Oh...that MSN Messenger trojan...!

Discussion in 'Malware Help (A Specialist Will Reply)' started by themediachick, Apr 2, 2008.

  1. themediachick

    themediachick Private E-2

    Hello!

    I recently received help from Chaslang for a small problem I was having - which was very much appreciated - but here I am again, lol! Actually, just rotten luck about this......that stupid "Hey is this really you?......" link came through my MSN Messenger last night while I was chatting with a friend, and since it wasn't unusual for him to be sending me something, I went right ahead and clicked on the darned thing.....:eek:

    Well, now I know what it is, and I've done my best to get rid of it, but I'm not sure about the nittygritty of it. I started out running S&D in safe mode and caught some of it, then caught more with BitDefender's online scan, but this is one of those looping things that keeps replicating itself every 30 minutes via the internet, while you're trying to kill it, lol! And, I know where part of it is in the System32 folder, which is driving me insane! As this thing keeps replicating itself, it kills my desktop and makes it difficult to continue (been using task manager to run programs).

    I followed the beginning of another post I found here from someone with the same problem, so I've got windows messenger disabled, scanned with Avenger (which I don't think found anything), and used MGtools to create a log. I'll attach them here, and any guidance would be very much appreciated - you guys know better which tools I need to use next.

    Thanks!!!


    Btw, the name that S&D was picking up is Virtumond, BitDefender online scan picked up Win32.Stration.Gen@mm, and AVG (which is on my computer) picked up Dropper.Delf.AOY
     

    Attached Files:

    Last edited: Apr 2, 2008
    themediachick, Apr 2, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I don't know why you tried to remove items with Avenger that were not on your computer...please do no try to apply other peoples fixes to your computer.

    Now...lets fix yours:
    Please disable all anti-virus and anti-spyware programs while we do the following:

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now download The Avenger by Swandog469, and save it to your Desktop.
    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

    Be sure to tell us how things are running.
     
    TimW, Apr 2, 2008
    #2
  3. themediachick

    themediachick Private E-2

    Hi Tim - thanks for your help!

    I've done what you asked & I'll attach the logs. The symptoms haven't changed though - this thing just keeps replicating itself, as you know!

    What happens is, as my computer is starting up, the desktop & initial "start up" process begins, but after a few seconds it disappears & then tries to load again. I can still see the background color of my desktop while this is happening, but it never gets through the whole process before stopping & restarting again. Usually it eventually just stops trying to load everything, & I'm left with a blank desktop - no task bar or start menu. I'm currently using the task manager to run programs. Incidentally, the same thing happens in safe mode.

    Thanks for your help....
     

    Attached Files:

    themediachick, Apr 2, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Very little of the fix took....you may need to manually remove some of these items....but try again and make sure you have stopped all anti-virus and spyware programs.

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:


    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
    TimW, Apr 3, 2008
    #4
  5. themediachick

    themediachick Private E-2

    Sweet Jesus, I think we killed it Tim! Lol!

    I knew it didn't work the first time, and I'm not sure why because I turned everything off - this time I double checked in the task manager to make sure nothing was still running.

    Here are the new logs....
     

    Attached Files:

    themediachick, Apr 3, 2008
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sweet......Your logs look clean.

    If you are not having any other malware problems, it is time to do our final steps:

    1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    2.
    * Click START then RUN
    * Now type combofix /u in the runbox and click OK.
    * Note: The space between the X and the /U, it must be there.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    5. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    6. After doing the above, you should work thru the below link:
    How to Protect yourself from malware!
     
    TimW, Apr 4, 2008
    #6
  7. themediachick

    themediachick Private E-2

    Things have been working fine so, all is good on my end. Thanks so much for your help Tim - you're awesome! :drink
     
    themediachick, Apr 4, 2008
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are welcome ...safe surfing. :)
     
    TimW, Apr 4, 2008
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds