Malware attack

Discussion in 'Malware Help (A Specialist Will Reply)' started by CJfamily3, Mar 13, 2008.

  1. CJfamily3

    CJfamily3 Private E-2

    I went through the thread to remove malware and attached the logs. I rebuilt a laptop for my daughter and installed Norton Internet Security 2008. She immediatly logged on to MySpace and was hacked while her and my wife watched and Norton just stood there did nothing. Please help me keep my daughter and her college work safe. Thanks in advance
     

    Attached Files:

    CJfamily3, Mar 13, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Is your copy of Spyware Doctor a paid version or free trial? If free, uninstall it now.


    Did you save the below? Brontok is the name of a Trojan.
    Code:
    "C:\Documents and Settings\Owner\Local Settings\Application Data\"
bronto~1.bin  Mar  7 2008        7459  "Bron.tok.A10.em.bin"
BRON~2.TOK    Mar  6 2008              "Bron.tok-10-6"
BRON~3.TOK    Mar  7 2008              "Bron.tok-10-7"
listho~1.txt  Mar  7 2008        7459  "ListHost10.txt"
    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [Ltho] "C:\WINNT\system32\STEM~1\iexplore.exe" -vt yazb
    O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe

    After clicking Fix, exit HJT.

    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 14, 2008
    #2
  3. CJfamily3

    CJfamily3 Private E-2

    No I didn't save the brontok thing. Do I continue with your instructions or is there something else I need to do?
     
    CJfamily3, Mar 14, 2008
    #3
  4. CJfamily3

    CJfamily3 Private E-2

    It seems to be running fine so far. Is it safe for my daughter to surf the net and go to MySpace without fear or is there something else you recommend I load for protection?
    This is a GREAT service you are doing here, can I do this for all my PC's and my computer illiterate friends' PC's? I'd love it even more if I could do this myself and give them back a CLEAN PC. I don't have a business going on or anything but I do have a lot of friends who can't use their PC or have to put up with work arounds to get half their stuff done. I'm in the Air Force and deploy alot and my co-workers come to me when their laptops go down for the count over seas. I do what I can for them at the time with the limited resources I have at hand but I fail more often than not. Laptops are big for Air Force folks to pass time over there so I take all the help I can get. Thanks for all you've done.
     

    Attached Files:

    CJfamily3, Mar 15, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Then delete the below 2 folders and files:

    C:\Documents and Settings\Owner\Local Settings\Application Data\Bron.tok-10-6
    C:\Documents and Settings\Owner\Local Settings\Application Data\Bron.tok-10-7
    C:\Documents and Settings\Owner\Local Settings\Application Data\Bron.tok.A10.em.bin
    C:\Documents and Settings\Owner\Local Settings\Application Data\ListHost10.txt
     
    chaslang, Mar 16, 2008
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds