Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91634 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Trojen infection


  • This topic is locked This topic is locked
33 replies to this topic

#16 mikeonavtx

mikeonavtx

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 12 April 2008 - 03:52 AM

D and G are seperate drives combo fix has been removed

    Advertisements

Register to Remove


#17 mikeonavtx

mikeonavtx

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 12 April 2008 - 03:58 AM

d and g are separate drives, why? yes combofix is out

#18 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 12 April 2008 - 04:03 AM

Hi

Keep all drives connected.


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\mike nordine\Desktop\downloads\daemon4121-lite.exe
    C:\Documents and Settings\mike nordine\Desktop\downloads\MediaTubeCodec.exe
    C:\Documents and Settings\mike nordine\Desktop\SmitfraudFix
    C:\QooBox
    D:\My Documents\My Received Files\Windows_XP_Activation_Crack_by_Evil-Dude.zip
    D:\My Documents\My Received Files\spywaredetectorb.exe
    D:\My Documents\My Received Files\dope-1.5.10.exe
    G:\Azureus Downloads\AVS Video Tools v.5.6.1.715.zip
    G:\DADS STUFF\My Music\dino\dino\stuff\[SPAM] Case ID Number_ PP-120-185-512.eml 
    G:\DADS STUFF\The Hole dayam C Drive!!\Program Files\Internet Explorer\msimg32.dll_old
    G:\DADS STUFF\The Hole dayam C Drive!!\Program Files\Mozilla Firefox\plugins\NPMySrch.dll
    G:\DADS STUFF\The Hole dayam C Drive!!\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.

  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply with a new HijackThis log.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#19 mikeonavtx

mikeonavtx

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 12 April 2008 - 04:06 AM

what the heck is all this?

#20 mikeonavtx

mikeonavtx

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 12 April 2008 - 04:12 AM

C:\Documents and Settings\mike nordine\Desktop\downloads\daemon4121-lite.exe moved successfully. C:\Documents and Settings\mike nordine\Desktop\downloads\MediaTubeCodec.exe moved successfully. C:\Documents and Settings\mike nordine\Desktop\SmitfraudFix moved successfully. File/Folder C:\QooBox not found. File/Folder D:\My Documents\My Received Files\Windows_XP_Activation_Crack_by_Evil-Dude.zip not found. D:\My Documents\My Received Files\spywaredetectorb.exe moved successfully. D:\My Documents\My Received Files\dope-1.5.10.exe moved successfully. G:\Azureus Downloads\AVS Video Tools v.5.6.1.715.zip moved successfully. < G:\DADS STUFF\My Music\dino\dino\stuff\[SPAM] Case ID Number_ PP-120-185-512.eml > File/Folder G:\DADS STUFF\My Music\dino\dino\stuff\[SPAM] Case ID Number_ PP-120-185-512.eml not found. File/Folder G:\DADS STUFF\The Hole dayam C Drive!!\Program Files\Internet Explorer\msimg32.dll_old not found. File/Folder G:\DADS STUFF\The Hole dayam C Drive!!\Program Files\Mozilla Firefox\plugins\NPMySrch.dll not found. File/Folder G:\DADS STUFF\The Hole dayam C Drive!!\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll not found. OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04122008_051034

#21 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 12 April 2008 - 04:21 AM

what the heck is all this?


All what?
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#22 mikeonavtx

mikeonavtx

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 12 April 2008 - 04:22 AM

are all those files listed "bugs"?

#23 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 12 April 2008 - 04:47 AM

They are infected and need to go. Let's try again.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    D:\My Documents\My Received Files\Windows_XP_Activation_Crack_by_Evil-Dude.zip
    G:\DADS STUFF\My Music\dino\dino\stuff\[SPAM] Case ID Number_ PP-120-185-512.eml
    G:\DADS STUFF\The Hole dayam C Drive!!\Program Files\Internet Explorer\msimg32.dll_old
    G:\DADS STUFF\The Hole dayam C Drive!!\Program Files\Mozilla Firefox\plugins\NPMySrch.dll 
    G:\DADS STUFF\The Hole dayam C Drive!!\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.

Post back now with the OTMoveIt, MBAM and new HijackThis logs, please.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#24 mikeonavtx

mikeonavtx

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 12 April 2008 - 04:54 AM

File/Folder D:\My Documents\My Received Files\Windows_XP_Activation_Crack_by_Evil-Dude.zip not found. < G:\DADS STUFF\My Music\dino\dino\stuff\[SPAM] Case ID Number_ PP-120-185-512.eml > File/Folder G:\DADS STUFF\My Music\dino\dino\stuff\[SPAM] Case ID Number_ PP-120-185-512.eml not found. File/Folder G:\DADS STUFF\The Hole dayam C Drive!!\Program Files\Internet Explorer\msimg32.dll_old not found. File/Folder G:\DADS STUFF\The Hole dayam C Drive!!\Program Files\Mozilla Firefox\plugins\NPMySrch.dll not found. File/Folder G:\DADS STUFF\The Hole dayam C Drive!!\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll not found. OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04122008_055120

#25 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 12 April 2008 - 04:59 AM

Okay, run MBAM now.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

    Advertisements

Register to Remove


#26 mikeonavtx

mikeonavtx

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 12 April 2008 - 05:04 AM

running now. its going to take awhile, one of the other scans you had me do took like 5 hours!! I think it was kaspersky

#27 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 12 April 2008 - 05:09 AM

MBAM is quicker.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#28 mikeonavtx

mikeonavtx

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 12 April 2008 - 05:12 AM

ok

#29 mikeonavtx

mikeonavtx

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 12 April 2008 - 01:38 PM

MBAM still took 4 hours!! But it found a few things and took them out pretty good for a free program!! here is the log file Malwarebytes' Anti-Malware 1.11 Database version: 615 Scan type: Full Scan (C:\|D:\|G:\|) Objects scanned: 419133 Time elapsed: 3 hour(s), 14 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 28 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: G:\DADS STUFF\The Hole dayam C Drive!!\Program Files\Internet Explorer\msimg32.dll_old (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ntnut32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.

#30 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 12 April 2008 - 03:45 PM

Ok, let me make sure I got everything.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply

This scan will take only minutes, I promise.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users