Author Topic: trojans galore (Read 41718 times)

oldman · « **Reply #45 on:** December 30, 2007, 08:51:21 PM »

I think I may have found something

submit this one to virus total

C:\hiberfil.sys

sasysusie · « **Reply #46 on:** December 30, 2007, 08:54:47 PM »

When i go to this site http://www.spywareinfo.com/~merijn/programs.php#adsspy it gives me several different things i could download... which did you want me to download and run. Sorry i have to ask so many questions im sure you get frustrated with me at times..
Thanks for all your help.. and i see you have a new instrustion for me ..We are leaving for a bit but i will take care of all of it when we get home.
Thanks for your patience with me once again and your help!
Sassy

oldman · « **Reply #47 on:** December 30, 2007, 09:05:08 PM »

Let's hold off downloading the little program and submitting the files in the earlier post.

Just do the following, then do another wnpfind3u and post the log.

Open the Windows Control Panel
Double-click Power Options

Click the Hibernate tab, uncheck the 'Enable hibernate support' check box, and then click Apply.

Restart your computer then do another wnpfind3u in normal windows and post the log.

galooma · « **Reply #48 on:** December 30, 2007, 10:54:06 PM »

Sorry to butt in but you may find you already have ADSPY in the misc tools section of HJT

oldman · « **Reply #49 on:** December 30, 2007, 10:59:42 PM »

Quote from: Cloussau on December 30, 2007, 10:54:06 PM

Sorry to butt in but you may find you already have ADSPY in the misc tools section of HJT

No problem.

I just wanted something that hadn't been on the machine for any length of time. I don't think I'm going to have to go in that direction after all.

sasysusie · « **Reply #50 on:** December 31, 2007, 04:54:44 PM »

Quote from: oldman on December 30, 2007, 08:04:00 PM

The .bat results where what I hoped they would be. Sorry I forgot, we can't attach .bat files, forum rules.

I don't see anything in the log. So we'll try a couple of things.

Download and run this utility, copy and paste the results here.

http://www.spywareinfo.com/~merijn/programs.php#adsspy

Create a new folder on your desktop and name it infected

To do this right click on the desktop, select new, click folder.

Open the avast chest by right clicking the "a" icon, click start avast anti virus. Once the it opens, click on the chest icon, click on the infected files button.

Find these files, right click on them one at a time, select extract

C:\WINDOWS\SYSTEM32\mcvkkmrb.exe
C:\WINDOWS\tsitra1000106.exe.tmp
C:\WINDOWS\system32\qeibqlcy.dll

In the box that appears scroll down to the infected folder you created, click on it, click ok.

Submit those files to www.virustotal.com As I'm not sure what the file path will be, use the browse button on their site to get to the files.

Post those results. We may be able to see the characteristics of these files by knowing what other scanners name them.

So you want me to hold off on doing this as well and just do what you said in the last post to me?

oldman · « **Reply #51 on:** December 31, 2007, 05:44:27 PM »

Yes just do what was in the last post.

http://forum.avast.com/index.php?topic=31518.msg270098#msg270098

sasysusie · « **Reply #52 on:** December 31, 2007, 10:58:19 PM »

This time i got through the whole scan in normal windows WITHOUT a virus warning!!!! Yippie. I am attching the new wnpfind3u log.
Thank you and Happy New Years Eve to you!
Susie

oldman · « **Reply #53 on:** January 01, 2008, 04:02:08 AM »

Thank you for the greeting and Happy New Years to you. A little festive pic for you at the bottom.

I think we might have got it.

This file was a tad suspicious, unless of course, the laptop came over on the Mayflower.

C:\hiberfil.sys created 1/1/1601 6:00 AM

Here's some info about hiberfil and what it is. If you (your friend) uses hibernation on the laptop, just do what you did and check enable.

http://forums.vnunet.com/message.jspa?messageID=677239

So then, if everything is ok, it's time to clean up.

Click the start button, click run and copy and paste this line in to the box and click ok

combofix /u

Open OTMOVEIT then click the Clean Up button. You may get prompted by your firewall that OTMoveIt wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.

Download and run this program. When first run it will be in demo mode to show you what it will remove, have a look and then run it in real mode.

CleanUp

To clear existing restore points and make a new one

Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point , click create

Remove old restore points

Disk Cleanup
- Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.

You can also delete the notepads and logs you may have saved to your desktop. Empty the recycle bin.

sasysusie · « **Reply #54 on:** January 01, 2008, 09:45:18 AM »

Ok but...... before i clean everything up I have a confession... while i was waiting for the last reply and thinking that maybe we did have it I ran a ( or part of it) SAS scan, during that scan Avast started giving me one after another Virus Alerts!! After about 5 or 6 or more possible i decided running the SAS at this time was not such a good idea and i stopped it.. All trojan that Avast were finding I moved to the chest. If i follow thru with all the clean up steps would that then be taking care of all of those Trojan warnings I am getting from Avast? or is there still something hiding somewhere? Sorry if i did something i was not suspose to do. Ill wait to hear from you before I proceed with the cleanup.
Thanks again and I enjoyed the festive pic!
Susie

oldman · « **Reply #55 on:** January 01, 2008, 12:03:45 PM »

Well it depends on what avast was finding and where they where. Post the last 10-12 lines of the avast warning log.

sasysusie · « **Reply #56 on:** January 01, 2008, 09:17:03 PM »

Help.... I don't know if i have just lost all brain function or what but i have the Avast log viewer up and for the life of me i do not remember how i get it to you.. it does not let me hightlight anything! What do I do.. sorry!!!!
Susie

oldman · « **Reply #57 on:** January 01, 2008, 09:23:27 PM »

In windows explorer navigate to this folder

C:\program files\Alwil Software\Avast4\Data\logs

double click on the warning log in the right hand panel. It will open with notepad. Copy and pste the contents into a new notepad and attach it or post it.

sasysusie · « **Reply #58 on:** January 01, 2008, 09:37:37 PM »

I must be doing something wrong .... whats new... but when i type in that file name into a search in windows explorer this is what im getting
Search is complete. There are no resilts to display.... ugh
Sasy

oldman · « **Reply #59 on:** January 01, 2008, 10:55:21 PM »

What file are you searching for?

Just go to the folder and click on it, the warning log will be in the right hand panel

Author Topic: trojans galore (Read 41718 times)

oldman

Re: trojans galore

sasysusie

Re: trojans galore

oldman

Re: trojans galore

galooma

Re: trojans galore

oldman

Re: trojans galore

sasysusie

Re: trojans galore

oldman

Re: trojans galore

sasysusie

Re: trojans galore

oldman

Re: trojans galore

sasysusie

Re: trojans galore

oldman

Re: trojans galore

sasysusie

Re: trojans galore

oldman

Re: trojans galore

sasysusie

Re: trojans galore

oldman

Re: trojans galore