Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91734 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Please help remove: Trojan winself.exe; not good


  • This topic is locked This topic is locked
24 replies to this topic

#16 Clint

Clint

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 12 May 2008 - 11:34 AM

I did those steps. host.txt below: # Copyright 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # 127.0.0.1 localhost

    Advertisements

Register to Remove


#17 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 12 May 2008 - 06:20 PM

There is no problem with that hosts file, is WinPatrol still alerting you to changes?
ASAP & UNITE Member

#18 Clint

Clint

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 13 May 2008 - 11:02 AM

yes it is.

#19 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 13 May 2008 - 07:30 PM

Please try this:

Reset your hosts file as per the previous instructions, wait for WinPatrol to alert you to the change and allow it.
Then lock your hosts file as follows:
Download lockhost.bat to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
Then double-click lockhost.bat to run it.

You may be given another alert by WinPatrol because you have modified the hosts file, allow this change, then reboot and see if you receive any further warnings.
Once everything is complete, please copy the hosts file to your Desktop and post it again so I can check it's still OK:
Press Start->Run and copy/paste the following command into the box and press OK:

cmd /c copy "C:\windows\system32\drivers\etc\hosts" "%userprofile%\desktop\hosts2.txt"

A file called hosts2.txt will appear on your Desktop, please post the contents in your next response.
ASAP & UNITE Member

#20 Clint

Clint

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 14 May 2008 - 05:03 PM

I will be travelling away from the office for a week and will not have access to this computer. I want to keep working on this. Will this thread still be available in a week?

#21 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 14 May 2008 - 08:52 PM

Yes no problem, but if you need longer please post to let me know you are coming back so it isn't closed as inactive.
ASAP & UNITE Member

#22 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 26 May 2008 - 07:52 PM

Do you still need help?
ASAP & UNITE Member

#23 Clint

Clint

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 28 May 2008 - 11:38 AM

There are no more notices of host file change attempts and computer seems to be functioning at a reasonable speed. Thank you for your help, it is greatly appreciated. And thanks for posting replies so quickly while we were at it.

#24 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 28 May 2008 - 07:38 PM

Hi Clint,

You're most welcome and I'm glad to hear things are running better. Here are some important final steps:

If you have not already done so, please delete gmer.exe and dss.exe from your Desktop, also delete this folder:

C:\Deckard


Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

------------------------------------------------------------------------
If the above went well, I think your machine is clean of malware, here are some tips to help you keep it that way:

You have good protection software installed however please ensure it is kept up to date. Check that your antivirus and antispyware programs are set to automatically update themselves daily, and that your firewall is the latest version.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Find out more about how to prevent infection in the future
http://forum.malware...pic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.

Edited by silver, 28 May 2008 - 07:38 PM.

ASAP & UNITE Member

#25 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 04 June 2008 - 06:59 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
ASAP & UNITE Member

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users