Infected - lost control of Browsers

Discussion in 'Malware Help (A Specialist Will Reply)' started by discountcall, Feb 13, 2006.

  1. discountcall

    discountcall Private E-2

    I am having some issues here. I was/am infected with a virus. It looks like it was/is Locksky. Also, at the same time I was infected with major amounts of spyware and adware. I tried to clean it myself to the best of my ability. And after reading some of your other posts got rid of most of it. I originally had lost access to my windows explorer and task manager. I have those back now. However, ads keep popping up at will on whatever browser I am using. I tried IE, Firefox and Opera. I followed all of the directions to a tee before posting this thread with one exception; I was unable to run activescan, I keep getting a java error when I try. I have attached my Hijack this log and my Bitdefender log.

    Also,

    I have a POS Dell Win 2k SP4
    10 Gig HD and 512K Ram


    Thanks in advance for your help
     

    Attached Files:

    discountcall, Feb 13, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to MGs!

    You have a Look 2 Me infection. Run the below tool. Follow the steps in the download page:

    Look2Me Remover 1.2.0

    Afterwards attach a new HJT log and let me know how things are working.
     
    chaslang, Feb 13, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You had signs of a password stealing trojan in your BitDefender log:

    You should change all passwords for all sites (especially online banking). Do not do that from this PC. You may also want to check with your financial institutions and credit cards for any illegal activity.

    You should also delete the below files if they still exist:
    C:\Documents and Settings\Administrator\My Documents\My Downloads\fontsfree.exe
    C:\Documents and Settings\Administrator\My Documents\My Downloads\WarezP2P_TDL.exe
    C:\Documents and Settings\Administrator\My Documents\marinefree.exe
     
    chaslang, Feb 13, 2006
    #3
  4. discountcall

    discountcall Private E-2

    Thanks for your quick response. I ran L2M remover and am attaching the new HJT log. So far I haven't noticed any new windows popping up. The only thing that seems unusal is my IE. When Maximized, it is still an inch from the top of the screen. Thoughts?

    Thanks again.
     

    Attached Files:

    discountcall, Feb 13, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Have HJT fix the below lines:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    Did you delete those other files I listed?

    Tell me what file names you see in the below folder:
    C:\Program Files\Common Files\Microsoft Shared\Web Folders

    Are you still having problems with maximizing IE?
     
    chaslang, Feb 13, 2006
    #5
  6. discountcall

    discountcall Private E-2

    I deleted the files as requested, reset IE web settings, deleted cookies and files including offline content. I also set my homepage to majorgeeks.com (something useful).

    Here is the content of my web folders:

    ibm00003.dll
    MSONSEXT.DLL
    MSOSV.DLL
    MSOWS409.DLL
    MSVCP60.DLL
    PKMAXCTL.DLL
    PKMCDO.DLL
    PKMCORE.DLL
    PKMFORMS.DLL
    PKMRES.DLL
    PKMSSTLB.DLL
    PKMTEMPL.DLL
    PKMTRACE.DLL
    PKMWS.DLL
    PROMDEMO.DLL
    SECMGR.DLL
    VAIDDMGR.DLL
    VAIMEM.DLL
    pubplace.htm

    And my IE is still an inch from the top of the screen.
     
    discountcall, Feb 13, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Feb 13, 2006
    #7
  8. discountcall

    discountcall Private E-2

    Excellent. I deleted the file right after I posted it, after realizing that the bitdefender log pointed out that the file was infected. I DL'd an IE maximizing tool from the link and all seems to be back to Normal now.

    You Rock, btw.

    Thanks for all your help.
     
    discountcall, Feb 14, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome! If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Feb 14, 2006
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds