Ultimate defender

Discussion in 'Malware Help (A Specialist Will Reply)' started by Ianovavich, Jun 28, 2008.

  1. Ianovavich

    Ianovavich Private E-2

    Hi,

    Running a Lenovo R60 IBM ThinkPad with a Centrino duo processor. The setup came with Symantec AV software, which I wasn't overly confident in. Just swapped to AVG and Zone Alarm and had a couple of problems, like my auto updates wouldn't come on etc.. Decided to look at the StopZilla program, which really confused me.. Said I had Ultimate Defender trojan and other stuff to sort out !!

    Ran AVG, which didn't really pick anything up, but I still had pop-ups.. Managed to run your skybot S&D and Ad-Aware that I found on your other suggestions, and it has cleaned up the Pop-Ups, but how can I find out if the trojan's gone without going back through StopZilla (which I was cautious of)?

    Sorry if that's too much waffle, but it's my first post..

    Cheers,
    Ian
     
    Ianovavich, Jun 28, 2008
    #1
  2. Lev

    Lev MajorGeek

    Lev, Jun 28, 2008
    #2
  3. Ianovavich

    Ianovavich Private E-2

    Hi,

    Been through the instructions and hopefully removed all the threats, but a bit concerned that every program I run throws up new threats. Would you please be able to look at the logs for me and see if the Ultimate Defender trojan has been removed ??

    Logs enclosed.

    Very much appreciated.

    Thanks
    Ian
     

    Attached Files:

    Ianovavich, Jun 29, 2008
    #3
  4. Ianovavich

    Ianovavich Private E-2

    Balance logs
     

    Attached Files:

    • log.txt
      File size:
      21 KB
      Views:
      1
    Ianovavich, Jun 29, 2008
    #4
  5. Ianovavich

    Ianovavich Private E-2

    Sorry, I can't seem to get the combofix log attached, the upload section is saying I've already uploaded it.

    Is there another way I can get this over ?

    Thanks
    Ian
     
    Ianovavich, Jun 29, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes you have in message # 4. The log you have not attached is the log from SUPERAntiSpyware. Please attach this log now.

    You need to disable Spybot's Teatimer as requested in the READ & RUN ME. Do this now and then do the below.


    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Uninstall the below software since you already uninstall Symantec AV
    LiveReg (Symantec Corporation)
    LiveUpdate 2.6 (Symantec Corporation)

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {7712D99D-F7FB-4AE8-B824-A031C03A7003} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {C1EFA349-A8F3-43D3-AE92-13E9C7E8AF9B} - C:\WINDOWS\system32\mlJdBrsr.dll (file missing)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

    After clicking Fix, exit HJT.

    Now reboot your PC.


    Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.


    Then attach the below log:
    • C:\MGlogs.zip
    • don't forget to attach the original SUPERAntiSpyware log
    Make sure you tell me how things are working now!
     
    Last edited: Jun 30, 2008
    chaslang, Jun 30, 2008
    #6
  7. Ianovavich

    Ianovavich Private E-2

    SAS log attached.

    How do I disable the Tea Timer, the help menu in S&D doesn't explain.

    Thank you for your patience.
     

    Attached Files:

    Ianovavich, Jun 30, 2008
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Jun 30, 2008
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds