Requesting help with ali.exe trojan

Welcome to MajorGeeks, Angelus21

Please be patient as I am reviewing your logs.

dr.m

 

Hello, Angelus21

**PRINT OUT THESE INSTRUCTIONS NOW OR SAVE THIS SET OF INSTRUCTIONS BEFORE CONTINUING. Save your work and close all opened programs, exit all browser sessions!!**
Please physically dis-connect from the internet, disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Step 1:
Please download The Avenger by Swandog46 to your Desktop

Step 2:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed

Step 3:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Step 4:
Right click on the Avenger.zip folder and select "Extract All..."
* Follow the prompts and extract the avenger folder to your desktop
* Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code:

Files to delete:
C:\WINDOWS\{00000~1.cdf
C:\WINDOWS\{00000~1.bak
C:\Documents and Settings\Ian McFadden\Local Settings\temp\cf10767.exe

Folders to delete:
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint 

Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4.The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Step 5:
Run Ccleaner, then re-boot into normal mode


Step 6:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).


Then attach the below logs to your next reply:

• C:\MGlogs.zip
• C:\avenger.txt

Make sure you tell me how things are working now!

 

Gremlins!

Hello, Angelus21... trying again!

Please do this fix while in normal mode

Step 2:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed

Step 3:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Then follow the rest of the steps, please.

 

You're welcome, Angelus -

Sofar... it looks good, the entries and files/folders were deleted. Going over your logs closely.

dr.m

 

Hello again, Angelus

^ 5 .... your logs are clean!

Safe surfing! :cool

 

You're very welcome, Angelus!

dr.m :wave
PS: Take a long tour of the site... lots of very good info & helpful members