TrojanDownloader.xs+antispyware-reviews.biz

Discussion in 'Malware Help (A Specialist Will Reply)' started by jackrr, Mar 29, 2008.

  1. jackrr

    jackrr Private E-2

    I picked up some kind of Malware while surfing the Web on March 25, 2008. The symptoms are:
    -The desktop background changed to all blue with a warning message about spyware on it. (I managed to get back my old background)
    -every so often one of two warning windows pop up;
    1) window says "Security system protection control panel"
    ! possible spyware infection detected to remove detected threat click here....a web page opens from "Antispyware-Reviews.biz". This page gives you a choice to download or buy "PC-Antispyware or PC-Cleaner"
    2)Window says "Security system warning"
    Alert details: File c:\windows\wml.exe
    Threat Abebot
    Click here to visit PC-Antispyware web site
    -Also a yellow triangle with a pop up "Security system Warning" balloon is on the task bar.

    I completed all steps in "Read & Run Me First. Malware Removal Guide" and I still have the problem.
    I wonder if someone can please come up with a fix. These pop up windows are so maddening. I have a Toshiba laptop running Windows XP. Attached are the requested logs. I hope I got the proper logs.
     

    Attached Files:

    jackrr, Mar 29, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!


    I see you recently installed Spyware Terminator. Did you really want to use the Crawler Toolbar feature that you allowed to install?

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKCU\..\Run: [ckyhznrj] C:\WINDOWS\system32\sjoxyhof.exe
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

    After clicking Fix, exit HJT.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\User\Local Settings\Temp

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

    Make sure you tell me how things are working now!
     
    chaslang, Mar 30, 2008
    #2
  3. jackrr

    jackrr Private E-2

    chaslang, I followed all your steps and had success. This is the second day now with no pop ups. I can't thank you enough. It has been a whole week that I have being fighting this infection. Thank you so much for bailing me out. I am so grateful that you, who doesn't know me at all, would take the time to find a solution to my problem.

    The files that you requested are attached. Just one more question, should I toggle System Restore as mentioned in the Cleaning Procedure or should I just leave things alone?

    Thanks again, Jack
     

    Attached Files:

    jackrr, Mar 31, 2008
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds