Need Help : Trojan.Lootseek keeps coming back 1

Re: Need Help : Trojan.Lootseek keeps coming back 2

First install the current version of Sun Java from: Sun Java Runtime Environment

Then install the current version of FireFox from: Mozilla Firefox

Then uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0

Now do you know if the below line has anything to do with all this anonymous proxy server stuff you have setup:
O20 - AppInit_DLLs: ASAPHook

Also what is the below for?
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

Is the below your desired start page?
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/

Make sure viewing of hidden files is enabled (per the tutorial).
Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - REG:system.ini: Shell=
O4 - HKCU\..\Run: [Tok-Cirrhatus-2421] "C:\Documents and Settings\Fab_2\Local Settings\Application Data\br5865on.exe"

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\Fab_2\Local Settings\Application Data\br5865on.exe

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode!
Now Copy the bold text below to notepad. Save it as fixWLK.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now attach a new HJT log.

Make sure you tell me how things are working now.
If you still have problems with Trojan.Lootseek, attach a log that displays exactly what and where Norton is finding int.

 

If you are not using the proxy server stuff then uninstall them. I see:
Anonymous Browsing
ProxyWay

You should also have HJT fix the below line:
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

I don't want to touch the O20 - AppInit_DLLs line until we see if it is related to the proxy stuff.

Now attach a new HJT log and a new log from ShowNew.

How is everything running right now?

 

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're welcome. Surf safely!

 

Did you just try deleting those files?

Also did you toggle System Restore?

Does the below file exist:

C:\Windows\System\smss.exe

 

System Restore should be enabled if you did what I requested in message # 7.

 

Is Norton still detecting Lootseek? Make sure you empty your C:\Program Files\Norton AntiVirus\Quarantine folder!

Please look for this file:

C:\WINDOWS\system32\ASAPHook.dll

I would like to get some more info on the ASAPHook.dll file. So if found (using Windows Explorer) right click on it and select Properties. Now see if there is a Version tab in the window. If so, select the Version tab and on the next window select each of the listed Item names (one at a time) to get more info about the file. The most important Item is the company name. If there is no Version tab, tell me that too.

I'm wondering if it is part of the HP ProtectTools Security Manager

 

Did you install this or anything from this company?

See the below link:
http://www.cognizancesecurity.com/d...""Cognizance Identity and Access Management""


You did not answer my other question about LootSeek.

 

Well that is good that LootSeek is gone!

Perhaps we should just ignore the ASAPHook.dll file unless you are having any problems. It may be part of something else you have installed. Maybe like I said part of the HP stuff, but I really don't know at this point.

 

You're welcome. Surf safely!