I need help with unknown Malware!

Discussion in 'Malware Help (A Specialist Will Reply)' started by CazMo, Aug 3, 2006.

  1. CazMo

    CazMo Private E-2

    Hello all,

    I have recently been hit with some type of Malware which runs ISMON.exe, ISHOST.exe, and ISNOTIFY.exe, and also creates an icon on the tray in the bottom-right corner. Along with those, it creates two desktop shortcuts, and two start menu shortcuts with the titles- "Online Security guide" and "Security Troubleshooting". The icons are just links for URLs... the first is "http://thesecuritypages.com/" and the second is "http://testonsecurity.com/", correspondingly.

    If you put your cursor over it, it reads "Virus Alert!", and every so often it pops a little box up right above the icon and basically explains that i have a virus, and to "click here". By clicking it, it directs you so some spyware removal software site, which most likely were the creators of the Malware for self-promotion.

    I have been helping friends and family with malware and spyware troubles for a year or two now, and this is the first instance that I have seen this type. Not only have I memorized the tasks that normally and safely run in my task manager, but I have also run hijackthis, and followed the step-by-steps on your "READ THIS BEFORE ATTACHING HIJACK"..etc thread. This is the first Malware ever to get the best of me, and force me to consult online-assistance (not that it's a bad thing consulting majorgeeks, but you know.. I like solving my own problems so I can learn it 100%).

    I have managed to remove ismon, ishost, and isnotify by deleting the corresponding exe's. I can't find them in the registry, I looked as much as I could with no luck. Also, after deleting those exe's, they haven't run since(even after a reboot).

    Attached are two screenshots, each zipped for to meet the compression standards fo the forums; along with my HIJACKTHIS log.

    Any help here is appreciated, thanks!


    P.S. I could have missed something blatantly obvious in the hijacklog, or my registry. If so, my apologies.
     

    Attached Files:

    CazMo, Aug 3, 2006
    #1
  2. CazMo

    CazMo Private E-2

    Wow, I feel like a piece of crap for wasting your forum space.

    After spending 1 hour making that post and the SS's, i relized there was a SpywareQuake-fixer thread sticky'd at the top. As i said at the very end of my opening post, that I may have over-looked something obvious... well...

    It seems I over-looked the most important detail, which was to read each sticky before posting... so therefore you have my apologies. And YAY! i didn't actually have to consult someone i found it out on my own! I guess that's a plus..

    Thanks, and sorry to anyone that took time to read the post!

    Now that I have an account, I think I'll be using this site in the future.. it is such a great help-site for people that know somewhat of what they're doing, and even for those newcommers.

    THANKS MAJOR GEEKS FOR THE SOLUTION! :eek:
     
    CazMo, Aug 3, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    You have other problems besides SpywareQuake! You really need to complete ALL steps in the READ & RUN ME (you did not run them all & you did not install HJT properly & rename it which is a MUST). Then you should attach the 5 logs requested (possible 6 if you run CounterSpy instead of Windows Defender).
     
    chaslang, Aug 4, 2006
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds