Multiples Trojans

Welcome to Major Geeks!


Begin by deleting the below huge file and then immediately empty the Recycle Bin.

Code:

2008-08-06 15:05 294,501,297 --a-- C:\WINDOWS\system32\syspilog.pil

Now download LSP - Fix

Run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the mmchost.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move mmchost.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.
If it is already in the Remove section, just click Finish.



Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Do you have all of your Windows Updates (except maybe Win XP SP3)

ComboFix did not create the pagefile. This is part of your Windows OS and has always been there. It was just hidden.

The only possible reason for this was the shutdown while all the software was running. Nothing we did removed anything from ZoneAlarm. Right now I suggest uninstalling ZoneAlarm to avoid having issues with it blocking a connection especially if you think it is corrupted.

After uninstalling ZoneAlarm check again. Also check that your TCP/IP settings are set for Obtain an IP Address automatically (this is commonly referred to as setting your PC for DHCP). See this: http://www.wolfson.cam.ac.uk/computers/roomconnection/setdhcp/windowsxp.html

Can you get online now?

You should not be adding anything to the ZIP file or making a ZIP file on your own. The correct ZIP file was already made by the program and it is located where stated. That is C:\MGlogs.zip Check for yourself. Delete the file you made which has multiple copies of logs in it.

A few files related to things we were fixing seem to have created new files. I see the below which were not in your previous logs. These are slightly different names. Do you see them? Can you manually delete them?

Code:

2000-02-02 00:01 40,960 --sh--r C:\WINDOWS\system32\Karna2Drv.dll
2002-08-29 12:00 10,752 --sha-w C:\WINDOWS\system32\Proxy.dll

 

You're welcome. I advise that you work thru the below on your freshly installed system:

How to Protect yourself from malware!