Jump to content

Skin Trim FY Infection


jpeaked
 Share

Recommended Posts

I use CA Security Suite and every time I restart it detects three instances of Skin Trim FY and deletes them. No other malware every detects the Skin Trim. I have used malwarebytes and A squared, Avast and a few others they only detect tracking cookies. Recently I my homepage is being hijacked. I have tried to change the homepage but it does not work.

Link to comment
Share on other sites

Post a log from CA Security Suite, so I can see what exactly it is finding.

Your logs show no malware.

I can not find out how to do that at CA. I noticed that I can not change some of the settings on CA Security Suite, possibly the malware is causing or prohibiting my changing some of the settings which would add to the protection. I restarted my computer with full A Sqared Anti-Malware and it is running fine except that my homepage is still captured. A Squared Anti-Malware has blocked many urls trying to gain access to my computer. I ran a full scan again last night and nothing showed up.

Link to comment
Share on other sites

Download -->> OTL <<-- to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Attach both logs with your next reply.

Link to comment
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\MRI_DISABLED: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\PFW: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    
    :Files
    C:\WINDOWS\*.tmp
    C:\WINDOWS\System32\*.tmp 
    @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
    @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:679ABA25
    @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1
    @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2AEBCB5B
    @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7E95B6FD
    @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
    @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:08948D52
    
    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new OTL log (don't check the boxes beside LOP Check or Purity this time)

Link to comment
Share on other sites

I changed the homepage in the internet link instead of thru Firefox and it works.

I restarted my computer and scanned with CA Security Suite and got: 2 instances of AtlasDMT.com tracking cookies and 3 instances of Skintrim FY Trojan. Could these be false positives?

Re the Excite.com homepage- Malwarebytes starts blocking urls 66.235.126.68 to 222 and the page will never fully load.

Link to comment
Share on other sites

I restarted my computer and scanned with CA Security Suite and got: 2 instances of AtlasDMT.com tracking cookies and 3 instances of Skintrim FY Trojan. Could these be false positives?

Infection names don't tell me what was found. I need to know what exactly does CA think is Skintrim FY Trojan. Full path and file name.
Re the Excite.com homepage- Malwarebytes starts blocking urls 66.235.126.68 to 222 and the page will never fully load.
You would have to take that up with Malwarebytes' as to why they are blocking an IP address range that belongs to Excite.com.
Link to comment
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude or Lynx to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...