Bandook/msdll/firefox

Discussion in 'Malware Help (A Specialist Will Reply)' started by shapse, Dec 19, 2007.

  1. shapse

    shapse Private E-2

    I am unable to remove *bandook and all other variants of bandook. I've run HJT; Avenger and MGtools, logs attached. I've manually deleted registry entries only to have them return. The malware seems to be running something under firefox.exe which uses about 8,000k of memory. Deleting the process is fruitless-it reappears in about 20 secs. I've also run PC Tools Registry Cleaner, does not fix problem. Please help!
     

    Attached Files:

    shapse, Dec 19, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please attach the other logs that were requested in the READ ME. You did not run ComboFix and AVG Antispyware as requested. You need to run them and attach the logs. Also run anything else you skipped in the READ ME. Then you need to attach a new MGlogs.zip file since you did not run steps in the order requested. To get the new log, run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.

    I'm not sure what you were trying to do with Avenger but it is not the kind of tool you should be using on your own. It should only be used as instructed by an expert. Using it improperly can make your PC unbootable.
     
    Last edited: Dec 21, 2007
    chaslang, Dec 19, 2007
    #2
  3. shapse

    shapse Private E-2

    Thanks for your help in directing me to the readme post. I had been following another post. I believe ComboFix and AVG AntiSpyware helped with some of the problem. However, after having had disconnected the computer from the internet (simply by unplugging the cable) and leaving it on, Bandook seemed to have removed itself. It also removed Firefox.exe and reset my screen saver. After this, no programs running under the name of Firefox.exe were found, nor was msdll.exe running, though it still existed on the computer. But, I was able to permanently delete it. The computer appears to be running correctly with no extra activity/cpu usage/or internet pings. Very odd. If it would be helpful, I would be happy to send you any logs. Please let me know.
     
    shapse, Dec 21, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you want to make sure your problems are really gone, you should attach current logs that reflect your PCs condition as it is now.
     
    Last edited: Dec 23, 2007
    chaslang, Dec 21, 2007
    #4
  5. shapse

    shapse Private E-2

    Enclosed in log.zip are logs from MGLogs, ComboFix, and AVG Spyware. They look clean. What do you think? Thanks for your help
     

    Attached Files:

    shapse, Dec 23, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are clean but I do have a few things for you to do.

    First you should disable the Guest user account because it is a security risk.

    Next you should stop using MSconfig to control startup as stated in the READ ME. Either permanently remove unwanted startups or use a real startup manager to do things like this. See: Startup CPL


    Now you need to uninstall all the below old Sun Java Versions:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2
    Java 2 Runtime Environment, SE v1.4.2_04
    Java(TM) 6 Update 2
    Java(TM) SE Runtime Environment 6 Update 1


    If you are not having any other malware problems, it is time to do our final steps:

    1. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    2. If you are running Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    3. After doing the above, you should work thru the below link:
     
    chaslang, Dec 23, 2007
    #6
  7. shapse

    shapse Private E-2

    Thanks for you help!
     
    shapse, Dec 23, 2007
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Dec 23, 2007
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds