jpeaked Posted November 19, 2009 Report Share Posted November 19, 2009 I use CA Security Suite and every time I restart it detects three instances of Skin Trim FY and deletes them. No other malware every detects the Skin Trim. I have used malwarebytes and A squared, Avast and a few others they only detect tracking cookies. Recently I my homepage is being hijacked. I have tried to change the homepage but it does not work. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 19, 2009 Report Share Posted November 19, 2009 Post a log from CA Security Suite, so I can see what exactly it is finding. Your logs show no malware. Link to comment Share on other sites More sharing options...
jpeaked Posted November 20, 2009 Author Report Share Posted November 20, 2009 Post a log from CA Security Suite, so I can see what exactly it is finding. Your logs show no malware. I can not find out how to do that at CA. I noticed that I can not change some of the settings on CA Security Suite, possibly the malware is causing or prohibiting my changing some of the settings which would add to the protection. I restarted my computer with full A Sqared Anti-Malware and it is running fine except that my homepage is still captured. A Squared Anti-Malware has blocked many urls trying to gain access to my computer. I ran a full scan again last night and nothing showed up. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 21, 2009 Report Share Posted November 21, 2009 Download -->> OTL <<-- to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Attach both logs with your next reply. Link to comment Share on other sites More sharing options...
jpeaked Posted November 21, 2009 Author Report Share Posted November 21, 2009 Ran OTL by this Old Timer Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 22, 2009 Report Share Posted November 22, 2009 Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL:OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\MRI_DISABLED: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\PFW: DllName - Reg Error: Value error. - Reg Error: Value error. File not found :Files C:\WINDOWS\*.tmp C:\WINDOWS\System32\*.tmp @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2 @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:679ABA25 @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1 @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2AEBCB5B @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7E95B6FD @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8 @C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:08948D52 :Commands [purity] [emptytemp] [resethosts] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Attach the new OTL log (don't check the boxes beside LOP Check or Purity this time) Link to comment Share on other sites More sharing options...
jpeaked Posted November 22, 2009 Author Report Share Posted November 22, 2009 I did it, log file attached. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 22, 2009 Report Share Posted November 22, 2009 Is your homepage still hijacked? Link to comment Share on other sites More sharing options...
jpeaked Posted November 22, 2009 Author Report Share Posted November 22, 2009 Yes, it tries to load excite and does not complete it. My homepage was changed to MSN. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 23, 2009 Report Share Posted November 23, 2009 What happens when you try to manually change your homepage settings? Link to comment Share on other sites More sharing options...
jpeaked Posted November 23, 2009 Author Report Share Posted November 23, 2009 I changed the homepage in the internet link instead of thru Firefox and it works. I restarted my computer and scanned with CA Security Suite and got: 2 instances of AtlasDMT.com tracking cookies and 3 instances of Skintrim FY Trojan. Could these be false positives? Re the Excite.com homepage- Malwarebytes starts blocking urls 66.235.126.68 to 222 and the page will never fully load. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 23, 2009 Report Share Posted November 23, 2009 I restarted my computer and scanned with CA Security Suite and got: 2 instances of AtlasDMT.com tracking cookies and 3 instances of Skintrim FY Trojan. Could these be false positives?Infection names don't tell me what was found. I need to know what exactly does CA think is Skintrim FY Trojan. Full path and file name.Re the Excite.com homepage- Malwarebytes starts blocking urls 66.235.126.68 to 222 and the page will never fully load.You would have to take that up with Malwarebytes' as to why they are blocking an IP address range that belongs to Excite.com. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 27, 2009 Report Share Posted November 27, 2009 Thread Closed Reason: Lack of Response PM either ShadowPuterDude or Lynx to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread Link to comment Share on other sites More sharing options...
Recommended Posts