TechSpot

what is W32.Myzor.FK@yf

By trahcwolf
May 4, 2006
  1. 8:30...
    Windows xp booted well, and Microsoft Defender caught
    a possible hijacker...was just a new setting
    (I began to have faith)
    AVG began downloading a new definition file
    (Great for free...I may have to buy it)
    Webroot SpySweeper full scan found nothing.
    MSIE started and went straight to windowsupdate/V6/default.asp
    stating I needed to turn on automatic updates, etc...
    When I typed into the address box www.yahoo.com, the
    browser immediately went to
    www.securitybulletin.net,
    stating my pc was infected with
    W32.Myzor.FK@yf virus

    I viewed the webpage's source code to find that virus's name
    was in the page source, and not some "found virus" on my system.

    Also in the text of that page were the following site names:
    www.pesttrap.com
    www.malwarewipe.com
    www.thespyguard.com

    That popup saying my pc is infected has not reappeared yet...

    Not sure if Error Nuker is worth trying yet...paid for it, installed
    it on laptop, and it sems to have done nothing.
    Tried to install it on desktop, I was told I have to buy another copy
    for my desktop...??? By the way, the same results showed on the free
    online scan as fully registered, even after it supposedly fixed all
    errors...hmmmmmmmm

    I put all of the sites mentioned into my security settings as
    restricted sites. Saved a copy of my hijackthis log, and am about to
    reboot, then try finding a site to send the Hijackthis log to


    9:36
    Home/start page is now securitybulletin.net
    When navigating to mail, I am told I need to install Flashplayer 8...
    Deleted trash, and sent to www.dnserror404.html
    and told to install spytrooper...

    Seeking some resolution...
    Any help greatly appreciated...

    (Hijackthis log is attached to this message)
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions in the order they are given.

    Post a fresh HJT log into this thread, only after doing the above.

    Regards Howard :wave: :wave:
     
  3. trahcwolf

    trahcwolf TS Rookie Topic Starter

    will do...

    rebooted, updated webroot spysweeper definitions file
    reran thorough spysweep
    Found 3 adwares and 29 traces
    popuer
    security 2k hijacker
    spy falcon fakealert

    Webroot removed these, rebooted, and all seems well so far

    Will post new hijack report after I follow what you suggested
     
  4. trahcwolf

    trahcwolf TS Rookie Topic Starter

    Awesome help

    I did what you said, and have begun taking other actions, such as dumping MSIE and have installed Firefox. Wow, Firefox seems to be streamlined and fast!
    Results of your advice...
    Trendmicro said it would take 10 hours to scan my pc, so I aborted that one
    The virusscan site refused to load
    Bitdefender found nothing
    Panda's site found a bunch of stuf...a dialer and 9 other suspicious files
    Look2me and Vundo ran and found nothing
    Ewido found 17
    Attached is most recent hijackthis log

    As far as I can tell, all is good, but traces of Symantec's
    Norton systemworks still show up in the startup log...(Though the utility has been removed and registry sweeper found it nowhere)
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = John Beck's Web Seeker

    O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - (no file)

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O15 - Trusted Zone: http://*.update.microsoft.com
    O15 - Trusted Zone: www.pandasoftware.com
    O15 - Trusted Zone: http://housecall65.trendmicro.com
    O15 - Trusted Zone: http://download.windowsupdate.com
    O15 - Trusted Zone: *.xaraonline.com

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124245454734
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124245194312
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode and turn system restore back on.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...