TechSpot

W32.Myzor.FK@yf ?????

By Cyclone_S
May 16, 2006
  1. Hi,

    I don't know what's going on with my computer but I have this flashing symbal in my task bar that flashes green and red and every few seconds a red message pops up saying my computer is infected and that I need use antimalware.

    Also When I start IE a website 'www.safeteyuptodate.com' apears and a window pops up with a message saying I have this virus 'W32.Myzor.FK@yf'

    what's going on? What steps should I take?

    Thanks
     
  2. noleson

    noleson TS Rookie

  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions. Start at step 3, then follow the rest of the steps starting at step 1 and so on.

    Post a fresh HJT log, only after doing the above.

    Regards Howard :wave: :wave:
     
  4. Cyclone_S

    Cyclone_S TS Rookie Topic Starter

    Thanks I think its removed?

    This is what I did

    1. downloaded spysweeper. It found a bunch of stuff and trojans. The fircken free version of spysweeper doesn't allow you to remove them!!!!!!!

    2. I used smitFraudfix

    3. VundoFix.exe Look2Me-Destroyer.exe did not work. I waited for 5 minuites and the window never came back.



    So how do I know if everything is ok with my computer now. What were all these programs I was downloading. Is that smitFraudfix program like Hijackthis?
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The SmitFraudfix is what hopefully removed your particular infection.

    However, it`s very important, that you follow the rest of the instructions, then post a fresh HJT log.

    The reason for this is, there`s a very good chance your system will be infected with secondary infections, in addition to the original one.

    Regards Howard :)
     
  6. Cyclone_S

    Cyclone_S TS Rookie Topic Starter

    4. I scaned with spysweeper again and it still finds all this adware...

    Adware found: zeropopup
    Adware found: start4search toolbar
    Adware found: ietoolbar
    Adware found: searchtoolbar
    Adware found: quicklink search toolbar
    Adware found: whenu savenow
    Trojan Horse found: trojan-downloader-ruin
    Adware found: security2k hijacker
    Adware found: unspypc


    My web browser apears to be back to normal and same with my task bar but spysweeper still finds this stuff.
     
  7. Cyclone_S

    Cyclone_S TS Rookie Topic Starter

    Ok here is my hijackthis log. I'm using version 1.97.7 I hope thats the newest version
     

    Attached Files:

  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No, that`s an old version. the newest version is 1.99.1.

    If you had followed the instructions correctly, you should`ve known that.

    Once I have a fresh uptodate HJT log I can help you further.

    Make sure you have followed all the instructions exactly.

    Regards Howard :)
     
  9. Cyclone_S

    Cyclone_S TS Rookie Topic Starter

    oops sorry Howard. Here is a new version.
     

    Attached Files:

  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I think you`ve forgotten to attach it lol.

    Regards Howard :)
     
  11. Cyclone_S

    Cyclone_S TS Rookie Topic Starter

    nah I didn't ;) I just forgot to change the extension. I noticed after hitting submit post lol.

    You just repond so quickly :)

    Thanks for that :)
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


    Go to add remove programmes in your controil panel and uninstall anything to do with(if there).

    Dap

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    StartCpl.exe
    SYSTRAV.exe
    dmglo.exe
    InpriseMon.exe
    install2.exe
    init32.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [_ctcp] StartCpl.exe
    O4 - HKLM\..\Run: [Uint32] SYSTRAV.exe
    O4 - HKLM\..\Run: [dmglo.exe] C:\WINDOWS\system32\dmglo.exe
    O4 - HKCU\..\Run: [typeconf] InpriseMon.exe
    O4 - HKCU\..\Run: [iehelper] init32.exe
    O4 - HKCU\..\Run: [TForm1] install2.exe

    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136844084140
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    C:\Program Files\DAP\dapextie.htm
    StartCpl.exe
    SYSTRAV.exe
    dmglo.exe
    InpriseMon.exe
    install2.exe
    init32.exe


    You will need to search your system for some of the above files.

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.


    Regards Howard :)
     
  13. Cyclone_S

    Cyclone_S TS Rookie Topic Starter

    here is my new log. I didn't delete the ones that had to do with the 'define' thing. that comes with microsoft office doesn't it? I find it usefull.

    Spysweeper still finds this stuff... Anyway to delete them without having to dish out 30 bucks?

    Drives: C: D: E:
    Adware found: searchtoolbar
    Trojan Horse found: trojan-downloader-ruin
    Adware found: security2k hijacker
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Let HJT fix these entries.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    F2 - REG:system.ini: UserInit=userinit.exe

    Other than that, your HJT log is clean.

    If you`re still concerned about the entries Spysweeper says it finds. Go to the instructions in my first reply and use several of the online scanners.

    Regards Howard :)
     
  15. Cyclone_S

    Cyclone_S TS Rookie Topic Starter

    Thanks for your help. I really apecieate it :)

    I tried 3 of those online scan sites already. One site found adware but wouldn't let me delete them unless i pay. :(
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The ones that find stuff but won`t delete it without payment are often giving false positives.

    Have you tried the Ewido scan? Go HERE and follow the instructions.

    Regards Howard :)
     
  17. Cyclone_S

    Cyclone_S TS Rookie Topic Starter

    well i tried a bunch more of programs and the one you suggested. They all seem to remove different 'threats' this makes me so confused...

    A program called Fixwareout got rid of the tool bar and the trojan that spysweeper found but I still can't get rid of 'security2k hijacker'

    I really want to get rid of this last thing.

    Thanks again for helping me out man.
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please post a fresh HJT log.

    Regards Howard :)
     
  19. Cyclone_S

    Cyclone_S TS Rookie Topic Starter

    New Log. Thank You.
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    However, I`ve just noticed that you stated earlier, that you had trouble running the vundo and look2me fixes.

    I`d like you to try running them again.

    Start with the look2me fix HERE. Follow the instructions carefully.

    Then, run the vundo fix from HERE. Again, following the instructions carefully.

    Let me know the results please.

    Regards Howard :)
     
  21. Cyclone_S

    Cyclone_S TS Rookie Topic Starter

    I guess I gave up too soon... I had to wait like 5 minutes before the windows would re-open. I think The Look2me-Destroyer found and delete files, not sure.

    The vundo program didn't find anything.

    Btw what are these programs. Are they just a program the removes a specific spyware and nothing else?



    S still have that security2k hijacker! I couldn't find much about it on the web either.
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, the vundo and look2me fixes are rather specific.

    Please run the Panda active scan from HERE.

    When done, post the active scan report and a fresh HJT log.

    Regards Howard :)
     
  23. Cyclone_S

    Cyclone_S TS Rookie Topic Starter

    Hi, here is the panda log and the HJT log
    thanks.
     
  24. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I can find nothing in your HJT log that`s nasty.

    However, the active scan report mentions Spyfalcon.

    Boot into safe mode and turn off system restore.

    Open your task manager and end process for(if there)

    sa2E.exe

    Close task manager.

    Go to the following directory and delete the bold file(if there).

    C:\WINDOWS\Temp\sa2E.exe

    Boot into normal mode and turn system restore back on.

    See if that helps.

    Regards Howard :)
     
  25. Cyclone_S

    Cyclone_S TS Rookie Topic Starter

    I found and delete the sa2E.exe file. Did a new scan in spysweer and 'security2k hijacker' is still there. Maybe it's nothing to worry about??

    Spysweeper give me this info about it. Maybe I should delete this from my registry?

    HKLM\software\microsoft\windows\currentversion\explorere\browser helper objecta\


    ADWARE Description:

    Name:
    Security2k Hijacker

    Author:


    Category:
    Adware

    Threat Assessment:
    Critical




    Description:

    Security2k Hijacker is a Browser Helper Object that may hijack your homepage to a fake security site.

    Characteristics:

    Security2k Hijacker is a Browser Helper Object (BHO) that may change your browser settings. A BHO is a file, usually a toolbar, which loads with Internet Explorer. BHOs may route certain domains to false addresses thus hijacking your search.

    Method of Infection:

    Hijackers generally propagate through the use of seemingly-innocent dialog boxes, various social engineering methods, or through a java scripting error. Usually hijackers are bundled with various, free, software programs.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...