Zlob.Trojan and Trojan.Bambo.Hosts.A and other Problems!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Nealsandman, Dec 30, 2006.

  1. Nealsandman

    Nealsandman Private E-2

    Maybe you can help. I have tried to run all of Run Me First! and have attached logs. My computer keeps shutting down and restarting. Also get various error messages such as "IE has encountered a problem and needs to close." "True Vector had to close." "Generic Host Processes for Win32 Services had to close." Etc.

    I am running two desktops, C:// and F://. This was scanned mainly on F:// although I did use the C:// desktop when I could not access the F:// desktop. The F:// drive is the worst.

    I originally tried to clean my computer when I was using dial-up. Got through Read and Run Me First up to step 6a and thought I was alright, but problems came back. Esp. IE7 crashing and Firefox crashing. Then I installed DSL. Thought I could get through to step 7. But could not complete online scans for Bitdefender and Pandascan.

    Here are first set of logs. AVG antivirus is in two parts because I had to run it in on drive c:// qickscan and drive F:// full san due to computer crashing. Here are logs.
     

    Attached Files:

  2. Nealsandman

    Nealsandman Private E-2

    The bitdefender scan was done two weeks ago with dial-up connection. I could not get a full scan with DSL connection. Here are other scans, including all AVGAS scans.
     

    Attached Files:

  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This sounds more like a Windows operating system problem or file corruption than malware?

    What to you mean you are using two Desktops? Do you mean you have two bootable partitions (C & F) and you sometimes boot from different ones? Why?????

    You need to attach logs from the one you want to work on! You attach some logs from F and some logs from C. They all must be from the same drive.

    What exactly happens when you try to do the online scans? However this is confusing because in message number 1 you attach a log from Bitdefender!!


    You ran AVG but you did not take any action to fix anything! Why not? This would have removed the problems mentioned in the Title of your thread.

    You are using old outdated version of GetRunKey and ShowNew. Please use the versions in the READ ME. Do not refer to some old copy of the READ ME or something you may have download a while back. Always use the current online version.

    It does not appear that you ran CCleaner on drive F. I see a load of old files in F:\Documents and Settings\MICHAEL JOSEPH\Local Settings\Temp\ that should have been removed by Ccleaner!


    What malware problems are you currently having? I don't see any from what you have posted. Although I question what the below is on drive C:

    O20 - AppInit_DLLs: FHook.dll

    Did you install http://www.file.net/process/fhook.dll.html on drive C?
     
  4. Nealsandman

    Nealsandman Private E-2

    Thanks for your reply.
    These are the problems I am having. When I first did the Read and Run Me First, my computer operated noticeably better. I think maybe some lurking problems are the cause of the trouble. At any rate I cannot reinstall Windows because my bootable disk is damaged.
    I have two hard drives, labeled C:// and F://. Originally, one hard drive crashed and I bought a second one. I kept the first one installed and managed to get it working again. My reasoning for keeping them is to have a backup in case one drive crashes and can't be recovered; then I can still get on the internet and work on it.
    When I try to do online scans one of two things happens, either the computer restarts without warning, or I am given a BSOD. I was able to do Bitdefender and Panda activescan from Drive C:// back when I had dial-up. They did not find anything. I attached the log from the Bitdefender scan. I could not locate the Panda activescan log at the time.
    When I ran AVG it completed and said IGNORE ONCE. I do not know why I got this message. I tried running it again, but it still failed to fix anything.
    I will do this and repost.
    I will do this, also.
    In the past two weeks I have seen an About:Blank window. This worries me, and I would appreciate any help you can give me with this problem. I also have the trojans and various adware that AVGAS did not clean.

    I do not remember installing this and do not know what it is for.

    I will concentrate on drive C:// first, although I will run CCleaner on drive F://. I will repost a Read and Run Me First from drive C:// However, I do not know if the online scans will work. I will try again.


    Any help is much appreciated. Thank you for your website.
     
  5. Nealsandman

    Nealsandman Private E-2

    Here is redo of Read and Run Me First. I was not able to run Panda Activescan. I was given the following error message: An error has occurred downloading Panda Active Scan. Please repeat the process. If the error occurs again, restart your system and try again. I retried 3 times before giving up.
     

    Attached Files:

  6. Nealsandman

    Nealsandman Private E-2

    Here are the remaining logs. Thank you for your assistance in this matter.
     

    Attached Files:

  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I want to see if a rootkit is hiding on your PC! Please download Blacklight Beta
    • Download blbeta.exe and save it to the Desktop.
    • Once saved... double click blbeta.exe to install the program.
    • Click accept agreement and Click scan
      This app too may fire off a warning from antivirus. Let the driver load.
      Wait for it to finish.
    • If it displays any items...don't do anything with them yet. Just hit exit (close)
    • It will drop a log on Desktop that starts with fsbl....big number
    Please post contents of the BlackLight log.

    Also let's run a second rootkit detector, sometimes one will find what another does not.
    Run this AVG Anti-Rootkit and attach a log from it too.


    But did you make both of them bootable? And is that what you are sometimes doing.


    But what option are you choosing because in the last log you posted it appears that you chose to Ignore everything again. Don't choose Ignore. Run it again and delete/quarantine ALL of the problems it finds.

    Why are you still using the below?
    Spybot - Search & Destroy 1.3 <--- this is not what we asked you to use in the READ ME.
    SpywareBlaster v3.2

    Both of those programs are more than 3 years out of date. Uninstall them, then reboot (required), and then install and use the properly versions from the below:
    SpyBot-Search & Destroy (Use the Immunize feature. Don't activate the TeaTimer like you had been doing)
    SpyWare Blaster


    Do you use Norton Spyware Scan provided by Yahoo!
    Do you plan on keeping it installed?
    Does it also block malware?
     
    Last edited: Jan 4, 2007
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    After completing my instructions in message number 7, continue with the below.


    Run this ViewpointKiller to remove the Viewpoint stuff.

    Now run this Disable/Remove Windows Messenger to remove Windows Messenger.


    Now Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.1_02

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
     
  9. Nealsandman

    Nealsandman Private E-2

    Here is the Blacklight Log. AVG anti-rootkit did not give me an option to save a file because it did not find anything, either.
    Yes.
    I have done that and attached the log, also.
    OK. I will do this, too.
    Although I have the Yahoo! DSL I am not familiar with the Norton Spyware Scan and do not use it.

    OK, I will take care of these items and then procede to complete the items in your next post.

    Thank you, again, for your assistance.
     

    Attached Files:

  10. Nealsandman

    Nealsandman Private E-2

    Sorry to bump this post, but I have completed the items in your second post. I did not know if you wanted me to uninstall Java Web Start, so I left it alone. Also, my wife uses Windows Messenger, so I removed it from my desktop, only. Tell me if these are problems.
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you actually use it? If not, then uninstall it.

    I seriously doubt that she uses this. She probably uses MSN Messenger. Windows Messenger is not the same thing and is a frequent cause of popups!
     
  12. Nealsandman

    Nealsandman Private E-2

    OK I have uninstalled it. Is there anything else I need to do?
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! Attach a final log from ShowNew and then move on to the below.

    If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    8. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
  14. Nealsandman

    Nealsandman Private E-2

    Here is the ShowNew text. Thanks, again for your help with this computer.
     

    Attached Files:

  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!

    Make sure you delete the below files and folders:
    C:\Documents and Settings\michael joseph\Desktop\blbeta.exe
    C:\Documents and Settings\michael joseph\Desktop\fsbl-20070105020219.log
    C:\Documents and Settings\michael joseph\Local Settings\Application Data\Sunbelt Software
    C:\Program Files\Sunbelt Software


    Surf Safely!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds