Zlob infection

Discussion in 'Malware Help (A Specialist Will Reply)' started by rhackerjr, Mar 5, 2008.

  1. rhackerjr

    rhackerjr Private E-2

    Can someone please look at my logs to see if I am clean?? I did the smitfraud fix by siri and performed the read me run me thread.. Spybot found a system service threat "Virusschlacht" never seen that before.. Here are my logs any help would be greatly appreciated Thanks..
     

    Attached Files:

    rhackerjr, Mar 5, 2008
    #1
  2. rhackerjr

    rhackerjr Private E-2

    Also here is my smitfraud report..
     

    Attached Files:

    rhackerjr, Mar 5, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is important to not skip steps in the instructions. Please go back to step 1 of the READ ME and follow the instructions for putting your PC into Normal Startup mode and keep your PC in this mode. You should read this: Dealing with Startup Processes

    After doing the above, continue with the below.


    Uninstall the below old versions of software:
    IBM 32-bit Runtime Environment for Java 2, v1.4.2

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [License] locker.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
    O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
    O11 - Options group: [JAVA_IBM] Java (IBM)

    After clicking Fix, exit HJT.


    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::
 
FileLook::
C:\WINDOWS\DCEBoot.exe

File::
C:\WINDOWS\locker.exe
C:\WINDOWS\WinLockDll.dll
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure y
     
    chaslang, Mar 8, 2008
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds