had Tracur.F trojan cannot load certain pages

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by gilligantuan, Aug 4, 2011.

  1. gilligantuan

    gilligantuan Private E-2

    i am completely new to this forum-posting-thread thing, so hopefully i am posting in the correct place. i noticed today that Mozilla would not load facebook or imdb.com. i googled for some answers, wound up here and at first, ran MBAM which cleaned out this: Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    then i went through all the READ THIS steps on this site. SuperAntiSpyware, which found

    Win32/TrojanDownloader.Tracur.F Trojan
    variants of Win32/Kryptik.QSR trojan
    Win32/Adware.Virtumonde.NEO application

    and removed this: SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/03/2011 at 10:48 PM

    Application Version : 5.0.1108

    Core Rules Database Version : 7508
    Trace Rules Database Version: 5320

    Scan type : Complete Scan
    Total Scan Time : 00:57:12

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 485
    Memory threats detected : 0
    Registry items scanned : 38076
    Registry threats detected : 5
    File items scanned : 80949
    File threats detected : 0

    Rogue.Component/Trace
    HKLM\Software\Microsoft\980F200C
    HKLM\Software\Microsoft\980F200C#980f200c
    HKLM\Software\Microsoft\980F200C#Version
    HKLM\Software\Microsoft\980F200C#980f8d8c
    HKLM\Software\Microsoft\980F200C#980fe469


    re-ran MBAM and nothing.

    COMBOFIX deleted a whole bunch of stuff, but i reran it and it found nothing and i believe overwrote the original log

    i also ran Root Repeal, MGTools and Hijack This.

    i still have the same problem not being able to load certain pages in Firefox or IE7. I would appreciate any help or advice, or corrections on how i'm supposed to post things. i've attached the log files i could actually find.
     

    Attached Files:

    gilligantuan, Aug 4, 2011
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You should not be running anything more than once unless we ask you to do so especially a program like ComboFix. Our instructions specifically stated to only run the procedures once.


    We did not ask you to run HijackThis. You need to attach the requested MGlogs.zip from running MGtools. Also attach the first log from running Malwarebytes. Also attach the current log you have from ComboFix

    Also, please do not post any logs inline like you did with the info from SUPERAntiSpyware.
     
    chaslang, Aug 4, 2011
    #2
  3. gilligantuan

    gilligantuan Private E-2

    ok, i do apologize, as i said i'm really inept at this stuff. i will attach what i can find from the MGtools folder. i do not see any zip file. just .txt files.
     

    Attached Files:

    gilligantuan, Aug 4, 2011
    #3
  4. gilligantuan

    gilligantuan Private E-2

    okay, i installed comodo firewall, accepting it's default settings. Now, the websites that would not load before, are now loading. That's where i'm at now.
     
    gilligantuan, Aug 4, 2011
    #4
  5. gilligantuan

    gilligantuan Private E-2

    i had already run HijackThis before i stumbled across your ReadThis List. . .
     
    gilligantuan, Aug 4, 2011
    #5
  6. gilligantuan

    gilligantuan Private E-2

    okay, i found the zip file.
     

    Attached Files:

    gilligantuan, Aug 4, 2011
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You forgot to attach the log from Malwarebytes. The log from ComboFix was picked up by MGtools so it is inside the MGlogs.zip file already.

    However it is not looking like you are having malware problems because your logs are looking clean ( other than what was removed already ).
     
    chaslang, Aug 5, 2011
    #7
  8. gilligantuan

    gilligantuan Private E-2

    ok, i have attached the 4 MBAM files. 3 showed infections. The final one did not. Since i installed Comodo, things have been running normal. I find that odd, because i was still having problems loading certain webpages before i installed it. It doesn't make sense to me, but things seem to be working. All told, i wrote down the following malware gathered from all the cleanings: Tracur F.trojan, variant of Kryptik.QSR.trojan, Adware.Virtumonde.NEO application, Rogue.Component/Trace, and the original one Malware found, the BHO.trojan one. Thanks for taking the time to look at all this mess.
     

    Attached Files:

    gilligantuan, Aug 5, 2011
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes ComboFix had removed several problems when you ran it.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Aug 5, 2011
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds