Trojans found and cleaned but i'm not sure if i'm safe

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by WCCMIKE, Aug 17, 2006.

  1. WCCMIKE

    WCCMIKE Private E-2

    Ok i ran ewido and it found these.

    HKU\S-1-5-21-2000478354-2077806209-725345543-1010\Software\Classes\CLSID\{336ec37f-54bf-4f13-8237-03f64fa591e7} -> Trojan.Small : Cleaned.
    HKU\S-1-5-21-2000478354-2077806209-725345543-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{336ec37f-54bf-4f13-8237-03f64fa591e7} -> Trojan.Small : Cleaned.
    HKU\S-1-5-21-2000478354-2077806209-725345543-1010_Classes\CLSID\{336ec37f-54bf-4f13-8237-03f64fa591e7} -> Trojan.Small : Cleaned.


    So i ran a scan from windows security site it claims i have 14 stuff mainly in my registry .I'm not sure if these are false positives or not what should i do.:confused:
     
    WCCMIKE, Aug 17, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi

    Only way to fully make sure you are completly clean is to follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

      • [*]runkeys.txt - the log from GetRunKey.bat
        [*]newfiles.txt - the log from ShowNew.bat
      • CounterSpy - ONLY IF you were not able to run Windows Defender
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • HijackThis

    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!


    Ok will take some time to fully go through all the steps but better safe than infected.
     
    DavidGP, Aug 17, 2006
    #2
  3. WCCMIKE

    WCCMIKE Private E-2

    Ok i followed all the steps i was told to do.Spybot found some crap and got rid of it would you like to see or its not important.Anyway can someone tell me what kind of trojans those were that i posted up top also i may be wrong but that looks like it was in the registry could it possibly be a backdoor trojan:confused:
     
    WCCMIKE, Aug 17, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It's part of the SmitFraud family and neither Spybot nor Ewido will completely fix this unless the infection has already been rendered harmless by another procedure. If you had that, you really shoud complete the steps that Halo gave to you since it often comes with other problems.

    You also should consider running the below:

    SpywareQuake & SpyFalcon Removal Procedure
     
    chaslang, Aug 18, 2006
    #4
  5. WCCMIKE

    WCCMIKE Private E-2

    I already did steps 1 through 6 only thing i forgot was panda scan which i included.If you look the last 2 say possible virus so those may bad.I'm just shocked NAV didn't pick up this or bitdefender
     

    Attached Files:

    Last edited: Aug 18, 2006
    WCCMIKE, Aug 18, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are 5 potential logs requested in steps 1 thru 6:

    runkeys.txt - the log from GetRunKey.bat
    newfiles.txt - the log from ShowNew.bat
    CounterSpy - ONLY IF you were not able to run Windows Defender
    Bitdefender - from step 6
    Panda Scan - from step 6

    You only posted 1 which means you did not complete steps 1 thru 6. Also there are no real problems shown in your Panda log. That's why NAV and Bitdefender did not say anything.
     
    chaslang, Aug 18, 2006
    #6
  7. WCCMIKE

    WCCMIKE Private E-2

    So do i run those first two or just go for smitfraud like you said.
     
    WCCMIKE, Aug 18, 2006
    #7
  8. WCCMIKE

    WCCMIKE Private E-2

    Here's a bit of an update ewido removed a trojan along with like 40 cookies.I went to that windowssecurity scan site i mention at first it said i had over 40 spywares/trojans but i flushed the restore points and used ccleaner and now it only has 6 cookies showing up in the scan.
     
    WCCMIKE, Aug 18, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    In message # 3, you said:
    So why haven't you attached all the logs????? You shoul have already run everything according to your own post.

    So attach all the logs from the READ ME & then complete the SpywareQuake procedure and attach the smitfiles.txt log.
     
    chaslang, Aug 19, 2006
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds