MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 12-07-10, 20:58
jennb's Avatar
jennb jennb is offline
Private E-2
 
Join Date: Dec 2010
Location: Just left of center
Posts: 22
Thanks: 7
Thanked 0 Times in 0 Posts
Default Whitesmoke Trojan

Hello,

It would appear that my husbands laptop has gotten this nasty virus. We have Malwarebytes, and Spybot on the laptop as well as McAfee. Malwarebytes and Spybot both found something and corrected itself. All was good.....
I can't find a program to uninstall. But I was going to download and use AVAST instead. I can not connect to the internet on that laptop...I get a red screen saying no virus detected. It does this for any site.

So I came here and wanted to know the best way to go through the DO ME FIRST post when I can't get to where I need to be.
I HATE MCAFEE!!!


Thank you so much for any help you can give! I greatly appreciate it!

Jenn
Reply With Quote
Sponsored links
  #2  
Old 12-07-10, 21:45
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,411
Thanks: 914
Thanked 3,590 Times in 3,499 Posts
Default Re: Whitesmoke Trojan

Quote:
I can't find a program to uninstall.
You mean you are trying to uninstall Mcafee?

Quote:
But I was going to download and use AVAST instead.
Do not install avast until mcafee is definately gone.

Quote:
I can not connect to the internet on that laptop...I get a red screen saying no virus detected. It does this for any site.
Well you can transfer the tools needed in the Read and Run me first to the sick computer using a flashdrive or a disk.
Quote:
So I came here and wanted to know the best way to go through the DO ME FIRST post when I can't get to where I need to be.
I HATE MCAFEE!!!
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #3  
Old 12-08-10, 07:43
jennb's Avatar
jennb jennb is offline
Private E-2
 
Join Date: Dec 2010
Location: Just left of center
Posts: 22
Thanks: 7
Thanked 0 Times in 0 Posts
Default Re: Whitesmoke Trojan

I'm sorry I realize now looking back at my original post that some of it did not make much sense.

Whe he first ran a scan and it popped up whitesmoke, I could click on start and it showed up on my list of programs. My first thought at that point would be to uninstall it. There was not anything there. I have since removed McAfee from that laptop.

I will download everything to a flashdrive and try that. I just didn't know how that would work with not being able to update the definitions and all.

I will go through all of that and come back and see what lovely things pop up. Thank you, I really appreciate you taking the time.

Jenn
Reply With Quote
  #4  
Old 12-08-10, 11:57
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,411
Thanks: 914
Thanked 3,590 Times in 3,499 Posts
Default Re: Whitesmoke Trojan

Quote:
I will download everything to a flashdrive and try that. I just didn't know how that would work with not being able to update the definitions and all.
If necessary, as stated in the R&R:

Manual update files that you can transfer over if needed. You will need to transfer the installer and update files over, install the software and then run the update files.
http://www.majorgeeks.com/SUPERAntiS...ons_d6303.html
http://www.malwarebytes.org/mbam/dat...mbam-rules.exe

Quote:
I will go through all of that and come back and see what lovely things pop up. Thank you, I really appreciate you taking the time.
You're most welcome. I will be here waiting.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #5  
Old 12-09-10, 15:51
jennb's Avatar
jennb jennb is offline
Private E-2
 
Join Date: Dec 2010
Location: Just left of center
Posts: 22
Thanks: 7
Thanked 0 Times in 0 Posts
Default Re: Whitesmoke Trojan

Still working through it.....sorry its taking so long....so far everything is popping up with nothing but but I keep getting redirected to a particular site. I am not finished yet.....once I do I will upload the logs. Thank you again for your patience.
__________________
jenn
Reply With Quote
Sponsored links
  #6  
Old 12-09-10, 17:45
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,411
Thanks: 914
Thanked 3,590 Times in 3,499 Posts
Default Re: Whitesmoke Trojan

Don't worry, just go at your own pace, and post again once you have got the logs.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #7  
Old 12-27-10, 19:59
jennb's Avatar
jennb jennb is offline
Private E-2
 
Join Date: Dec 2010
Location: Just left of center
Posts: 22
Thanks: 7
Thanked 0 Times in 0 Posts
Default Re: Whitesmoke Trojan

Ok....after much arguing with my computer....the holidays....and a case of MRSA....I am back.....I finally got through the read and run thread. Right now I am not seeing further "whitesmoke" issues but I am still having problems....I am getting redirected about half the time on the internet regardless of the browser. I am also getting some error messages saying I am not authorized because I am not admin, but there is only one account.


Anywho

at your leisure.....I hope you all had an EXCELLENT CHRISTMAS!!!!!

Also I am a 64 bit so I did not run RootRepeal....I think that is everything....

Jennifer
Attached Files
File Type: txt combofixlog.txt (14.9 KB, 1 views)
File Type: txt mbam-log-2010-12-27 (19-07-09).txt (887 Bytes, 2 views)
File Type: txt SASlog.txt (588 Bytes, 4 views)
File Type: zip MGlogs.zip (195.8 KB, 1 views)
__________________
jenn
Reply With Quote
  #8  
Old 12-28-10, 05:57
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,411
Thanks: 914
Thanked 3,590 Times in 3,499 Posts
Default Re: Whitesmoke Trojan

Hi Jennifer.

Let's continue on

First of all the below needs to be done as it could interfere with the fix.

How to disable Spybot's TeaTimer

Java(TM) 6 Update 22 <--- Uninstall outdated Java

Using windows explorer, delete these pair of folders:
  • c:\users\Household\AppData\Roaming\Gosy
  • c:\users\Household\AppData\Roaming\Syxee

Go to TDSSKiller and Download TDSSKiller.zip to your Desktop
  • Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
  • Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor.
  • Allow the application to run and a window will open showing that it is TDSSkiller from Kaspersky
  • Click Start scan
  • It will run rather quickly and will notify you of whether anything is found or not.
  • Follow the instructions to delete/quarantine if asks you what to do when if finds something.
Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

Reboot your machine and install the most current and up to date version of Java available here at the below link:

Java Runtime 6

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Now you must describe to me how things are running!
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #9  
Old 12-28-10, 18:56
jennb's Avatar
jennb jennb is offline
Private E-2
 
Join Date: Dec 2010
Location: Just left of center
Posts: 22
Thanks: 7
Thanked 0 Times in 0 Posts
Default Re: Whitesmoke Trojan

Ok....I turned off teatimer....and updated the Java per your instructions. After the TDSSKILLER ran and I rebooted per instructions it popped up with another box Windows defender saying I had some bad mojo.....I would tell you specifically what that mojo is but the box disappeared after running the MGtools. Anywho....

Here are the logs for the MGTools and the TDSSKiller

I am looking and looking and I CAN NOT FIND THE LOG for MGTools. I know where its supposed to be I found it before. But its not there. I even did a search on the entire computer for it. I hate that.....It did all kinds of yummy goodness that it didn't do before. I am running it again......to try and got some kind of log but I can't find it.....GRRRRR......
__________________
jenn
Reply With Quote
  #10  
Old 12-28-10, 19:02
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,411
Thanks: 914
Thanked 3,590 Times in 3,499 Posts
Default Re: Whitesmoke Trojan

Just attach the TDSSKiller log (as it did not attach) and then re-run C:\MGTools.exe. THEN there should be a C:\MGLogs.zip
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
Sponsored links
  #11  
Old 12-28-10, 19:03
jennb's Avatar
jennb jennb is offline
Private E-2
 
Join Date: Dec 2010
Location: Just left of center
Posts: 22
Thanks: 7
Thanked 0 Times in 0 Posts
Default Re: Whitesmoke Trojan

ok I just finished running it again and I still can't find the zip file either by just freaking looking or by searching for the name.....should I uninstall MGtools and re-install and then run again? I will wait for further guidance....

Jenn
__________________
jenn
Reply With Quote
  #12  
Old 12-28-10, 19:07
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,411
Thanks: 914
Thanked 3,590 Times in 3,499 Posts
Default Re: Whitesmoke Trojan

Don't forget to attach the TDSSKiller log!

No, try this first.

Please do this, click Start, Run and enter cmd and click OK. This will open a command prompt window. In the command prompt window, enter the below commands each followed by the enter key. Note there is a space after the cd

cd \MGtools
GetLogs.bat

You got a C:\MGLogs.zip now? If not...

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.

Got a C:\MGLogs.zip now?
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #13  
Old 12-28-10, 19:25
jennb's Avatar
jennb jennb is offline
Private E-2
 
Join Date: Dec 2010
Location: Just left of center
Posts: 22
Thanks: 7
Thanked 0 Times in 0 Posts
Default Re: Whitesmoke Trojan

ok here is the tdsskiller log and I will redo the MGTools as directed!
Attached Files
File Type: txt TDSSKiller.2.4.12.0_28.12.2010_16.52.27_log.txt (122.9 KB, 1 views)
__________________
jenn
Reply With Quote
  #14  
Old 12-28-10, 19:31
jennb's Avatar
jennb jennb is offline
Private E-2
 
Join Date: Dec 2010
Location: Just left of center
Posts: 22
Thanks: 7
Thanked 0 Times in 0 Posts
Default Re: Whitesmoke Trojan

I am in the process of doing the instructions for the MGTools....I was able to run a scan which is what your instructions ultimately had me do.....getlogs.bat what I can't find now like I did the FIRST time is once the scan is complete...and it says to press any key to continue (once I press the key) I go to get the zip file....and its not there.... that is the problem I am having...it runs the scan fine but the file isn't there....I will try both of your thoughts and see whats shaking when I'm done....

THANKS FOR ALL YOUR HELP!
__________________
jenn
Reply With Quote
  #15  
Old 12-28-10, 19:37
jennb's Avatar
jennb jennb is offline
Private E-2
 
Join Date: Dec 2010
Location: Just left of center
Posts: 22
Thanks: 7
Thanked 0 Times in 0 Posts
Default Re: Whitesmoke Trojan

Ok I finally got one....but it put it in some really weird RANDOM place....the comand prompt even says C:\MGtools.zip

it put it in c:\\Users\Household\AppData\Local\VirtualStore

WTH?
Attached Files
File Type: zip MGlogs.zip (219.7 KB, 3 views)
__________________
jenn
Reply With Quote
Sponsored links
  #16  
Old 12-28-10, 20:32
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,411
Thanks: 914
Thanked 3,590 Times in 3,499 Posts
Default Re: Whitesmoke Trojan

Quote:
it put it in c:\\Users\Household\AppData\Local\VirtualStore

WTH?
I don't know.

Now before I review those logs, and while you are still online, please run TDSSKiller again for me and attach the log.

(Getting late for me, almost 3am)
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #17  
Old 12-29-10, 05:49
jennb's Avatar
jennb jennb is offline
Private E-2
 
Join Date: Dec 2010
Location: Just left of center
Posts: 22
Thanks: 7
Thanked 0 Times in 0 Posts
Default Re: Whitesmoke Trojan

I am so sorry....I had gotten so irritated that I closed my pc's down for the night.... I did the scan I got one more log.. I changed it from cure to copy to quarantine as instructed on the page. Here is the log.

Thank you again for all of your help! I really appreciate it.
Attached Files
File Type: txt TDSSKiller.2.4.12.0_29.12.2010_06.45.38_log.txt (62.5 KB, 2 views)
__________________
jenn
Reply With Quote
  #18  
Old 12-29-10, 06:16
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,411
Thanks: 914
Thanked 3,590 Times in 3,499 Posts
Default Re: Whitesmoke Trojan

Was there an option to cure rather than quarantine? (Try that again) I am going to have you run it one more time and attach the log. That last log still shows a rootkit infection.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #19  
Old 12-29-10, 06:37
jennb's Avatar
jennb jennb is offline
Private E-2
 
Join Date: Dec 2010
Location: Just left of center
Posts: 22
Thanks: 7
Thanked 0 Times in 0 Posts
Default Re: Whitesmoke Trojan

There was an option to cure but it said to copy to quarantine. I thought that odd myself. ANyway I did the scan again left it at cure. Rebooted as instructed here is the log but now when the computer boots up I get an error message that says the following.

RUN DLL

There was a problem starting
c:\Windows\System32\config\systemprofile\AppData\Local\ihekorilow.dll

i have no idea what this means. I am on my way out the door to work. I will check in and do what I can while I am at work. I didn't realize there was such a significant difference in time.

Thanks again.
Attached Files
File Type: txt TDSSKiller.2.4.12.0_29.12.2010_07.25.25_log.txt (60.9 KB, 3 views)
__________________
jenn
Reply With Quote
  #20  
Old 12-29-10, 10:13
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,411
Thanks: 914
Thanked 3,590 Times in 3,499 Posts
Default Re: Whitesmoke Trojan

Quote:
There was a problem starting
c:\Windows\System32\config\systemprofile\AppData\Local\ihekorilow.dll

i have no idea what this means.
It means there is still malware present, but we will find it!

That last TDSSKiller log looks more promising. I will have you run it yet again after this next fix to see the new results.
Quote:
I didn't realize there was such a significant difference in time.
Yes, I'm in the UK. However I enjoy the peaceful hours of the early morning so I am often still about and posting at that time. Night owl. Okay, I'll post a fix in a moment.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware.trace, Trojan.agent, Trojan-dropper, Rogue anti-virus duckfeet Malware Removal 8 07-12-10 17:01
Trojan Horse Downloader.Small.DHQ, Trojan.FakeAlert, and TrojanVundo :-) good times smssoleimani Malware Removal 8 07-30-09 09:30
Trojan.Vundo.H, Trojan.Vundo, and Trojan.Agent keep coming back Angelcape Malware Removal 1 11-28-08 16:06
Re-occuring Trojans: Trojan:BHO, Trojan:adclicker, Trojan:agent absentia Malware Removal 5 10-03-08 10:09
win32/trojan downloader.ISTbar.EN trojan; win32/trojan dropper.bridge.A trojan vlatko27 Software 1 05-27-04 08:40


All times are GMT -5. The time now is 19:25.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger