infected w/ win32 skynet HELP...

Discussion in 'Malware Help (A Specialist Will Reply)' started by jemarajo, Dec 25, 2007.

  1. jemarajo

    jemarajo Private E-2

    Hello,

    I have a windows xp computer and I got infected with what I believe is the virus win32netsky... I started doing the read and run me first and I already have the smitfixfraud tool report...

    I need some guidedance before continuing with steps in guide... Any help will be much appreciated :cry

    Thanks,,

    Jemarajo
     

    Attached Files:

    Last edited: Dec 25, 2007
    jemarajo, Dec 25, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please run step 2 of the SmitFraudFix procedure you ran. Then attach the second rapport.txt log as the procedure requests.

    Then complete all of the steps of the READ & RUN ME and attach all of the log requested in the READ ME.
     
    chaslang, Dec 25, 2007
    #2
  3. jemarajo

    jemarajo Private E-2

    Re: infected w/ win32 netsky HELP...

    ok thanks...

    So I've been following on the Read and Run me First guide and here are my logs...
    After I ran the SmitFraudFix tool and CCleaner I noticed my pc worked a lot faster and stopped :p having the WIN32 NETSKY symptoms (red X in the taskbar gone, spyware removal software popups gone, slow performance improved).

    AVG antispyware didn't find anything, but spybot did and fixed the problems.

    Also, I think I had a little trouble with running the MGtool, but it still generated the MGtool.zip and I'm also including it... I stopped here, because I'm not sure it ran well... I received an error stating The application failed to initialized properly (0xc0000135). Click on Ok to terminate application. Please provide some guidance on whether I should continue or try to rerun the MGtool...

    Also I would like to know if my logs looks clean? thanks,

    jemarajo ;)
     

    Attached Files:

    jemarajo, Dec 26, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Why are you are running this PC without protetction software???

    Now Disable Spybot's TeaTimer as requested in the READ & RUN ME
    • Run Spybot and click Mode
    • Select Advanced Mode.
    • Then click Tools and select Resident.
    • Now in the right window pane, uncheck TeaTimer.
    • Also while this is open, in the left column now select IE Tweaks
    • and then in the right pane make sure all the Miscellaneous locks are unchecked.
    • Now quit Spybot!
    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    After clicking Fix, exit HJT

    Now delete the below file:
    C:\WINDOWS\system32\IEDFix.exe

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\Documents and Settings\Mario\Local Settings\Temp

    We need to cleanup some old software junk and also remove some remnants from an incomplete uninstall of Symantec Software.

    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 11
    Java(TM) 6 Update 2
    Java(TM) SE Runtime Environment 6 Update 1
    LiveUpdate 3.1 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)

    Now run this: Norton Removal Tool (SymNRT)

    Now make sure you have rebooted you PC after doing the above.

    Now run Ccleaner!


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created. You can ignore the error message about "The application failed to initialized properly". This is happening because you do not have certain updates from Microsoft installed and cannot run one of the tools in the MGtools folder.


    Make sure you tell me how things are working now!
     
    chaslang, Dec 26, 2007
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds