win32.Tiny.abk - I need help!

Hi,

I am not sure when or how it happened, but I ran Spybot last week and it found the win32.tiny.abk trojan. It says it removes it, but it appears again when I run Spybot again. Also, I cannot download or save anything from the web onto my hard drives: I get the message "Cannot copy filename[1]: Access is denied" The error message adds the '[1]' to the filename. When I try to run a exe I get the message "Windows cannot access the specified device, path or file".

Attached are the log files as per the cleanup steps:

 

Anybody out there???? Please guys, some response would be good.

Thanks...

 

Hi Bernie,
Welcome to Major Geeks!

Please don't bump your posts as it leads you to have to wait longer. We work through a lot of threads everyday, but there seem to still be more than we can get done in a day.

Please begin by going to Special Removal Procedures. Find the scan for Rustock and run it. Let me know the results of this.


What I noticed when I looked at your MGlogs is that your hijackthis log is missing.

After you run the Rustock scan, please go to your root drive and find the MGTools folder. Open it and see if the file analyse.exe is there. If so, double click on it and when it opens, select the option to do a system scan and produce a log. If that works, please attach the log with your next post. If it doesn't work, please let me know if there is an error of some type.

abri

 

Hi Abri,

I tried to run rustbfix, but I get the error "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item"

I did run analyse though - here is the log.

And thanks for helping...
Bernard

 

Hi BernieSA,

1) What is this?

F:\From C Drive

2) Please rename the following file:

F:\WINDOWS\system32\3klagia.dll ------> 3klagia.dll.zzz


3) Go to add/remove programs and uninstall the below:

Spyware Doctor <----------- uninstall this if it's the trial version
Java(TM) 6 Update 4

4) Reboot after uninstalling the above.

5) Install the current version of Sun Java from: Sun Java Runtime Environment

6) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O20 - Winlogon Notify: byxyxyw - byxyxyw.dll (file missing)

After you click fix, just close hijackthis.


7) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

8) Now run CCleaner in the default setting with the Windows tab as the one on top.


9) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

Hi Abri,

I did all the instructions...some comments:
1) I installed XP onto the F drive, and then copied all my docs from C, and then formatted C: (so these are those docs!)

2) Had to rename the file in SAFE MODE as it would not allow me to do it in normal mode.

3)4)5)6) no problems

7)Ran Avenger (must have made a typo, but ran it again)
On reboot, got the error that F:\Cleaner.exe "Windows cannot access the specified device, path of file"

8)9) Ran okay - logs attached.

The machine seems to be running fine now. I also had a problem when I connected to my ISP, that there was continuous sending and receiving while connected - that is also now sorted out. Thanks...

Which firewall and antivirus S/W would you recommend?

 

Hi bernie!

Small things to remember when attaching the logs. Remember to upload them. Remember you need a message with them of at least 4 characters.

abri