Ok, I still need help

Discussion in 'Malware Help (A Specialist Will Reply)' started by manfromchiron, Apr 18, 2007.

  1. manfromchiron

    manfromchiron Private E-2

    Thanks for all the assistance so far, I'm very appreciative. I've followed the tutorial Read and Run Me First and followed it as best I could. During several of the scans my PC apparently shut down, particularly during counterspy and the online scans, leaving no log files I could find.
    I also ran AVG anti-spyware due to this problem and it did in fact find a trojan which is currently in quarrantine.

    I DO KNOW that the malware I'm having the problem with was downloaded 4/12/2007 @ 8:39am specifically. I've gone through several hundred files searching their "created date and time" and have rid myself of all which occurred then that I could find with the exception of c:/Documents and Settings/Network Service/Local settings/application data/Microsoft/Windows/UsrClassDatFile 256KB which I am unable to access or delete as it's associated program is always running, which I haven't found.

    When I shut down or restart I get the following message;
    Exception 0x0eefade occurred at location 0x7c812a5b

    I'm not sure the location is always the same but the message is similar and the exception number is always the same.

    This damn thing is running an icon in my system tray that takes me to the spylocked.com website and responds in no other way regardless of whether it is left or right clicked etc.

    I have attached logs from getrunkey and shownew as well as hijack this, hope you can find what i'm not understanding, :eek: ... I "see" but don't know

    If you need it I can also post the log from AVG antispy.
     

    Attached Files:

    manfromchiron, Apr 18, 2007
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Open your browser and under tools / manage add ons/ and look for IEBrowserHelper objects that you could disable ...one of them may be causing the error message.

    In the meantime:

    Delete this folder:
    C:\\Program Files\\Video ActiveX Object\\isamntr.exe
    and this file : C:\WINDOWS\system32\ygjun.dll


    Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com

    Use add/remove programs to uninstall:
    Java 2 Runtime Environment, SE v1.4.2_01

    Then attach new logs for:
    GetRun
    ShowNew
    HJT

    Tell us what other problems still exist.
     
    TimW, Apr 18, 2007
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds