Trojan Removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by biogal, Feb 4, 2014.

  1. biogal

    biogal Private E-2

    Hi y'all

    I got infected with a Trojan from a flashdrive yesterday, and I need help getting rid of it. AVG is calling it "Trojan horse SHeur3.CNBC". (The specific file name is in Chinese characters- but the owner of the flash drive from whence it came is Chinese & had lots of Chinese text files, so I'm not surprised. I don't know if that makes a difference; I'm just trying to provide as much detail as possible!) AVG keeps identifying it and rebooting to remove it, but that's not working.
    This is on a Lenovo IdeaPad U410 laptop.
    At first I didn't notice any symptoms, but now I am experiencing a lot of pop-ups and redirects in Google Chrome.
    I worked my way through the "READ & RUN ME FIRST" protocol, including the "Fixing Google Ridirection/Hijacking Problems" portion. This doesn't seem to have fixed anything yet. I am attaching the logs for everything that I ran.
    Hopefully someone here can help me! Thanks for any suggestions.
     

    Attached Files:

    biogal, Feb 4, 2014
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there and welcome. :)

    I still need to see the MGlogs.zip from running MGTools.exe please. Thanks.
     
    Kestrel13!, Feb 5, 2014
    #2
  3. biogal

    biogal Private E-2

    Here it is. Thanks for taking a look!
     

    Attached Files:

    biogal, Feb 5, 2014
    #3
  4. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, biogal

    You need to attach the entire C:/MGlogs.zip file - not an individual log file found inside of it.

    dr.m
     
    dr.moriarty, Feb 5, 2014
    #4
  5. biogal

    biogal Private E-2

    ok. thanks dr. m
    I think this is the right file.
     

    Attached Files:

    biogal, Feb 5, 2014
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Are you purposely set up to use a proxy?
     
    Kestrel13!, Feb 5, 2014
    #6
  7. biogal

    biogal Private E-2

    No. That's not intentional.
     
    biogal, Feb 5, 2014
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Re run Hitman and have it remove items under the heading: Potential Unwanted Programs



    Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate this detection:
    • [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:57585;hxxps=127.0.0.1:57585 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

    Place a checkmark next to this item, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.




    Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

    • cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
    • nwktst<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
    • GRK64 <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
    • SN64 <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
    • analyse <-- this attempts to run HijackThis. Be sure to click the Accept button twice in the license agreement popup or it will just sit there and wait.

    Now attach the new MGlogs.zip
     
    Kestrel13!, Feb 6, 2014
    #8
  9. biogal

    biogal Private E-2

    Ok, I tried to follow your instructions, but I'm feeling a little clueless because I'm not getting everything to work.

    I tried to run Hitman, but I didn't see a Potential Unwanted Programs heading. I'm attaching a screenshot of the scan results I saw.

    I also ran RogueKiller. I couldn't find the detection you specified. I'm attaching a screenshot of my Registry tab. Perhaps one of the items is what I'm looking for, I'm not sure.

    I think I ran MGtools from the command prompt window correctly though, so here is the new MGlog.zip file. I didn't see any error messages during this process.

    Thanks for walking me through all this.
    biogal
     

    Attached Files:

    biogal, Feb 6, 2014
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.



    With Hitman, I want you to get it to remove the Rocketfuel, conduit items.

    Now rescan with it again and attach the fresh log for me to see please.
     
    Kestrel13!, Feb 7, 2014
    #10
  11. biogal

    biogal Private E-2

    I got a success message about adding that to the registry.

    Also, attaching the newest log from Hitman.
     

    Attached Files:

    biogal, Feb 7, 2014
    #11
  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hitman is just showing ONE more to be rid of :)


     
    Kestrel13!, Feb 9, 2014
    #12
  13. biogal

    biogal Private E-2

    Got that last one!
     

    Attached Files:

    biogal, Feb 9, 2014
    #13
  14. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    How is everything currently running?
     
    Kestrel13!, Feb 10, 2014
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds