Found Trojans and Have completed logs

Discussion in 'Malware Help (A Specialist Will Reply)' started by littleracer2, Jan 20, 2011.

  1. littleracer2

    littleracer2 Private E-2

    Hi,

    I tried to make a Samsung Recovery File and during the process it told me there were some errors and suggested I recover instead, but it had already overwritten the old file. I performed an AVAST scan and discovered the recovery file I had just made included trojans.

    Several infections were found on my computer:

    Infections Found:

    Avast found: index[2].htm
    C:\Users/Eitzen-main\AppData\Local\Microsoft\Windows\Temporary Internet Files/Low\Content.IE5\FFW00GWK
    Virus: JS:Downloader-YR [Trj]

    Ad-Aware found: Trojan.Win32.Generic!BT
    I vaulted this, then uninstalled Ad-Aware because I wanted to install Malwarebytes Anti-Malware instead.

    I do not know how long they have been there, as I came to realize AVAST scheduled scans were not running as I had thought. I tried to eliminate the problem by following directions to reboot in safemode and run Malwarebytes Anti-Malware except twice it froze at the same point in the scan.

    I then followed the detailed instructions in your READ First thread and created all the logs as suggested (see attached).

    I don't know if there are any more issues or if they are taken care of. The only thing I noticed was decreased performance and the error trying to make a recovery backup file. I do remember a window often popping up that JavaScript was trying to make changes to my computer and I had been allowing this for several months already (in hindsight, maybe I was allowing the trojan to make changes?)

    I am wondering if you would be able to review my log files to see if there is anything that still needs to be done.

    Thank you so much!

    Wendy
     

    Attached Files:

    littleracer2, Jan 20, 2011
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Your logs are clean. :)

    Let's just kill off a dead BHO with a reg patch.

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, Jan 20, 2011
    #2
  3. littleracer2

    littleracer2 Private E-2

    I completed the reg patch task like you said and received a successful message

    "The keys and values contained in ...fixME.reg have been successfully added to the registry."

    I tried to uninstall combofix, but instead of uninstalling it ran again. I typed exactly as you said. I also tried "%userprofile%\Desktop\combofix" /u as I had read yesterday in another post and combofix just ran again instead of deleting. That time it asked if I wanted to update to a newer version and I said yes, but when the disclaimer came up again I said no because I didn't want it to run for the third time.

    Will you be able to advise how to uninstall it? I will leave everything else until it is safely uninstalled.

    Just a newbie question and I don't mean to take any more of your time...were you able to discern the amount of damage done by this trojan? Is it possible that down the road there could be problems that show up?...I realize I can learn about trojans and what they do on my own time, but I just wondered if you had anything brief to add about this specific situation that would help me learn.

    Thanks already,
    Wendy
     
    littleracer2, Jan 21, 2011
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    If we used ComboFix, you can delete the

    • ComboFix.exe file
    • C:\ComboFix folder
    • C:\QooBox folder
    • C:\WINDOWS\nircmd.exe
    • C:\combofix.txt
    • C:\ComboFix-quarantined-files.txt logs that was created.
    I think you will be just fine. :)

    You're welcome! Safe surfing.
     
    Kestrel13!, Jan 21, 2011
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds