Help!Trojan Dropper Genric issue

Discussion in 'Malware Help (A Specialist Will Reply)' started by SilverEagle, Aug 17, 2013.

  1. SilverEagle

    SilverEagle Private E-2

    Hey guys hows it going. Im new here, came here because of the the amazing testimonies and informing knowledge i have reviewed among this forum.

    My issue stands with a trojan dropper genric virus that has attacked my compaq laptop,(yes i know crappy computer, but yeah lol). I have already scanned my laptop using ccleaner, disk cleanup, and disk defrangement did not work with the virus on it. I found out about the virus using AVG virus scan and tried to fix it but AVG could not remove it.

    Since then, I removed AVG using unistall and AVG removal tool. Then i installed ComboFix and scanned my computer (which took days of retries) and i finally retrieve the log sheet.

    Im not sure the next step to resolve my issue, however i was hoping posting my current log sheet can help me finally get rid of this virus that has made my life hell. Thanks for the time guys, hope someone can help me.
     

    Attached Files:

    SilverEagle, Aug 17, 2013
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Aug 17, 2013
    #2
  3. SilverEagle

    SilverEagle Private E-2

    When I download it, the program automatically started. I tried recover it in start-search box but I did not see it. Is there another way I can put it on my desktop?
     
    SilverEagle, Aug 17, 2013
    #3
  4. SilverEagle

    SilverEagle Private E-2

    I have sent a combofix shortcut to the desktop. I will now follow with the instructions for the malware Read and Run.
     
    SilverEagle, Aug 17, 2013
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Attach the requested logs when you are ready.
     
    TimW, Aug 18, 2013
    #5
  6. SilverEagle

    SilverEagle Private E-2

    Ok here goes.
     

    Attached Files:

    SilverEagle, Aug 20, 2013
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun RogueKiller and have it fix these items:
    Code:
    ¤¤¤ Registry Entries : 17 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Owner\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1596769685-313151721-3114286253-1000\[...]\Run : SearchProtect (C:\Users\Owner\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1596769685-313151721-3114286253-1000\[...]\Run : SearchProtection ("C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> FOUND
[SERVICE][BLVALUE] HKLM\[...]\CCSet\[...]\Services : IBUpdaterService (C:\Windows\System32\dmwu.exe [7]) -> FOUND
[SERVICE][BLVALUE] HKLM\[...]\CS001\[...]\Services : IBUpdaterService (C:\Windows\System32\dmwu.exe [7]) -> FOUND
[SERVICE][BLVALUE] HKLM\[...]\CS002\[...]\Services : IBUpdaterService (C:\Windows\System32\dmwu.exe [7]) -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤
    Rerun Hitman and have it fix all that it found.

    Now:

    http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.


    Now reboot and rerun both RogueKiller and Hitman and attach both those logs as well.

    Then get me the log from running C:\MGTools.exe. -- C:\MGLogs.zip
     
    TimW, Aug 21, 2013
    #7
  8. SilverEagle

    SilverEagle Private E-2

    For rougekiller should I delete them or fix host/proxy /DNS/Shortcuts?
     
    SilverEagle, Aug 21, 2013
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Delete those items and then go to the DNS tab and fix those. Let me know what issues remain, if any. And attach the logs as requested.
     
    TimW, Aug 22, 2013
    #9
  10. SilverEagle

    SilverEagle Private E-2

    The only two that is showing up that you requested for me to delete is the first two u have listed.
     
    SilverEagle, Aug 22, 2013
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    That's fine. Remove them, reboot and rescan and attach the new log. Also tell me how things are running.
     
    TimW, Aug 22, 2013
    #11
  12. SilverEagle

    SilverEagle Private E-2

    My laptop is still running slow alittle. The second run of Rougkiller and Hitman did not detect any threats. I noticed it detected MGTools as a Trojan. Here are the logs.
     

    Attached Files:

    SilverEagle, Aug 22, 2013
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun RogueKiller and fix everything under "Scheduled Tasks". Also rerun Hitman and remove that reference to Conduit.

    That may speed you up. But let me know.
     
    TimW, Aug 23, 2013
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds