Need help removing Blackole trojan

sgregg · Oct 7, 2012

I recently bought a second-hand laptop (Lenovo X220 running Windows 7) and I seem to have already managed to get it infected with a trojan (unless it was already in place when I bought it). I first realised something was up when Internet Explorer started behaving strangely - hanging for long periods, not responding, refusing to shut down. I ran a full scan with Microsoft Security Essentials, which detected items called:

Exploit:Win32/pdfjsc.adh
Exploit:JS/Blackole.GB
Exploit:Java/CVE-2012-1723.BCC
Exploit:Java/CVE-2012-1723.BCP
Exploit:Java/CVE-2012-1723.BCY
Exploit:Java/CVE-2012-1723.BCZ
Exploit:Java/CVE-2012-4681.ADX
Exploit:Java/CVE-2012-4681.ADW

Security Essentials removed all of them. I've since discovered that I had an outdated version of Java on my computer, which I've uninstalled. I've also ran a full scan with the Microsoft Malicious Software Removal tool, but it didn't find anything. However there clearly still seems to be something left on the machine - when I try to open RogueKiller the machine reboots before I can run a scan. I had to boot the machine in safe mode in order to get RogueKiller to complete a scan (results attached).

I'd be grateful for help in getting rid of whatever's still left on my system. Thanks in advance.

TimW · Oct 7, 2012

I am not finding any malware in your logs. Any issues that remain should be addressed in the software forum.

Since you are not having any malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.

Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
related to MGtools and some other items from our cleaning procedures.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0

sgregg · Oct 10, 2012

TimW,

Thank you very much for looking at the logs and coming back to me so quickly. Before closing this enquiry could I get you to have a look at one more RogueKiller log? It still reboots the computer when I'm running Windows normally, so I got the attached log afterI ran the computer in safe mode with networking. You'll see that it's highlighted 9 registry errors - can I safely ignore them?

Thanks for your advice.

TimW · Oct 10, 2012

You can re-scan with RogueKiller and have it fix those issues.

sgregg · Oct 10, 2012

Wow - that was a quick response! Thanks very much for all your help.

TimW · Oct 11, 2012

You are most welcome. Safe surfing.

Log in or Sign up

Need help removing Blackole trojan

sgregg Private E-2

Attached Files:

HitmanPro_20121007_0125.log

mbam-log-2012-10-07 (00-54-16).txt

RKreport[1].txt

TDSSKiller.2.8.10.0_07.10.2012_00.59.01_log.txt

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

sgregg Private E-2

Attached Files:

RKreport[2].txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

sgregg Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member