I think I fixed it but need a dbl check

Discussion in 'Malware Help (A Specialist Will Reply)' started by ppreheim, Apr 30, 2006.

  1. ppreheim

    ppreheim Private First Class

    I think I had the safetydefender problem but I folowed the do me first thread and then ran the special instructions for safetydefender. Will upload logs including HJT so you heroes can make sure I am clean if you have time. Thanks in advance.
     

    Attached Files:

    ppreheim, Apr 30, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It looks like you may have run Panda before running the SpywareQuake Removal procedure so some of what I give below may not be found. You have another Trojan on your PC too.

    Make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpDB6C.tmp (file missing)
    O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    c:\program files\common files\Totem Shared <--- the whole folder
    c:\program files\MediaGateway <--- the whole folder
    c:\windows\system32\1024 <--- the whole folder
    c:\windows\system32\ld825C.tmp
    c:\windows\system32\ot.ico
    C:\WINDOWS\system32\taskdir.exe
    C:\WINDOWS\system32\taskdir.dll

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST)    .

    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, May 1, 2006
    #2
  3. ppreheim

    ppreheim Private First Class

    Did as instructed.

    Could not find these files/folders
    c:\windows\system32\1024 <--- the whole folder
    c:\windows\system32\ld825C.tmp
    c:\windows\system32\ot.ico
    C:\WINDOWS\system32\taskdir.exe
    C:\WINDOWS\system32\taskdir.dll


    Explorer seems to be running faster and no problems so far.

    HJT Log is posted below.

    Thanks for the help
     

    Attached Files:

    ppreheim, May 2, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link.

    How to Protect yourself from malware!

    You need to do all these steps and make sure you install a firewall as mentioned in step 3.
     
    chaslang, May 2, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds