Need some help, possibly infected with "look2me"

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by dijkstra33, Jan 24, 2006.

  1. dijkstra33

    dijkstra33 Private E-2

    Hi,
    I ran the 'read and run first' post. the only step i could not get to work was the panda scan. the scan page had javascript errors and wouldn't scan. all other logs are attached and i also attached a text file of the most common sites that my browser attempts to access. i thought that might help identify what the crap my computer is infected with. thanks.

    i have also run the vx2 finder, but nothing came up, but i think i may have look2me or a variant. i think my winlogon.exe might be hijacked also.

    View attachment hijackthis_1-24-2006_11-07PM.log

    View attachment sites.txt

    View attachment bitdefenderscan1.txt
     
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    From now on please attach your logs using the Manage Attachment button instead of using the paper clip.

    Please download HOSTER and then follow the below steps.
    • Unzip HOSTER to a convenient folder such as C:\Hoster

    • Run Hoster.exe, click Restore Original Hosts and then click OK.

    • Click the X to exit the program.
    After you complete the above, please see the below thread on running the L2MeFix Tool.

     
  3. dijkstra33

    dijkstra33 Private E-2

    Ok, I ran them. Here are the logs the thread said to post.
     

    Attached Files:

  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

  5. dijkstra33

    dijkstra33 Private E-2

    Ok, here they are, thanks! :)
     

    Attached Files:

  6. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Are you familiar with TorCP or Tor ??

    Please look in Add or Remove Programs for the following and Uninstall them if found:

    Ewido

    Spy Sweeper


    Now scan with HijackThis and check the boxes for the following entries:
    ( Make sure ALL browser windows are closed when you click FIX )

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 3.3.3.3:3434

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab

    O20 - Winlogon Notify: policies - C:\WINDOWS\

    O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    Again, make sure ALL browser windows are closed when you click FIX.

    NOW:
    Click Start > Run > type services.msc and Click OK

    Locate MySQL and RightClick on it to bring up the Service Properties Window.
    First: Stop the service by clicking the Stop Button.
    Next: Disable it by changing the Startup Type to Disabled and click Apply

    Locate Local Security Authority Subsystem Service (lsass) and RightClick on it to bring up the Service Properties Window.
    First: Stop the service by clicking the Stop Button.
    Next: Disable it by changing the Startup Type to Disabled and click Apply

    Next, run CCleaner to clean up cookies and temp files.

    Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.

    Note: Remember to get all updates before doing the scans.


    Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    • Temporary Files
    • Temporary Internet Files
    • Recycle Bin
    And Click OK.


    After you complete the above, proceed with the rest of this fix...

    Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:


    • Disable and Re-enable System Restore

    • Turn OFF System Restore to flush any bad Restore Points.

    • Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

    After you complete the above reboot once more and then scan with HijackThis and attach the new log.
    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.
     
  7. dijkstra33

    dijkstra33 Private E-2

    Hi,
    Ok, finished all those steps. Things seem to be better after running that l2mefix program, thats when i noticed the biggest difference. havn't really had any popups after that. but those subsequent scans still found stuff...

    tor and torcp, are fine. no need to worry about those.

    how does my log look now?
     

    Attached Files:

  8. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Your log looks good, are you having any further problems?
     
  9. dijkstra33

    dijkstra33 Private E-2

    So far so good...thanks a bunch.
     
  10. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds