Help with syssecuritysite.com malware, Please!!!

Discussion in 'Malware Help (A Specialist Will Reply)' started by Shadis, Jul 14, 2006.

  1. Shadis

    Shadis Private E-2

    Over the past two days I have followed the advice on your website (which is incredible by the way, thanks for all that you guys do) to try and resolve my malware problem on my own. I have been unsuccessful so far and would really appreciate some help.

    This is as much info as I can think to give you:

    My PC:
    Intel Pentium 4 3.06GHz
    1 GB of RAM
    80GB Hard drive (60 free)
    OS: Windows XP Professional
    Ver. 2002
    IE: ver. 6
    2001 – SP1
    Running on DSL

    Problem:
    My homepage is consistently changed to syssecuritysite.com, I have consistent pop-ups (including adultfriendfinder, anti-virus golden, pesttrap, malware wipe, AD protect, and Virus Blast), I have pop-ups of all sorts saying a variety of viruses have been detected or my computer is unsafe, and a yellow triangle with an exclamation point appears in my taskbar that leads to a number of different ‘anti-virus’ websites when clicked on.

    What I’ve Done:
    1) I found your ‘READ & RUN ME FIRST’ sticky and followed it to the letter, saving logs at every possible instance. I got to #6 and took the option of trying a few alternate scans from #8. The only thing that was fixed is my homepage and I believe this is temporary.

    2) I tried looking at FAQ for adultfriendfinder and followed those directions, which did not stop it.

    3) Next I looked at ‘SPECIAL REMOVAL PROCEDURES’ for syssecuritysite.com. The link took me to ‘SpywareQuake & SpyFalcon Removal Procedure’ of which the first step is to, “Download the attached fixquake.zip file to your Desktop.” Only ‘fixquake.zip’ was not linked and I could not find it in your files section through your site search or the google search.

    4) Finally I tried HJT and have no idea what I’m looking at.

    I will try to properly attach all of the logs in order in which I ran them.

    Please help me! If there is anything you want me to do, information I’ve left out, or anything, please tell me what to do!!!

    Thank you!!!
    Shadis
     

    Attached Files:

    Shadis, Jul 14, 2006
    #1
  2. Shadis

    Shadis Private E-2

    Here are the other logs.

    Thanks again!
     

    Attached Files:

    Shadis, Jul 14, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Jul 15, 2006
    #3
  4. Shadis

    Shadis Private E-2

    I'm a little slow... but all is well now!

    Chaslang,

    I assumed “Download the attached fixquake.zip file to your Desktop.” on the sticky 'www.syssecuritysite.com, safetydefender.com, SecurityBulletin.net - removal' was a link because it was in bold. Thinking about it later, I realized that it was an attached file to the post. I followed the instructions line by line and found the problem:
    isnotify.exe​

    thank you for your help! you guys are life savers!
    Now if only i could find a sticky that shows how to keep my puppy from chewing on my keyboard cord I'd be allright! :)
     
    Shadis, Jul 19, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: I'm a little slow... but all is well now!

    But you have more to do to get cleaned up! And you have a bunch more to do in order to protect your system. You are way out of date with your Windows Updates and that is a major security risk! But first, let's finish your malware cleanup.

    I'm assuming from your last message that you aleady deleted
    C:\WINDOWS\System32\isnotify.exe so I will leave it out of the below steps.

    Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now run Windows Explorer and delete the below files (boot to safe mode to delete them if they will not delete in normal boot mode):
    C:\WINDOWS\system32\components\flx1.dll
    C:\WINDOWS\system32\components\flx5.dll
    C:\WINDOWS\del.tmp

    Additional step to delete files in the Downloaded Program Files folder :
    - Click Start, Run, and enter cmd in the box and click OK. This opens a command prompt windows.
    - Enter the following command lines each followed by the enter key
    cd C:\WINDOWS\Downloaded Program Files\
    attrib -r -h -s gdnUS2218.exe
    del gdnUS2218.exe
    exit


    After doing the above, if you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work immediately thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Jul 20, 2006
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds