I've been infected with W32.myzor.FK@yf

By golfer
May 7, 2006
Topic Status:
Not open for further replies.
  1. okay, i'm in line for help. I have contracted this dreaded virus and cannot seem to get rid of it with the apps I have. I ran ad aware and spybot and had no luck.

    Here is my log file from hijack this. I am copying half of it in this post and the other have below since it is too long for one post. I am in hopes someone can tell me how to get rid of this. I saw where there are others who have it an instructions to the "cure" but since the log files are different, I assumed this is the best thing to do.

    Thanks in advance:
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Hello and welcome to Techspot.

    Go HERE and follow the instructions in the order they are given.

    Post a fresh HJT log as an attachment, only after doing the above.

    Regards Howard :wave: :wave:
  3. golfer

    golfer Newcomer, in training Topic Starter

    Thanks Howard. I missed that post somehow before I submitted. Had trouble running Housecall, but will work my way through at least two of these and post back.

    Thanks again,
    Brad
  4. Tedster

    Tedster Techspot old timer..... Posts: 10,067   +13

  5. Spike

    Spike Newcomer, in training Posts: 2,371

    erm. How can you tell? I'm not seeing much to go on in this thread until (s)he posts his/her hjt log.
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    There was a case of this the other day. See http://www.techspot.com/vb/topic49473.html

    I have received no further freedback, so can only assume the problem is fixed.

    The HJT log in question was certainly clean other than the few entries I advised be fixed.

    Regards Howard :)
  7. golfer

    golfer Newcomer, in training Topic Starter

    I tried to get scanned and cleaned by the apps in the link until about midnight. I never did get Housecall to run. The ones that were able to scan had to be purchased before they would clean and I don't own any of them.

    I'll have to work on it more tonight when I get back to my home pc. Guess I'll have to buy one or more of the apps to get cleaned.

    I appreciate the help here. I just wish I could get my hands around the scrawny neck of the *#)(#$*%* that hijacked my machine!
  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Don`t go buying any apps. All the apps and online scanners in my thread are free.

    Follow the instructions as far as you can, then post a HJT log. I`ll then see what needs to be got rid of.

    Regards Howard :)
  9. Tedster

    Tedster Techspot old timer..... Posts: 10,067   +13

    I have been reading threads on other sites regarding this virus.
  10. Spike

    Spike Newcomer, in training Posts: 2,371

    Given the common recurrance of dcomcfg.exe and hp????.tmp in the system32 directory of each of these myzor.fk threads, it would appear to fit the bill of Troj/Zlob.IK, according to Sophos.
  11. Tedster

    Tedster Techspot old timer..... Posts: 10,067   +13

    could be a possibility. This is a new virus and/or variant......
  12. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    You guys are both right.

    I am currently researching to try and find a simple cure for this. At the moment it seems the best that can be done is to run the smitrem.exe file from Bleepingcomputer.

    I have just updated my Before posting any HJT logs, please read this. thread, to try and reflect this infection. I will make further updates as and when new info is available.

    Regards Howard :)
  13. Spike

    Spike Newcomer, in training Posts: 2,371

    It is. Seems to be pandemic at the moment (lol).First reports of this one according to sophos came right at the end of April. Not hard to get rid of though - could be done with a simple batch file if I knew that HP????.tmp wouldn't delete any genuine and valid files.

    Code:
    @echo off
    
    echo *
    echo * Ending task - dcomcfg ...
    echo *
    taskkill /IM dcomcfg.exe
    
    echo *
    echo Deleting trojan files...
    echo *
    erase %systemroot%\system32\dcomcfg.exe
    erase %systemroot%\system32\simpole.tlp
    
    echo *
    echo *
    echo **************************************************************
    echo * About to delete all .tmp files in system32 with a filename *
    echo * 6 characters long starting with hp (eg. HPwxyz.TMP)        *                     
    echo * WARNING!!! - any genuine file fitting This description     *
    echo * will be lost if present in this directory                  *
    echo *                                                            *
    echo * To stop now, close this window, else...                    *
    echo **************************************************************
    pause
    
    erase %systemroot%\system32\HP????.tmp
    
    echo * Finished *
    pause
    ...that is, provided that the sophos advanced tab details the trojans activities completely.

    As I say though, I'm a bit concerned that there may be a 6 letter tmp file beginning with hp that could be genuine for something. It doesn't deal with the autorun or browser helper object registry entries though, which HJT could take care of afterwards quite easily (file missing).
     
  14. golfer

    golfer Newcomer, in training Topic Starter

    I tried over and over to run Housecall. At first I had problems just getting it to do anything. Once I apparently got the java files loaded that were needed, it started downloading the required files and the progress bar started moving at the bottom but stopped about half way and it sat idle for 10 minutes with no progress. Task Manager said it was running but my cpu was only at about 4%.

    Running eTrust antivirus webscanner now. It scanned fine last night but when it finished, I had no options available to me. Neither "cure" nor "delete" files would work.

    Spyware Doctor came up when I Google'd w32.myzor.... so I installed the trial and scanned to find over 200 virus's. Couldn't clean them with it unless I pay the 29.95 though so I'm still working on the cheaper route first.

    I'll post back once eTrust finishes.
  15. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Follow as many of the steps as you can. If you`re having real problems with the online scanners, just skip that step and go to step 2. I`ve added a new set of instructions to deal with the smitFraud infection, in step 3.

    Post a fresh HJT log as an attachment, only after completing as many steps as you can. This is a very nasty infection and needs everything, including the kitchen sink throwing at it.

    Regards Howard :)
  16. golfer

    golfer Newcomer, in training Topic Starter

    I'm having trouble getting HJT log file saved as a .txt file. I'll try again tomorrow when I have a little more time.

    I now have Avast! antivirus running and Windows Defender.

    Look 2 Me and Vundo didn't seem to be able to run. I installed them as instructed and clicked "run". they were supposed to "come back" after about a minute but never did.

    Are there any specific apps that have known cures for this dreaded virus yet?
  17. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    The smitfraudfix should get rid of the infection.

    Once I have your HJT log, I`ll have a better idea of what`s going on.

    Regards Howard :wave: :wave:
  18. golfer

    golfer Newcomer, in training Topic Starter

    Here is my HJT file. Thanks in advance for all the help on this.

    I ran smitfraudfix and it did seem to help but i'm not sure it's completely gone.

    Thanks.
  19. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Ok, your main infection seems to have gone. However, you have several smaller infections and have not followed the instructions I gave you properly.

    Go HERE and starting at step 1 follow all the instructions.

    Post a fresh HJT log, only after doing the above.

    Regards Howard :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.