Looksky Trojan as well

Discussion in 'Malware Help (A Specialist Will Reply)' started by Sandwarrior, Sep 13, 2007.

  1. Sandwarrior

    Sandwarrior Private E-2

    I see other folks are having this problem too. I am running Windows Xp on a HP 519J 3.06 Ghz with a 533 MHz front side bus. I have completed all the steps in the "removal Guide". I have attached the files requested.
     

    Attached Files:

    Sandwarrior, Sep 13, 2007
    #1
  2. Sandwarrior

    Sandwarrior Private E-2

    Here is the HJT log and runkeys. It seems the problem has been fixed, but I would appreciate some one smarter than me, making sure this is gone. Thank you everyone!
     

    Attached Files:

    Sandwarrior, Sep 13, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You forgot to attach the required log from CounterSpy. Please attach it.

    But a bigger issue is that you are not working from the current tools given in the READ ME. Please download and use the current versions of GetRunKey and ShowNew as requested in the READ ME. And then attach new logs from them.

    Also how do you know you have Looksky? What is reporting it and where is it reporting it? Attach a log from whatever reports this.
     
    chaslang, Sep 13, 2007
    #3
  4. Sandwarrior

    Sandwarrior Private E-2

    Chaslang,

    I used the "Read & Run First" thread that was posted by you dated 10-09-05. Is this the wrong thread? I also used the links for Getrunkey and shownew that are in this thread. I did download them again and I will re run them. I will post them when they get done running.

    The Activescan.TXT is attached in my first post.

    I had a warning screen pop up on my computer telling me I might have the trojan W32.Looksky. I had (initially) a red desktop with a radioactive symbol in the middle, and my IE home page had been hijacked. After I completed all of the steps on the above mentioned thread, the red desktop was gone and replaced with my original and all but one of the shortcuts that was downloaded to my desktop was gone ( and that final one is gone now as well).
     
    Sandwarrior, Sep 13, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That is the right thread but you need to make sure you use the current versions of programs.

    No you did not. If you did, you would have the correct versions.

    I did not ask for this. I asked for the log from CounterSpy.
     
    chaslang, Sep 13, 2007
    #5
  6. Sandwarrior

    Sandwarrior Private E-2

    Check the link out for your self! They are exactly what is attached to the link. Please stop talkingto me like I am a 2 year old. This post of yours is higly insulting
     
    Sandwarrior, Sep 13, 2007
    #6
  7. Sandwarrior

    Sandwarrior Private E-2

    Here is the counter spy txt file
     

    Attached Files:

    Sandwarrior, Sep 13, 2007
    #7
  8. Sandwarrior

    Sandwarrior Private E-2

    Here are the other 2 txt files you requested.
     

    Attached Files:

    Sandwarrior, Sep 13, 2007
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Stop acting like I don't know what I'm talking about. You are the one being insulting. Look at the GetRunKey and ShowNew logs in your first message and read the version numbers given at the top of the logs. Now compare them to the logs you just attached. Now are they the same version numbers? No they are not, and that is because you did not use the correct versions as I originally stated. Now you have they correct versions since you just downloaded them.
     
    chaslang, Sep 13, 2007
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Based on your logs the only item remaining from the infection is the below which you need to uninstall via Add/Remove programs.
    Video Access Codec v1.4

    I also saw the below which is supposedly a commercial keylogger.

    C:\WINDOWS\system32\clrprv\ScrCapt.exe

    Did you install this? If not then delete the C:\WINDOWS\system32\clrprv folder.
     
    chaslang, Sep 14, 2007
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds