Have virus ied_s7_c_7.exe Download Trojan PLS HELP

Status
Not open for further replies.
T

tigerlily

Posts: 11   +0
Hey there

First time I post on any kind of tech forum on the Net. I am in need of some assistance in the cold North. My Norton AV (downloaded today) tells me I have the virus ied_s7_c_7.exe Download Trojan on my machine. It also says it can't isolate it or delete it... What now?

I also had problems with a 540 filost opening a site called oldgames and various porn sites without me opening explorer at all. (This was the reason for me downloading and installing NAV anyway. )

Are the two connected in some way? I have read all I could find about these things, and I am very confused. What should I do?
How do I get rid of this ****? I am from Norway btw so if my English is bad sometimes, please be patient with me.

My computer is running Win XP Pro

Scared and confused
:confused:
 
My hjt log in txt format

Thank you for your welcomes, guys.

I have run a HJT, and here is my log file - in .txt as requested.
I would be very happy if you could check it out and see what's wrong. And let me know what to do next.

:bounce:
 
When you are finished with this, you really should install at least SP1, better would be SP2.
Get SP2 free from MS on a CD or ask a friend for his/her CD.
Then do all your Windows updates as well. You will remain vulnerable if you don't!

Boot in Safe Mode.
Switch System restore OFF.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
update.exe
ib.exe or ib.com

Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8b5e9cdb91dddbb342695fbdc36fe0e4\update\update.exe (FIX only)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [ESS_Audio] c:\ib <<== afterwards delete ib.exe or ib.com ==>>
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\wx.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\wx.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
...................................................................................................
Now click on the Fix Checked button in HJT.

When done, from between the dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.
 
have tried to install sp2 earlier but...

Hi realblackstuff

Thank you for your quick answer realblackstuff, I appreciate it. I will now try to do what you tell me in the description. Have printed it out.

You mention SP1 and SP2.. I thought I had SP1, now I am confused.. And SP2 I have downloaded it and tried to install it, but my computer refuses to take it in. Are there more types of SP1's and SP2's??

Where is the best place to download updates? This site's updates?

If I don't ask, noone will know I want to learn. Thanks for your patience.
 
There are only SP1 & SP2 (at present). SP2 covers everything that is in SP1.

Try installing SP2 again after you have cleaned up.

Upgrades come from all over the place. They are issued by original producers of whatever you're updating. Motherboard drivers & bios updates come from their site as an example.
 
SP1 and SP2

I am sorry but someone has given the impression that there are SP's for Internet explorer AND for Windows XP.. Is this correct?
How do I know what I have?

I went ahead and tried analyzing the hijack log, and it also says Nasty on a file called vbsys2.dll. What should I do about that? :eek:
 
Sorry tigerlily misread your question. SP stands for Service Pack and Micro$oft issues them for many programs. As you understood there are both Internet Explorer SP1 and Windows XP SP1, as well as others.

vbsys2.dll is a nasty and should be fixed and then deleted.
 
SP2 includes updates for both XP and IE.
The other updates I mentioned, you will get when you click on Start/Windows Update, directly from MS website.
When you go there, an MS-utility will check your PC and find out what is missing, then prepare a list of 'missing' updates for you to install. Easy-peasy.

Read my HJT-advise again, the last 'bad' line is this vbsys2.dll and is bold, for you to delete after you finish HJT.
 
Now I have tried but...

Hi again

I have done things in the order you put them in the list. Some things did not work out:

1. none of the processes update.exe or ib.exe/ib.com were running, and therefore I could not shut them down in taskmanager.

2. When I did a search on the computer, it could not find neither ib.exe/ib.com (found attrib) nor the wx.cab files therefore I could not delete them.

3. There were only old files and folders in the Temp's. I deleted them.

I have not turned on the system restore again, because I was not sure what to do. Awaiting your reply.

Thank you for helping me.
 
This one has slipped through.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

Otherwise it looks clean to me, although I'm a bit green at interpreting these logs.

RBS will be around some time to give you an official all clear.
 
A lot of updates

Hi again

Been to the microsoft page checking for updates.
There are a LOT of updates, are they all necessary? Should I just go ahead and download them all? Even the ones from before 2002-2003?

Have installed sp1 for IE now and with that my explorer got upgraded to 6.0.2800.1106

I am also wondering why my machine says it has 64 MB RAM when it starts up, I am sure it said 128 MB before. I do not know when that happened.
 
Look for MSBA (Micro$oft Baseline Analyser). Run this and at least start with the critical & recommended updates.

Download Everest Home this will give lots of information on your machine. Including the amount of memory you have installed.
 
what version

What version of the MBSA should I choose?

Normally I would think the newest one the 2.0 , but since I am a newbie, I ask you that know about these things.

Hope I am not too much of a bother to you. I am learning more when you tech guys out there help me. You are all :angel: and I would be :dead: without you.

Thanks
 
If you don't go with my second thought of using Autopatcher then yes you should use the latest version of MSBA.
 
How does the autopatcher work

I was thinking, how do I download the autopatcher? I went to the site but when I click on the link, it just opens another page.. Also, should I pick June full 2005 or the may 2005 one?

both links just opens the same page over and over again. How should I do this?

Will autopatcher automatically take down the files needed, and install them? If not, how do I know what files/updates to choose?
 
Try this page and choose the ful version.
After you have downloaded it you need to install the program. Then you run it and there are options to how much of it you actually install. I can't go through it as there are a lot of patches and I can't recall the whole list. Make a start on it and get back with any questions after you have seen it.
 
Status
Not open for further replies.

Similar threads

VygandasE
Solved .SCR Virus that tries to change my email recovery
2
Replies
25
Views
6K
Broni
Broni
ravisunny2
Solved Need help with possible infection
Replies
11
Views
3K
Broni
Broni
D
Solved Possible Virus
2
Replies
34
Views
16K
Broni
Broni

Latest posts

Back