New here, please help with ATLEvents

Discussion in 'Malware Help (A Specialist Will Reply)' started by zalik22, Jan 9, 2005.

  1. zalik22

    zalik22 Private E-2

    Hi,

    I did PhilliePhan's recommendation for cleaning the Virtumundo virus. There are still 4 entries in Spybot when I run Search and Destroy.

    ATLEvents.ATLEvents: Browser helper object (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EC8E271-FAB9-418a-8A8E-65AEB4029E64}

    ATLEvents.ATLEvents: Class ID (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{3EC8E271-FAB9-418a-8A8E-65AEB4029E64}

    ATLEvents.ATLEvents: Root class (Registry key, nothing done)
    HKEY_CLASSES_ROOT\ATLEvents.ATLEvents.1

    ATLEvents.ATLEvents: Root class (Registry key, nothing done)
    HKEY_CLASSES_ROOT\ATLEvents.ATLEvents

    Also, below is the HijackThis logfile. Please help, this is driving me crazy! Thanks for the help.
     

    Attached Files:

    • log.txt
      File size:
      4.7 KB
      Views:
      0
    Last edited by a moderator: Jan 9, 2005
    zalik22, Jan 9, 2005
    #1
  2. PhilliePhan

    PhilliePhan Guest

    Hi Zalik22,

    I'm pressed for time right now, so I can't get into a long fix. However, your log is not too bad. (Please attach them in the future)

    If you look at some of my generic fixes, you should be able to follow along OK.

    The file you want to delete on reboot is: C:\WINDOWS\INETDOS.EXE

    The items to fix with HijackThis are:

    O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\WINDOWS\TEMP\SODTENI.DAT
    O4 - HKLM\..\Run: [INETDOS] C:\WINDOWS\INETDOS.EXE
    O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com (file missing) (HKCU)

    You then must use Windows Explorer to search your machine for:

    INETDOS.ini INETDOS.tmp INETDOS.bak INETDOS.dat

    SODTENI.DAT SODTENI.ini SODTENI.bak SODTENI.tmp

    and DELETE all remnants.

    With luck, I'll have some free time Monday night to check back and see how you fared.

    Best luck :)
    PP
     
    PhilliePhan, Jan 9, 2005
    #2
  3. zalik22

    zalik22 Private E-2

    Thanks for the help. It worked! I forgot to delete the files named inetdos, I just deleted the sodenti files. I appreciate the help!
     
    zalik22, Jan 10, 2005
    #3
  4. PhilliePhan

    PhilliePhan Guest

    You're welcome! (though you did all the work ;) ).

    Check out Chaslang's suggestions while you are here: How to Protect yourself from malware!

    You might also wish to check out BHO Demon in the Spyware Tools section for download.

    Best :)
    PP
     
    PhilliePhan, Jan 10, 2005
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds