Greetings I was hoping to get some help.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mrgats, Jan 18, 2007.

  1. mrgats

    mrgats Private E-2

    Greetings im new to this site and was wondering if I may get some assistance which would be much appreciated,A quik run down of what I have done so far
    1.Removed malware via add/remove programs 2.Cleaned Quarintine folders
    3.Deleted mcaffe since i use AVG the most 4.I downloaded CCleaner
    and CounterSPy,Spybot I already had for while,I tried to download GetRun and ShowNew and couldnt I checked my firewall to try and allow but got an error message saying "Due to an unidentified problem windows can not display firewall settings" 5.Started in safe mode unplugged internet ran
    CC Cleaner,Spybot,CounterSpy,Bitdefender,Panda(saved logs for all) ,
    After all scans were complete a few trojans were found and was hoping to get some help Sorry for the long post just didnt want to leave anything out.
    Thanks for understanding any help will be much appreciated
     

    Attached Files:

    mrgats, Jan 18, 2007
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to MG's ....Please attach the other logs as requested in the Read and Run First instructions.
     
    TimW, Jan 18, 2007
    #2
  3. mrgats

    mrgats Private E-2

    Hey Tim.W

    Hey Tim.W sorry I was having a bit of a problem but heres the other 2 logs I have.Thanks alot
     

    Attached Files:

    mrgats, Jan 18, 2007
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    We still need the HiJackThis log as outlined in the Read and Run First instructions.
     
    TimW, Jan 19, 2007
    #4
  5. mrgats

    mrgats Private E-2

    Hey Tim.W sorry after realizing I missed a few steps and smacking myself with the keyboard a few times a re-did everything correctly this time for sure also since one of the scanners found spysherrif I also followed the instructions for running the SmitRem and hijack this for removal and Im sure I got it right this time so if i may i will also post the results of my second go round of scans in which the directions were followed correctly.Thanks for being patient I appreciate it.
     

    Attached Files:

    mrgats, Jan 20, 2007
    #5
  6. mrgats

    mrgats Private E-2

    Thanks again for your assistance
     

    Attached Files:

    mrgats, Jan 20, 2007
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Run HijackThis and select Do a system scan only. Look for the below lines (you may not always find both of them) and select them but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


    After clicking Fix, exit HJT.


    Boot into safe mode and use Windows Explorer to delete (if found):
    C:\winstall.exe
    C:\WINDOWS\Web\wallpaper.html
    C:\WINDOWS\Web\desktop.html
    C:\Windows\Desktop.html
    C:\wp.exe
    C:\wp.bmp
    C:\Program Files\SpySheriff <--- the whole folder
    C:\Documents and Settings\username\Start Menu\Programs\SpySheriff <-whole folder
    C:\Documents and Settings\username\Application Data\Install.dat

    Note: replace username with the actual user name for the account your are cleaning. Like C:\Documents and Settings\TimW\Start Menu\Programs\SpySheriff


    Run Ccleaner
    Go to c:\windows\Prefetch and delete all files in this folder.

    Now reboot in normal mode and re-run Ad-Aware.

    Attach new logs for:
    GetRunKey
    NewFiles
    HJT

    Be sure to tell us how things are running.
     
    TimW, Jan 21, 2007
    #7
  8. mrgats

    mrgats Private E-2

    Hey TimW Thank you so much for your fast replys it is definitly much appreciated, I did as you advised and here are the logs you requested
     

    Attached Files:

    mrgats, Jan 21, 2007
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Jan 22, 2007
    #9
  10. mrgats

    mrgats Private E-2

    I thank you Tim.W for all your help I really do appreciate it !!!! I have one last question as I was reading the link you sent it was recommended to install a firewall now when I tried to click on my windows firewall I got an error message saying "due to an unknown problem windows cannot open firewall settings " should I go on ahead and install one of the firewalls from the links you sent because it mentioned that they would disable the one I currently have. ? Thanks alot
     
    mrgats, Jan 22, 2007
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You could try this ....it's very easy to set up and works well:
    ZONE ALARM
     
    TimW, Jan 23, 2007
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds