« previous next »
Pages: 1 [2]   Go Down

Author Topic: vbs:exedropper-gen[trj], win32:ramnit-f and win32 crypt-ibx  (Read 10142 times)

0 Members and 1 Guest are viewing this topic.

Minty1888

  • Guest
Re: vbs:exedropper-gen[trj], win32:ramnit-f and win32 crypt-ibx
« Reply #15 on: November 29, 2010, 12:53:25 AM »
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qgb9.hpwis.com/

Don't think this is right. 

I'm considering doing a 3-pass zero out on the hard drive as I'm sure something's still there.  Cheers for the link Pondus
Logged

Minty1888

  • Guest
Re: vbs:exedropper-gen[trj], win32:ramnit-f and win32 crypt-ibx
« Reply #16 on: November 29, 2010, 01:29:18 PM »
Issue now resolved

I formatted the whole hard drive including the recovery partition and installed from CD.  Nothing in the startup folder now and no re-directs to that insiderinfo site.

Thanks to all who helped and assisted
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Ãœberevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: vbs:exedropper-gen[trj], win32:ramnit-f and win32 crypt-ibx
« Reply #17 on: November 29, 2010, 09:47:45 PM »
Lets kill it shall we

1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Quote
Begin copying here:

Files to delete:
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ijogalmv.exe

Note: the above code was created specifically for this user.  If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • After the restart, it creates a log file that should open with the results of Avenger’s actions.  This log file will be located at  C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh OTL log .
Logged
Pages: 1 [2]   Go Up
« previous next »