Multiple Trojan Syndrome

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Anon-ac3bff0538, Mar 25, 2009.

  1. Anon-ac3bff0538

    Anon-ac3bff0538 Anonymized

    I'm back, thankfully not for my own purposes. Been helping a neighbor deal with some trojans over the past several days and am just about at the end of the rope here. Started with Spybot and ended up getting the infection down to just W32.Trojan.pz with it, however that infection was too stubborn to remove. Through various other means, I've found that there were multiple infections to deal with. Ran HJT and fixed the appropriate items, but there were still issues. sdra64.exe stuck in the sys32 folder wouldn't delete as the registry entry on startup. ComboFix was taking half an hour or more in preparing the log upon restarting, so I had to simply quit that one. During the process, it did fix several issues, including the sdra64. Sadly, that's not in the log since it wasn't allowed to finish that part of the process. IE now starts on the proper homepage, but it seems a potential BHO or unconnected process is still hindering the internet access through normal connections. Firefox works just fine, but no downloader can download the necessary files to install a program (such as updating Java) and Trend Micro that was installed is unable to update and be of any use. I've gone ahead and removed Java to prevent any security holes because of it, but of course can't update to the current version at the moment. That's all I know about the current status, and hopefully the logs will tell something I'm missing here.
     

    Attached Files:

  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hello again :)

    reviewing your logs and will get back to you with a set of instructions as soon as I can.

    Thanks
    Kes
     
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Is this machine set up to use the following proxy? If not please include it in our fix.


    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking Fix exit HJT.


    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

    • C:\Documents and Settings\Fine Arts\Local Settings\temp


    And use Windows Explorer to tidy up remnants from Combofix:


    • C:\WINDOWS\system32\CF22243.exe
    • C:\WINDOWS\system32\CF8586.exe
    • C:\WINDOWS\system32\CF8710.exe

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
  4. Anon-ac3bff0538

    Anon-ac3bff0538 Anonymized

    I'll be able to get to that later tonight. Just to make sure I'm perfectly clear, you're meaning to delete the Combofix remnants. Correct?
     
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    correct yes :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds