Author Topic: Malicious software or Trojan  (Read 21890 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malicious software or Trojan
« Reply #15 on: March 07, 2013, 03:02:35 PM »
OK the JS files returned so we will need to go deeper

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

okym

  • Guest
Re: Malicious software or Trojan
« Reply #16 on: March 10, 2013, 10:34:21 AM »
Between work and other things,finally managed to run ComboFix,log attached as requested.
The control panel now appears to be accessable via the start menu,have not tried to open it as yet,the "malicious URL blocked" pop ups appear to have ceased,still unable to open malwarebytes,got a pop up stating "files waiting to be written to cd" .overall seems to be running better.
Kym

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malicious software or Trojan
« Reply #17 on: March 10, 2013, 12:30:52 PM »
One more run to finish it off then try MBAM again

1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
 
3. Open notepad and copy/paste the text in the quotebox below into it:
 
Quote

File::
c:\documents and settings\Administrator\Start Menu\Programs\Startup\21.js
c:\documents and settings\Bronwyn and Kym\Start Menu\Programs\Startup\21.js
c:\documents and settings\All Users\Start Menu\Programs\Startup\21.js
c:\documents and settings\Default User\Start Menu\Programs\Startup\21.js

Folder::
c:\documents and settings\Bronwyn and Kym\Application Data\6b6

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7d7e7"=-


 
Save this as CFScript.txt, in the same location as ComboFix.exe
 
 
 
 
Refering to the picture above, drag CFScript into ComboFix.exe
 
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

okym

  • Guest
Re: Malicious software or Trojan
« Reply #18 on: March 10, 2013, 09:54:09 PM »
Thanks essexboy,will do this as soon as I get home after work tonight.
Many thanks and kindest regard's,
Kym

okym

  • Guest
Re: Malicious software or Trojan
« Reply #19 on: March 11, 2013, 11:04:24 AM »
OK,
Turned on the pc to run the file as requested.
Control panel had again been disabled,opened an internet connection and immediately got the malicious url blocked pop up again as well as "files waiting to be written to cd"notification.
The ComboFix icon had gone from the desk top as well as the log file from the C drive.
Ran the CFScript.txt as advised,log file attached.
After running the txt file Control panel has returned and MalwareBytes is now accessable.
I thank you for your time so far.
Regard's,
Kym

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malicious software or Trojan
« Reply #20 on: March 11, 2013, 03:42:56 PM »
Yep it created a new folder and startup set in that short period

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Files
C:\6a4
c:\documents and settings\Administrator\Start Menu\Programs\Startup\283.js
c:\documents and settings\Bronwyn and Kym\Start Menu\Programs\Startup\283.js
c:\documents and settings\All Users\Start Menu\Programs\Startup\283.js
c:\documents and settings\Default User\Start Menu\Programs\Startup\283.js

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

okym

  • Guest
Re: Malicious software or Trojan
« Reply #21 on: March 14, 2013, 06:04:47 AM »
Loged back on to check your reply only to find control panel again disabled and malicious URL pop Ups appearing again.Should I still run the otl as requested in your last post.This post is done from my mobile phone.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malicious software or Trojan
« Reply #22 on: March 14, 2013, 03:30:21 PM »
Yes but we will do some additional work as the drive you are plugging in is infected and we need to stop that first

Plug in the drive
Download McShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives


Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

Then run the OTL fix and follow with a fresh scan

 

okym

  • Guest
Re: Malicious software or Trojan
« Reply #23 on: March 14, 2013, 10:32:39 PM »
Will do when I get home tonight.
The drive I plugged in originally has not been connected to the pc since the problem started,that is why I posed my last question.
I hope I have not confused the issue by not stating this earlier.
Regard's,
Kym

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malicious software or Trojan
« Reply #24 on: March 14, 2013, 10:34:20 PM »
Nope but it will catch any autoruns that are hidden on the main drive, and will protect against further infections

okym

  • Guest
Re: Malicious software or Trojan
« Reply #25 on: March 14, 2013, 10:39:05 PM »
Thanks

okym

  • Guest
Re: Malicious software or Trojan
« Reply #26 on: March 23, 2013, 11:34:03 AM »
Hi essexboy,
Sorry to take so long to get back to you,got called away on business at short notice and only just got back.
The MC2 Shield log is attached as requested.
Will now run the fresh OTL fix and post that log when complete.
Regard's,
Kym

okym

  • Guest
Re: Malicious software or Trojan
« Reply #27 on: March 23, 2013, 01:47:57 PM »
Not sure if I have done the fix correctly.
Tried running it in normal mode and nothing happened for over an hour,so I rebooted in safe mode and ran the fix,took a few minutes.
Rebooted and ran the quick scan in normal mode,log attached.
If I have messed things up I am sorry.
Kym

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malicious software or Trojan
« Reply #28 on: March 23, 2013, 01:51:33 PM »
Safe mode, Normal mode.. OTL does not care  ;D

How is the computer behaving now ?  McShield did some nice work and removed some bad boys

Could you attach the new OTL scan please

okym

  • Guest
Re: Malicious software or Trojan
« Reply #29 on: March 23, 2013, 02:07:47 PM »
Sorry I thought that was the log I attached in my last post,obviously not.
MalwareBytes is still unable to be run,control panel still deactivated and malicious pop up warnings still appearing but not as often.
PC is running faster than it was.
My connection manager indicates I am downloading a bucket load of data as well,not sure what or why.
Kym