Olmarik Trojan

marjustdoit · May 5, 2010

Hi! I have the following problem: Some days ago I was using Firefox when a popup appeared and I made the big mistake of clicking okay. NOD32 discovered the Olmarik trojan in my computer, but wasn´t able to delete it. After that, a lot of weird things started to happen to my computer... First, a window sometimes appears when I am on the internet asking me if I want to download a file. Of course I don´t download them... Second, NOD32 is blocking some URLs every hour... Third, Host Process for Windows Services often stops working and after that an error message of windows appears telling me there was an error. Fourth, after Host Pocess stops working, the taskbar of Windows Vista changes its color to a soft grey instead of the normal grey.

I followed the instructions of the thread: READ & RUN ME FIRST. I attach the logs of SUPERAntiSpyware, Malwarebytes and MGTools. I tried to use ComboFix several times and first it appears a window that it says that it needs to reboot the computer, because it found something and after rebooting approx. 3 times windows shutted down and a blue screen appeared that said: IRQL_NOT_LESS_OR_EQUAL and the normal message of windows asking you if it is the first time this screen appears and to contact someone if thats not the case... I tried to use RootRepeal and it crashed as well. This is the log of the error:

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x004cbf6b
Attempt to read from address: 0x00000004

Thank you very much for your help and try to reply to my post ASAP, because I think the trojan is installing more things in my computer...

TimW · May 6, 2010

I am not seeing any malware in your system. You need to tell me exactly what Nod is finding --> the full path to the file or attach the log.

You need to run CCleaner and clean out this folder:
C:\Windows\Temp\

marjustdoit · May 6, 2010

I don´t know if I still have a trojan, but I´m sure I still have some malwares in my computer. The Host Process for Windows Services often stops working and after that an error message of windows appears telling me there was an error. Apart from that, the taskbar of Windows Vista changes its color to a soft grey instead of the normal grey. In addition, when I am using Firefox, new windows popup and NOD32 keeps blocking URLs (it never happened to me before).

I attach you the logs of NOD32.

Thanks for the help!

TimW · May 6, 2010

Download HostsXpert and then follow the below steps.

Unzip HostsXpert.zip

It will create a folder named HostsXpert in whatever folder you extract it to.

Run HostsXpert.exe by double clicking on it.

Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).

Click Restore Microsoft's Hosts File and then click OK.

Click the X to exit the program

Tell me if that helped.

marjustdoit · May 7, 2010

It didn´t solve the problem. The same problems continue... I attach a picture of the window that appears when the Host Process stops working. Apart from that I don´t like that new windows popup that they are obviously spam and NOD32 blocks URLs the whole time...

Thanks!

TimW · May 7, 2010

Although I don't usually recommend it, download Spyware Doctor and lets see if that will find it.

Also see if these exist on your system:
system32UACdfqsytqwwyfllri.dll
system32UACsnbfuyfvmevqlyg.dll

Log in or Sign up

Olmarik Trojan

marjustdoit Private E-2

Attached Files:

SUPERAntiSpyware Scan Log - 05-04-2010 - 14-26-00.log

mbam-log-2010-05-05 (09-13-19).txt

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

marjustdoit Private E-2

Attached Files:

Nod32 log.jpg

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

marjustdoit Private E-2

Attached Files:

Host Proces Stop.jpg

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member