malaware found including backdoor please help

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by lord lucan, Apr 24, 2007.

  1. lord lucan

    lord lucan Private First Class

    hope ive done as i was told

    please find attatched my reports
     

    Attached Files:

    lord lucan, Apr 24, 2007
    #1
  2. lord lucan

    lord lucan Private First Class

    and the rest
     

    Attached Files:

    lord lucan, Apr 24, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall the below old versions of software:
    IBM 32-bit Runtime Environment for Java 2, v1.4.1
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Mozilla Firefox (1.5.0.11)

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Then install the current version of FireFox from: Mozilla Firefox



    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS

    After clicking Fix, exit HJT.

    Now reboot in normal mode

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Manually delete the infected email (with a crack file) that BitDefender found and could not delete.


    Make sure you tell me how things are working now!

    If you are having any problems, please be sure to describe them.
     
    chaslang, Apr 24, 2007
    #3
  4. lord lucan

    lord lucan Private First Class

    ive done all that and then out of interest i ran active scan and got exactly the same results?

    my pc is acting odd cant really explain the difference but it freezes up and programs go to not responding often.

    heres another hjt log of after the stuff you told me to do. dont know if this is any use?
    what next???
     

    Attached Files:

    lord lucan, Apr 25, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No you did not! This time you got a different registry key related to MyWebSearch. It now found this:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

    The keys in your first log were different.

    You can try using the below patch to see if it will remove that key! Sometime the Ext\Stats keys are annoying to remove and in most cases are not worth the effort since they are not really active problems.


    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    More than likely not malware since you don't show any, but to be on the safe side run the below and attach the log:

    Using Sophos Anti-Rootkit
     
    chaslang, Apr 25, 2007
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds