[Resolved] Trojan.Script.Iframer possible infection
#1
Posted 11 October 2009 - 06:36 PM
Register to Remove
#2
Posted 12 October 2009 - 11:23 AM
Welcome to What the Tech.
My name is OCD, I will be helping you with your log today.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.
I am checking over your logs now, I will post back shortly with instructions.
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#3
Posted 12 October 2009 - 06:16 PM
- You may want to print out these instructions for reference prior to proceeding.
- This solution is specifically tailored for this particular problem, please do not attempt to use this solution on another computer.
- If you have any questions, or are uncertain about any steps please ask 'before' proceeding.
It appears that the page you were attempting to view was infected withTrojan.Script.Iframer - and to cancel the page. I did but my IE is acting strange. Some scripts on the page aren't working and my add-ons will not work either.
On kaspersky it says that the virus threat is detected but I'm worried my machine might have still gotten it.
the Trojan.Script.Iframer and your Kaspersky protection acted properly. You can read more about it here
But I would like to dig a bit deeper to be sure we aren't missing anything.
- - - - - Next - - - - -
Please download Sysprot Antirootkit from here
Unzip it into a folder on your desktop.
- Right click Sysprot.exe and select "Run as Administrator" to start the program.
- Click on the Log tab.
- In the Write to log box select all items.
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to.
- Open the text file and copy/paste the log here.
On your next post please provide the following:
- Sysprot log
- Tell me how your computer is running at the moment.
Edited by OCD, 12 October 2009 - 06:22 PM.
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#4
Posted 13 October 2009 - 08:48 PM
#5
Posted 14 October 2009 - 10:41 AM
Please update your Internet Explorer to Version 8 by going here and following the onscreen menu to select the correct version for your Operating System
If this solves your problem, skip the very next step and continue with the remainder of the steps.
- - - - - Next - - - - -
While browser add-ons can enhance your online experience, they can occasionally interfere or conflict with other software on your computer.
Try starting Internet Explorer without add-ons to see if the problem goes away. Here's how:
Click the Start button , > > All Programs, > > Accessories, > > System Tools, and then click Internet Explorer (No Add-ons).
- - - - - Next - - - - -
Please download OTM by OldTimer.
- Save it to your desktop.
- Right - click OTM and select "Run as Administrator" to run this tool.
- Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes explorer.exe :Services 0301941240878354mcinstcleanup :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "73F7F495-A325-4C52-BE48-5F97FA511E89"=- [-HKEY_CLASSES_ROOT\CLSID\{73F7F495-A325-4C52-BE48-5F97FA511E89}] [HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions] "11316B13-33F0-4C9F-BD55-09994CCFA8EB"=- :Files :Commands [purity] [emptytemp] [start explorer] [Reboot]
- Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTM
- - - - - Next - - - - -
Run the following scan: Eset Online Scanner
(you will need Internet Explorer to run this scan)
You will need to run this scan with Administrator privileges:
- Simply hit the button “Restart browser as Admin” in ESET Online Scanner or
- Right-click on the browser icon in the Start Menu and select "Run as administrator" from the context menu.
- Place a check mark in the box YES, I accept the Terms Of Use
- Click the Start button.
- Now click the Install button.
- Click Start. The scanner engine will initialize and update.
- Do Not place a check mark in the box beside Remove found threats.
- Click the Scan button. The scan will now run, please be patient.
- When the scan finishes click the Details tab.
- Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.
On your next post please provide the following:
- OTM log
- ESET log.txt
- Any change in computer performance?
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#6
Posted 16 October 2009 - 09:48 PM
#7
Posted 17 October 2009 - 09:38 AM
Your last reply wasn't entire clear to me, therefore I have a few questions.
- What version of IE are your running - IE7 or IE8?
- Did you uninstall and reinstall Flash & Java, or was it a fresh install?
I'd like for you to try and run this online scan since you experienced difficulty with ESET
The below scan can take up to an hour or longer, please be patient.
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.
Please do a scan with Kaspersky Online Scanner or from here
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer.
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run. (At times it may appear to stall)
- Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
- Once the scan is complete, click on View scan report To obtain the report:
- Click on: Save Report As
- Next, in the Save as prompt, Save in area, select: Desktop
- In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
- Then, click: Save
- Please post the Kaspersky Online Scanner Report in your reply.
http://i275.photobuc...ng/KAS/KAS9.gif
(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozil...efox/addon/1419
- - - - - Next - - - - -
On your next post please provide the following:
- Kaspersky log
- Answers to the questions posted above
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#8
Posted 19 October 2009 - 09:57 PM
Argh! Kaspersky is giving trouble too. I shut off my anti-virus and anti-spyware programs but it still won't work. This is the message that I get :
Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Key is expired]
#9
Posted 20 October 2009 - 02:06 PM
Please re-run DDS and post the new logs generated.
Be sure to disable your script blocking software BEFORE running the DDS scan. Use the link below if you need assistance.
- Disable any script blocking protection (How to Disable your Security Programs) < - - Important
- Right click DDS icon and select "Run as Administrator" to run this tool (may take up to 3 minutes to run)
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
On your next post please provide the following:
- Post the contents of the DDS.txt report in your next reply
- Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#10
Posted 22 October 2009 - 09:48 PM
Attached Files
Register to Remove
#11
Posted 23 October 2009 - 10:41 AM
Your log shows remnants of a program called SiteHound.
Please go to Start > All Programs > Firetrust > SiteHound > Uninstall
- - - - - Next - - - - -
Congratulations, your logs appear clean. Now for a little housekeeping and my recommendations to help you stay clean.
- - - - - Next - - - - -
Clean up with OTM
- Right-click OTM.exe and select Run As Administrator... to run it.
- Click the CleanUp! button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes, if not delete it by yourself.
You can now delete any other tools I had you download and use, unless you wish to keep them.
(they should be located on your desktop, if they are no longer there just continue)
- DDS
- Sysprot
Here comes the "All Clean Speech":
You need to set a new clean System Restore Point
System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points
We need to set a new system restore point:
Click Start > Run > copy and paste the following into the run box:
%SystemRoot%\System32\restore\rstrui.exe
Name it (something you'll remember) and click Create,
when the confirmation screen shows the restore point has been created click Close.
- - - - - Next - - - - -
Now remove all previous Restore Points:
Click Start > Run > copy and paste the following into the run box:
cleanmgr
Click on the Yes button.
When finished, click on Cancel button to exit.
- - - - - Next - - - - -
You don't appear to have a Firewall enabled, please download one of these and install it before you continue.
Firewall:
- Comodo - http://www.personalf...all.comodo.com/
- Outpost Firewall FREE - http://www.agnitum.c...ts/outpostfree/
Here are some tips to reduce the potential for spyware infection in the future:
Automatic Updates:
The easiest way to ensure you don't miss any of the critical Windows Updates is to set your computer up to receive Automatic Updates.
To set your computer up for Automatic Updates please do the following:
- Click Start button > All Programs > Windows Update > Change Settings.
- Make sure that Automatic Updating is checked.
- Click OK
- Close the Control Panel.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab.
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
For Firefox, I highly recommend this add-on to keep your PC even more secure.
NoScript - for blocking ads and other potential website attacks
You are using Kaspersky Anti-Virus as your anti virus software. It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Firewall - I cannot stress how important it is that you keep the Firewall on your computer active at all times. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
Update all security programs regularly - Make sure you update all the programs regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.
Remember to have only one (1) Firewall and one (1) Anti-Virus program running at any one time.
I would also suggest you read "So how did I get infected in the first place"?: by Tony Klein
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#12
Posted 25 October 2009 - 10:29 AM
#13
Posted 26 October 2009 - 11:06 AM
You can try a complete Flash Player uninstall/reinstall as follows:Do you have any ideas how to get flash player installed on my laptop? Every time I try to download I get the error notice: "Installation is corrupt! (16248.203.296-73272352.80040154.FFFFFFFF.80070424)"
- Download the Flash Player Uninstaller (save to disk)
- Download the Offline ActiveX Installer (save to disk)
- Close all browser windows,
- Run the Flash Player Uninstaller
- Followed by the ActiveX Installer
- Reboot, if not prompted to do so.
For your general knowledge, this portion of the forum is for malware removal only.
Since the above issue is not malware related, if the above solution does not remedy the situation please feel free post in the Windows Help Forum.
Please be sure to include a link to this thread so the person that assists you can review what we have already tried.
Link to your thread: http://forums.whatth...on_t107557.html
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#14
Posted 26 October 2009 - 05:43 PM
#15
Posted 27 October 2009 - 07:09 AM
You log is free of malware. SiteHound by Firetrust is not malware.But the problem is the Sitehound. Kaspersky labeled it as a virus last time and I tried to remove it. If it shows in the log is it still there?
Sometimes tools that are used to monitor attacks on your computer are flagged by other scanning tools as malicious because of the way they interpret each others actions.
Quote taken from http://www.firetrust...ducts/sitehound
SiteHound is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
Today the most common route for attacks on your computer is through your web browser as you surf the web. Everyday, people around the world fall victim to online fraud, scams, security vulnerabilities and malware while surfing the web, and most people realise before its too late.
SiteHound solves this alarming security gap by working with some of the world’s leading security watchdogs to provide you with instant and real-time protection for you as you surf the web.
Powered by a unique database created by a global community of users and experts who actively report potentially malicious websites, SiteHound ensures you surf the web safely by providing you with an unprecedented level of protection from fraud, phishing, spyware, adware, security risks, spam, viruses, online scams, adult and offensive sites and fake anti-spyware products.
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users