unknown damage from trojan virus

Discussion in 'Malware Help (A Specialist Will Reply)' started by drunk3nkitty, Oct 11, 2006.

  1. drunk3nkitty

    drunk3nkitty Private E-2

    evening. im doing some routine cleaning on a friends computer when i realised that the comp after shutting down was able to restart with just moving the mouse around. the clock and souncard wernt working, so i got into bios and found that some stuff was out of order. upon fixing that, i got down to try to find the core of the problem. it came from a downloaded movie, a trojan but i didnt catch the name in time because the system crashed too quick. avast picked it up 3 seconds after i opend the file. from what my friend tells me, they opend that file 3 times in the past week and just restarted the comp manually each time. im not sure if the bios problem was caused by the virus or a hacker that managed to sneak in (easier with dsl alway running). i attatched some files, most are already cleaned, this was due to a power outage in our area so i couldnt save one log file from bitdefender. take your time to reply because i will be away on business for 3 days so i wont be able to delete anything that HJT found. i would appreciate any help i can get. thank you for the info and support ahead of time.
    -angelina.
     

    Attached Files:

    drunk3nkitty, Oct 11, 2006
    #1
  2. drunk3nkitty

    drunk3nkitty Private E-2

    last 2 files. again, thanx.:D
     

    Attached Files:

    drunk3nkitty, Oct 11, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    It does not appear that you ran CCleaner. If you had the below folder would not have so much junk in it:

    C:\Documents and Settings\HT\Local Settings\Temp

    Did you run CCleaner and allow it to cleanup?

    Goto Add/Remove Programs and uninstall the below:
    Java 2 Runtime Environment, SE v1.4.0_01 <-- old version not needed
    Morpheus 5.2 (remove only) <-- contains or bundles malware should have been uninstalled in step 0
    Spybot - Search & Destroy 1.3 <--- this is 2 years out of date. You did not follow directions in the READ ME. Uninstall, reboot, and install the correct version.


    Make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKCU\..\Run: [runs] run.exe
    O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
    O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
    O15 - Trusted Zone: http://update.randhi.com (HKLM)
    O16 - DPF: {33331111-1111-1111-1111-611111193423} -
    O16 - DPF: {33331111-1111-1111-1111-611111193429} -
    O16 - DPF: {33331111-1111-1111-1111-615111193427} -
    O16 - DPF: {33331111-1131-1111-1111-611111193428} -
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\system32\vbsys2.dll (file missing)

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    C:\Program Files\Morpheus <--- the whole folder
    C:\Windows\System32\run.exe

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST)    .
    Now reboot in normal mode
    Now Copy the bold text below to notepad. Save it as fixWLK.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Also delete all files in the below folder except ones from the current date (Windows will not let you delete the files from the current day).
    C:\Documents and Settings\HT\Local Settings\Temp

    Now attach a the below new logs and tell me how the above steps went.
    1. GetRunKey
    2. ShowNew
    3. HJT


    Make sure you tell me how things are working now!

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    Last edited: Oct 12, 2006
    chaslang, Oct 12, 2006
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds