Removing Trojan

microlion · Feb 2, 2008

Hi I have had several trojans.
Followed your instructions.
Attaching log files.

Dan

abri · Feb 2, 2008

Hi microlion!
Welcome to the Malware Forum!

Please do the following:

1) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {5B744DA8-A3B2-44D8-9D8D-1E08740B3433} - C:\Program Files\Online Services\vihyC:\DOCUME~1\Becky\LOCALS~1\Temp\mst455101.exe.dll (file missing)

After you click fix, just close hijackthis.

2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run
Disable/Remove Windows Messenger

3) Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop

Run avenger.exe by double-clicking on it.

Check the 'Input script manually' box.

Click on the magnifying glass icon.

Copy everything in the Quote box below, and paste it in the box that opens:

Folders to delete:

C:\WINDOWS\system32\ACADAAAAAEADAD

Files to delete:

C:\WINDOWS\system32\L761A.tmp
C:\WINDOWS\system32\LFF6F.tmp

Registry keys to delete:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B744DA8-A3B2-44D8-9D8D-1E08740B3433}

Click to expand...

Now click the 'Done' button.

Click on the traffic light icon and OK the prompt.

You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.

A log file from Avenger will be produced at C:\avenger.txt

4) Please run CCleaner at the default setting with the windows tab as the one on top.

5) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.

Let me know how things are running now?

abri

microlion · Feb 3, 2008

Thanks..

I have not seen not any more alerts.....

I have attached the items....

Again thanks..

abri · Feb 3, 2008

Hi microlion,
Your logs look good. Please follow our final cleanup instructions which include setting a clean restore point.
Thanks.

Your logs look good. If you're not experiencing any malware symptoms, please do the following:

If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, and the C:\combofix.txt log that was created.

If we had you run Avenger, you can delete all files related to Avenger now.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

Go to add/remove programs and uninstall HijackThis.

Then go into Windows Explorer and find MGTools directly under C:\ (or the root drive where your operating system is installed).

Open the MGTools folder and delete the contents.

Then delete the folder itself.

Look for any leftover logs on your desktop and if found delete them

Run CCleaner

After you've completed the above, please follow the instructions at this link for setting a clean restore point. Disable and Enable System Restore!

Once you've done this, please take a look at the link that follows. It's a good read and has some good information to help you prevent further malware invasions.

How to Protect Yourself from Malware

Let us know how things went!
Click to expand...

abri

microlion · Feb 3, 2008

Thanks....

abri · Feb 3, 2008

You're welcome!
Safe surfing!

Log in or Sign up

Removing Trojan

microlion Private E-2

Attached Files:

Report-Scan-20080202-120210.txt

MGlogs.zip

ComboFix.txt

abri MajorGeek

microlion Private E-2

Attached Files:

MGlogs.zip

avenger.txt

abri MajorGeek

microlion Private E-2

abri MajorGeek