Please help me I have found out trogens attacked my computer

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by babyturk, Dec 6, 2006.

  1. babyturk

    babyturk Private First Class

    I have found out my computer has some awful trogen can you please help me, I can't figure out, where to find my save log in the couterspy can you please instruct me:(
    I also don't know where the save file is on bitedefender please instruct me......Thank you. Here is my AVG scan for your review.
    P.s I have done everything that you instructed me to do in the read before posting. Please help me.
     
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi

    You should really be a specialist in running these logs by now, but remember to run them all as specified in the Read Me and include all logs from the scans below:


    [*]When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
    • CounterSpy
    • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
    • Bitdefender - from step 6
    • Panda Scan - from step 6
    • runkeys.txt - the log from GetRunKey.bat
    • newfiles.txt - the log from ShowNew.bat
    • HijackThis



      but a couple of pointers on the questions you asked above.

      Counterspy Log is found:

      To access the CounterSpy scan log...



      Bitdefender log:

      The Bitdefender instructions were taken from the Read Me guide you would have read.
     
  3. babyturk

    babyturk Private First Class

    Here is my AVG scan. I am sorry for seeming to be somewhat a pest to you.
    NO I never will be an expert. Please forgive me as I am totally a computer moron. I hope I posted everything correctly. I truely thank you from the bottom of my heart for helping me out. Merry Christmas!!:eek: :eek:
     

    Attached Files:

  4. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    HI BabyT

    Stick at it and you will learn alot about PCs... everyone starts out not knowing too much, you'll get their :)

    those are fine, but we will also need your

    GetRunKeys
    ShowNew
    Hijackthis


    logs as well, the instructions for these are in the below text........

    Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


    One thing to do in the meantime is to flush your Java Cache as it has some not welcome pests in it.... to do this follow the below

    Start > Settings > Control Panel and double click the Java Plugin > click the Cache Tab > Click the Clear button and then click OK

    If you have multiple Java plugin icons in Control Panel follow the above to clear all their caches
     
  5. babyturk

    babyturk Private First Class

    :confused: Ok I figured how to do these scans, here they are for your review, thanks again.:confused: :eek: :confused: There has to be something here, I seen the trojen name and all. when I did my AVG scan. Thanks again:confused: :eek:
     

    Attached Files:

  6. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi

    Did you clear your Java cache as mentioned?


    also you will need to re-run a few scans again as your ShowNew and GetRunKeys were run from inside the zip files, they need to be unzipped and run as specified below,

    GetRunKeys

    ShowNew
     
  7. babyturk

    babyturk Private First Class

    I went to open the java in control panel, I did just what you said for me to do, and I don't see any cache button, please verify:(
    Thanks again Halo:)
     
  8. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    ah ok my fault, maybe different than the one I have in work, try this http://www.java.com/en/download/help/5000020300.xml
     
  9. babyturk

    babyturk Private First Class

    Thanks alot Halo!
    That worked, java cache is clear!
    I hope I did this right here is the Getrunkey like you requested. It won't post it says file was already posted:(
    as well as the show new
    You are probably going to get angry at me, but this is the only way I can get it too post I am sorry:(
    I am starting to get a bit frustrated and ready to throw my computer across the room.
     

    Attached Files:

  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please FOLLOW DIRECTIONS! You are not clicking on the links that Halo gave to you nor are you clicking on the links in the READ ME. You have VERY OLD outdated versions of both ShowNew and GetRunKey. You need to download the current versions. Then YOU MUST EXTRACT all files from the ZIP file into a folder (as specified in the directions). Then you must right click your Start button and select Explore which opens a Windows Explorer window. Now navigate to the folders where you extracted GetRunKey and ShowNew . Find the GetRunKey.bat file and double click on it to run it and create a new runkeys.txt log. The find ShowNew.bat and double click on it to run it and create a new newfiles.txt log. Attach the new logs and please do not put anything into Word Doc anymore. This is never necessary. If you cannot attach something, you are normally doing something wrong or you need to refresh, or you have already attach the EXACT same file which would mean you don't have a new log.
     
  11. babyturk

    babyturk Private First Class

    Hey Chaslang,
    I posted the runkeys.text log.
    and the newfiles.text log and it said that it is in progress, why can't I see it posted? Please help. Thanks again for all your kindness:)
     
  12. babyturk

    babyturk Private First Class

    Hi has anyone forgotten about me??
     
  13. babyturk

    babyturk Private First Class

    HI I realize you all must be busy, but I have not yet heard from anyone since 9pm last night, I am hanging here worried about my computer, can anyone assist me. Thank you.
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Have you read this sticky that is at the top of every page in the forum???? Don't Bump! It Only Hurts You!!!

    Not following this guideline cost you a days time! Remember this is a free service provided by people who volunteer their time when they have it to give.


    I'm not sure what you are doing wrong but you must not be following the directions in HOW TO: Attach Items To Your Post

    Try to attach them again. Until you install the correct versions of the programs and run them properly and then attach the logs, there is nothing we can for you.

    It would also be a lot more useful if you told us what your problems actually were. Saying "trojans attacked my computer" does not provide us any useful information. Describe your problems? How do you know you have a trojan? Did a scanner detect it? What did it tell you it detected and where was it detected?
     
    Last edited: Dec 7, 2006
  15. babyturk

    babyturk Private First Class

    I don't like looking like a stupid fool, I did say that I did not understand why my post was not being tended too?? I did see the part about bumping. I don't have an eye problem at all. I am sorry but I don't think I know how to use the zip properly if you can patiently help me out I would truly appreciate that. Thank you.
    As I yesterday I did an AVG Scan and it said Trojen found, now as to what kind of trojen I am really not sure- can't remember the name. Should I go and redue the Avg scan? Please let me know. I am getting rid of this computer to my nephew so it is important that it is clean as a whistle if you know what I mean. Thank you for your patience have a winderful day.
    I don't know how to get the bold out sorry.
     
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you had seen the post about bumping then you should already have known the answer to why your post had not been answered. Can you afford to be here 24 hours a day???? Well neither can we. We get to each post when we can and as the bumping thread indicates, we work on oldest threads first. So anytime anyone adds unnecessary messages or blatantly just adds a bump message, it is like hanging up when you are waiting on a phone line queue and then call back in later. You are at the bottom of the queue again. Thus if anyone just keeps bumping, they may never get an answer.


    Back to your problems with Unzipping!

    Didn't you download HijackThis from us in step 7 of the READ ME? It was in a ZIP file and you have extracted it to the correct folder based on your log in message number 5. A similar procedure must be followed anytime you want to extract from a zip file. So quoting from the HJT procedure.

    I cannot tell you exactly since I don't know what you are using to handle ZIP files (WinXP builtin which is not very good and probably why you are confused) or WinZip.

    Obviously in the above you would need to replace HijackThis.zip with either GetRunKey.zip or ShowNew.zip and also you would need to replace C:\Program Files with the suggested C:\MGTools
     
    Last edited: Dec 7, 2006
  17. babyturk

    babyturk Private First Class

    I am sorry but I think I give up, I just can't seem to unzip GetRunKey or ShowNew, guess I will just let the trojens take over:(:(
     
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    How did you unzip HijackThis.zip?


    I'm wondering if you are not reading the part of the instuctions that say that you need to install WinZIP or similar to be able to extract files.

    Do you have the following installed: WinZip If not, you need to download and install it. You need to have a utility on your PC that can work with ZIP files.
     
    Last edited: Dec 8, 2006
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Download the attachment named MGTools01.zip
    • Find the file wherever you downloaded it too and double click on it.
    • In whatever application opens up on your PC, locate the MGtools.exe file and double click on it.
    • This should automatically make a folder named C:\MGTools and put all the files for GetRunKey and ShowNew into this folder.
    • It will also automatically create both the c:\runkeys.txt log and the c:\newfiles.txt
    • When it finishes you will see the newfiles.txt log popup in notepad. You can just close it.
    • Now attach the c:\runkeys.txt and the c:\newfiles.txt logs to your next message.
     

    Attached Files:

  20. babyturk

    babyturk Private First Class

    Yes I do have WinZip on my computer. My brother winzipped Hijack this for me and he lives across the country:(
    So I am left here very lost.
     
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    See message number 19 and follow those instructions.
     
  22. babyturk

    babyturk Private First Class

    Here are the files for your review I did just as you instructed me to.I hoped it worked this time. Hope all is well:)
     

    Attached Files:

  23. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You don't really show any major problems. Just a slight sign from a WareOut infection that may already be gone.


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.116.20,85.255.112.215

    After clicking Fix, exit HJT.

    Go to Start > Run and type in cmd
    • Click OK.
    • This will open a command prompt.
    • Type or copy and paste the following line in the command window:
      ipconfig /flushdns
    • Hit Enter
    • Exit the command window

    Now reboot in normal mode

    Now attach the below new logs and tell me how the above steps went.
    1. HJT


    Make sure you tell me how things are working now!
     
  24. babyturk

    babyturk Private First Class

    Hi I just did the HJT scan and then I went and tried step b
    and it won't go through I get a message that says cannot find the file 'cmd'(or one of its components. Make sure the path and file name are correct and that all required libraries are available...........What does this mean?I await for further instructions:)
     
  25. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry about that! I forgot you are running an old operating system. You need to use command instead of cmd
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds