you submitted flagged items (except cookies - those are not threats) to EMSI for analysis in order to find out whether those are False Positives or not? Please do that irrespectively

======= the standard procedure in this forum section :

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post the required log files into this thread

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

Translation Links for Forum Instructions

My regards

[sascommando]

I have done everything in the instructions. Please see logs below.

However, ISeeYouXP doesn't seem to run for me. I ran the .bat file as an administrator but I keep getting an error telling me not to run the ISeeYouXP.bat file from within the ZIP file, which I'm not doing as far as I know.

[sascommando]

Apologies, I didn't disable UAC. Attached is the ISeeYouXP log.

Can I enable UAC again?

[ShadowPuterDude]

Download -->> OTL <<-- to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    
  • Attach both logs with your next reply.

[sascommando]

Many thanks for your reply. Logs attached.

[ShadowPuterDude]

The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u17 available from Sun Microsystems.

-----------------------------------------------------------

Using Add or Remove Programs in the Control Panel; uninstall the following:

Java 6 Update 15

-----------------------------------------------------------

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  

  :OTL
  PRC - C:\Windows\explorer.exe (Microsoft Corporation) 
  SRV - (RichVideo) --  File not found
  SRV - (Lavasoft Ad-Aware Service) --  File not found
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O4 - HKLM..\Run: []  File not found
  O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
  O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe File not found
  
  :Files
  C:\Windows\*.tmp
  C:\Windows\System32\*.tmp
  C:\Users\Tim Bonner\Documents\*.tmp
  @C:\ProgramData\TEMP:DFC5A2B2
  
  :Commands
  [purity]
  [emptytemp]
  [resethosts]
  [start explorer]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• Attach the new OTL log ( don't check the boxes beside LOP Check or Purity this time )

-----------------------------------------------------------

Also attach fresh logs for:

• ISeeYouXP
  
• HiJackFree

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

[sascommando]

OTD fix done. All logs attached. Thanks

[ShadowPuterDude]

Your logs show no malware. How are things running?

[sascommando]

Things seems to be running fine, to be honest they were running fine before but I just had this Trojan lurking in the background. I thought we removed it last time but then it reappeared.

I ran a Deep Scan on a-squared and it didn't find the Trojan so it may be alright now.

[ShadowPuterDude]

Unless you are having problems from Malware it is time to do the final steps.

If you used ComboFix, uninstall ComboFix:

• Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.)
  
• AvoidTDSS /u or combofix /u or Combo-Fix /u
  Note: The space before /u, must be there. Which command you use depends on if I had you rename ComboFix during download.
  This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete everything in C:\!KillBox (If I didn't have you use KillBox, then this won't be present)

Delete the following from your Desktop (If they exist)

Avenger.exe

Avenger.txt

Avenger.zip

CFscript.txt

dds.scr

dds.pif

DisableAutoRuns.reg

fixes.bat

FixMe.reg

FixReg.reg

ISeeYouXP.exe

ISeeYouXP.lnk

ISeeYouXP.txt

Win32kDiag.exe

Win32kDiag.txt

Anything else I had you use

Delete the following files: (If they exist)

C:\Avenger.txt

C:\ComboFix.txt

Delete the following folders: (If they exist)

C:\Avenger

C:\AvoidTDSSS

C:\ComboFix

C:\SDFix

C:\Qoobox

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Empty the Recycle Bin

Run CCleaner

Turn off System restore to flush all your restore points then turn system restore back on.

To manually turn off System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

4. Click Yes when you receive the prompt to the turn off System Restore.

To turn on System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Delete C:\ISeeYouXP

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

That should take care of everything.

Safe Surfing!

[ShadowPuterDude]

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread