trojan injector.EL

Discussion in 'Malware Help (A Specialist Will Reply)' started by cookiefaerie, Sep 3, 2009.

  1. cookiefaerie

    cookiefaerie Private E-2

    I've had this trojan on my computer for a while now, haven't been able to take the time to remove it...it's been quite a few months.

    AVG recognizes it but can't really remove it (says it's been moved to virus vault but it keeps appearing) - it opens everytime a browser is opened (FF or IE), and occasionally a warning will just randomly pop up. Very rarely, random commercials will start playing, even if no programs are open at all. I'm fairly certain that the virus is why I can't run very many programs at once without everything slowing to a crawl, but that's just a guess (I have a ton more storage space, so I don't think that's a problem at all).

    This particular trojan blocks a lot of the malware removal programs as well (I had to rename SAS and MB to even run them, but partway through scans they just stopped).

    As you can see, I only have 2 of the 5 logs, the MB and SAS scans froze whenever I tried running them, and the ComboFix...I couldn't shut down my spyware programs all the way (I'm probably just missing something obvious) so I didn't want it to run and potentially mess up my computer even more. The last two, Root Repeal and MGTools worked just fine.

    I've probably forgotten to include some very important information, I'm not very tech-y at all...

    Thank you for your help, I'm getting very frustrated with this!
     

    Attached Files:

    cookiefaerie, Sep 3, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please double-click the RootRepeal.exe previously downloaded.

    * Select File then Scan
    * On the Select Drives form select drive [ insert drive infected here ] by "ticking" the box for drive [insert drive here] and click OK
    * When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
    C:\Windows\System32\MSIVXcount
    C:\Windows\System32\MSIVXexsnppoivyortcfgiqwvoxpwwwdnberu.dll
    C:\Windows\System32\MSIVXutwgfrmttetghvucouuxpjpvhdxfvtbi.dll
    C:\Windows\System32\drivers\MSIVXlqpuxjoepxricbramryekskqihdpvefx.sys
    C:\programdata\microsoft\search\data\temp\usgthrsvc\ntfb691.tmp
    C:\programdata\microsoft\search\data\temp\usgthrsvc\ntfb692.tmp
    * After Wiping all files, immediately reboot your pc!

    After reboot, download/install/update and run the scanning tools you couldn't run!
     
    TimW, Sep 7, 2009
    #2
  3. cookiefaerie

    cookiefaerie Private E-2

    Thanks! Here's the logs for MB and SAS. I've stopped getting warnings from AVG when I open Firefox, so it seems like there's progress!
     

    Attached Files:

    cookiefaerie, Sep 8, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I need you to run ComboFix and then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, Sep 13, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds