MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 12-27-09, 16:29
compgirl compgirl is offline
Private E-2
 
Join Date: Dec 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default snifula - help!

Hello,
Last week Spy Sweeper found the snifula trojan phisher on my computer. I ran all the programs as your thread on Snifula said and I am attaching the logs. It would be great if you would help me with this. Thanks in advance!
Attached Files
File Type: txt SASlog.txt - 12-24-2009.txt (519 Bytes, 1 views)
File Type: txt mbam-log-2009-12-24 (03-11-45).txt (874 Bytes, 2 views)
File Type: txt mbam-log-2009-12-24 (03-00-15).txt (1.2 KB, 2 views)
File Type: txt log combofix.txt (13.3 KB, 2 views)
Reply With Quote
Sponsored links
  #2  
Old 12-27-09, 16:31
compgirl compgirl is offline
Private E-2
 
Join Date: Dec 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: snifula - help!

here are the remaining log files from the scans I ran
Attached Files
File Type: txt rootrepeal log.txt (39.7 KB, 1 views)
File Type: zip MGlogs.zip (110.2 KB, 1 views)
Reply With Quote
  #3  
Old 12-28-09, 14:11
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,715
Thanks: 449
Thanked 4,656 Times in 4,395 Posts
Default Re: snifula - help!

The scans took care of most of it, but let's finish up with having you do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
Quote:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
Quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now use windows explorer to find and delete:
c:\windows\Rcaliyiyimevocog.bin
c:\windows\Xliqamewobeyitam.dat
c:\windows\system32\fjhdyfhsn.bat
C:\WINDOWS\temp\wfv2.tmp
C:\Documents and Settings\arti\Local Settings\Temp\7ZOB.TMP

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\MGlogs.zip

Make sure you tell me how things are working now!
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #4  
Old 12-28-09, 16:40
compgirl compgirl is offline
Private E-2
 
Join Date: Dec 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: snifula - help!

thank you for your reply!
i will keep you posted.
Reply With Quote
  #5  
Old 12-29-09, 16:45
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,715
Thanks: 449
Thanked 4,656 Times in 4,395 Posts
Default Re: snifula - help!

Good...but I would still like to see the new MGLogs.zip.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
Sponsored links
Reply

Tags
malware, snifula, trojan

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trojan-Phisher-Snifula ... hard to get rid of. PetitJedi Malware Removal 9 12-16-06 15:12


All times are GMT -5. The time now is 21:54.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger