Project1 Removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by h2o0001, Sep 28, 2006.

  1. h2o0001

    h2o0001 Private E-2

    Hi Guys

    I was stung by Project1, and I have run through the processes involved in the "READ AND RUN FIRST" post (which was helpful and well explained, so thank you Major Attitude) I have the attached logs. The impass I have now hit is that I don't know what to look for in the logs that will identify some malicious software, so if someone could give it a quick glance that would be most helpful.

    Thanks
    Tim
     

    Attached Files:

    h2o0001, Sep 28, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi and Welcome

    Could you also attach the ShowNew and GetRunKeys logs as well :)
     
    DavidGP, Sep 29, 2006
    #2
  3. h2o0001

    h2o0001 Private E-2

    Sure thing. I thought I had but obviously not! Here they are...
     

    Attached Files:

    h2o0001, Sep 29, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You must attach the correct log from ShowNew. The file is names newfiles.txt as stated in the procedure for using ShowNew.
     
    chaslang, Sep 30, 2006
    #4
  5. h2o0001

    h2o0001 Private E-2

    Whoops sorry! Here it is...
     

    Attached Files:

    h2o0001, Oct 2, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you know what the below items on your Desktop are?
    Code:
    C:\Documents and Settings\Tim Waterman\Desktop\
110inst.exe    1 Oct 2006   147394872  "110inst.EXE"
JYHFCJ         1 Oct 2006              "jyhfcj"
YES           25 Sep 2006              "yes"
    First install the current version of Sun Java from: Sun Java Runtime Environment

    Then uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 8
    Java 2 Runtime Environment, SE v1.4.2"

    Make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKLM\..\Run: [CheckDiskOnce] chkdisk.exe

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\Program Files\Deskbar <--- the whole folder
    C:\WINDOWS\system32\chkdisk.exe
    C:\WINDOWS\keyboard1.dat

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST).

    Now reboot in normal mode
    Now Copy the bold text below to notepad. Save it as fixWLK.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\Tim Waterman\Local Settings\Temp

    Now attach a the below new logs and tell me how the above steps went.

    1. GetRunKey
    2. ShowNew
    3. HJT
    Make sure you tell me how things are working now!

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Oct 3, 2006
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds