Author Topic: i need some help  (Read 10413 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: i need some help
« Reply #15 on: July 27, 2006, 05:49:59 PM »
That removal link isn't a removal tool but an invitation to buy RegRun. I don't like that tactic, give the person a headache (tell them whats wrong) and then sell them an asprin.

No that was just a link to describe the problem

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: i need some help
« Reply #16 on: July 27, 2006, 07:50:45 PM »
That removal link isn't a removal tool but an invitation to buy RegRun. I don't like that tactic, give the person a headache (tell them whats wrong) and then sell them an asprin.

No that was just a link to describe the problem
What I referred to was this 'greatis.com/appdata/d/m/mscomm32.exe_Removal.htm' it makes it look like a removal link when there is very little information about the problem:
Quote
Dangerous MSCOMM32.EXE - Dangerous
mscomm32.exe
    MSCOMM32.EXE is Trojan/Backdoor BBQ.
    Kill the process MSCOMM32.EXE and remove MSCOMM32.EXE from Windows startup using RegRun Reanimator.

So there is virtually no information and is really trying to get you to buy RegRun to resolve the problem.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: i need some help
« Reply #17 on: July 28, 2006, 06:18:16 PM »
Oops wrong link, I was looking at 3 or 4 at the time http://www.trendmicro.com.au/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=TROJ_SMALL.BBQ that was the one I meant to drop sorry

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: i need some help
« Reply #18 on: July 28, 2006, 06:30:11 PM »
Which was the one I gave in reply #2 but with a meaningful name Troj_Small.BBQ info ;D ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Paul14

  • Guest
Re: i need some help
« Reply #19 on: July 29, 2006, 03:54:20 AM »
hey guys i got rid of the trojan thanks every1 for ur help but now im hvin other issues i tried to update java as some1 said but it said the computer is runnin in safe mode when i had to download activex components i hve also had the same error tryin to update windows i got an error code and had a look round and it also said the computer is runnin in safe mode and avast still wont work am gettin the same error msg

scanning with ewido now says i am infected wih downloader.small.cjv in these files
c:\w.exe
c:\windows\lb.exe

and also infected with backdoor.shbot.b in these files
c:\windows\system\svchostw.exe
c:\windows\system\svchostw.dll
c:\windows\system\svchctrl.exe
c:\windows\system\regserv.exe
c:\windows\system\regserv.dll

what do i do with these files can i just delete them i removed some of the last ones from startup with hijackthis thanks guys

doc_esb

  • Guest
Re: i need some help
« Reply #20 on: July 29, 2006, 10:47:14 AM »
Hello, Paul14.

Open up the ewido program again.
  • The program will prompt you to update, click the "OK" button
  • The program will now go to the main screen


You will need to update ewido to the latest definition files.

  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.  After the updates are installed, exit ewido.


Now, open up HijackThis again, Do a system scan only, and when it finishes, place a check before the following lines if present:

O4 - Global Startup: MSCOMM32.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

Then make sure ALL windows are closed except HijackThis and hit the "Fix checked" button.

You may want to print out the following instructions as you will not have internet access from Safe Mode:

Now, boot the computer into Safe Mode.  Click here for instructions on how to boot into Safe Mode.

In Safe Mode, navigate to C:\WINDOWS\System32 and delete the file named sistray.exe if present.

Now, click "Start", then click on "Search", then click "All files and folders". Then click "More advanced options". Place a check in the boxes by "Search system folders", "Search hidden files and folders", and by "Search subfolders". Now, in the top box, type in MSCOMM32.EXE and hit the "Search" button. Let it search the system and when it finds the file, right-click on that file only and then click "Delete".  Then click "Yes" to confirm the file deletion.


Still in Safe Mode, open ewido again.
Note: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process.  Be patient this may take a little time.
Once the scan is complete do the following:
  • If you have any infections you will prompted, chose to have ewido fix them, then select "Apply to all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your desktop.
  • Close Ewido and reboot your system back into Normal Mode.
Run HijackThis again from Normal Mode now, and this time save a logfile and post it back here along with the ewido report that you saved.  I need to see the entire ewido report.
« Last Edit: July 29, 2006, 11:23:21 AM by doc_esb »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: i need some help
« Reply #21 on: July 29, 2006, 02:35:46 PM »
scanning with ewido now says i am infected wih downloader.small.cjv in these files
c:\w.exe
c:\windows\lb.exe

and also infected with backdoor.shbot.b in these files
c:\windows\system\svchostw.exe
c:\windows\system\svchostw.dll
c:\windows\system\svchctrl.exe
c:\windows\system\regserv.exe
c:\windows\system\regserv.dll

what do i do with these files can i just delete them i removed some of the last ones from startup with hijackthis thanks guys
The common factor for most of these is that are in the system folders and you (read the malware) need permissions/admin rights to do this.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security