I've been infected with W32.myzor.FK@yf

Status
Not open for further replies.
G

golfer

Posts: 6   +0
okay, i'm in line for help. I have contracted this dreaded virus and cannot seem to get rid of it with the apps I have. I ran ad aware and spybot and had no luck.

Here is my log file from hijack this. I am copying half of it in this post and the other have below since it is too long for one post. I am in hopes someone can tell me how to get rid of this. I saw where there are others who have it an instructions to the "cure" but since the log files are different, I assumed this is the best thing to do.

Thanks in advance:
 
Hello and welcome to Techspot.

Go HERE and follow the instructions in the order they are given.

Post a fresh HJT log as an attachment, only after doing the above.

Regards Howard :wave: :wave:
 
Thanks Howard. I missed that post somehow before I submitted. Had trouble running Housecall, but will work my way through at least two of these and post back.

Thanks again,
Brad
 
erm. How can you tell? I'm not seeing much to go on in this thread until (s)he posts his/her hjt log.
 
I tried to get scanned and cleaned by the apps in the link until about midnight. I never did get Housecall to run. The ones that were able to scan had to be purchased before they would clean and I don't own any of them.

I'll have to work on it more tonight when I get back to my home pc. Guess I'll have to buy one or more of the apps to get cleaned.

I appreciate the help here. I just wish I could get my hands around the scrawny neck of the *#)(#$*%* that hijacked my machine!
 
Don`t go buying any apps. All the apps and online scanners in my thread are free.

Follow the instructions as far as you can, then post a HJT log. I`ll then see what needs to be got rid of.

Regards Howard :)
 
Spike said:
erm. How can you tell? I'm not seeing much to go on in this thread until (s)he posts his/her hjt log.
Click to expand...
I have been reading threads on other sites regarding this virus.
 
Given the common recurrance of dcomcfg.exe and hp????.tmp in the system32 directory of each of these myzor.fk threads, it would appear to fit the bill of Troj/Zlob.IK, according to Sophos.
 
You guys are both right.

I am currently researching to try and find a simple cure for this. At the moment it seems the best that can be done is to run the smitrem.exe file from Bleepingcomputer.

I have just updated my Before posting any HJT logs, please read this. thread, to try and reflect this infection. I will make further updates as and when new info is available.

Regards Howard :)
 
It is. Seems to be pandemic at the moment (lol).First reports of this one according to sophos came right at the end of April. Not hard to get rid of though - could be done with a simple batch file if I knew that HP????.tmp wouldn't delete any genuine and valid files.

Code: 
@echo off

echo *
echo * Ending task - dcomcfg ...
echo *
taskkill /IM dcomcfg.exe

echo *
echo Deleting trojan files...
echo *
erase %systemroot%\system32\dcomcfg.exe
erase %systemroot%\system32\simpole.tlp

echo *
echo *
echo **************************************************************
echo * About to delete all .tmp files in system32 with a filename *
echo * 6 characters long starting with hp (eg. HPwxyz.TMP)        *                     
echo * WARNING!!! - any genuine file fitting This description     *
echo * will be lost if present in this directory                  *
echo *                                                            *
echo * To stop now, close this window, else...                    *
echo **************************************************************
pause

erase %systemroot%\system32\HP????.tmp

echo * Finished *
pause

...that is, provided that the sophos advanced tab details the trojans activities completely.

As I say though, I'm a bit concerned that there may be a 6 letter tmp file beginning with hp that could be genuine for something. It doesn't deal with the autorun or browser helper object registry entries though, which HJT could take care of afterwards quite easily (file missing).
 
I tried over and over to run Housecall. At first I had problems just getting it to do anything. Once I apparently got the java files loaded that were needed, it started downloading the required files and the progress bar started moving at the bottom but stopped about half way and it sat idle for 10 minutes with no progress. Task Manager said it was running but my cpu was only at about 4%.

Running eTrust antivirus webscanner now. It scanned fine last night but when it finished, I had no options available to me. Neither "cure" nor "delete" files would work.

Spyware Doctor came up when I Google'd w32.myzor.... so I installed the trial and scanned to find over 200 virus's. Couldn't clean them with it unless I pay the 29.95 though so I'm still working on the cheaper route first.

I'll post back once eTrust finishes.
 
Follow as many of the steps as you can. If you`re having real problems with the online scanners, just skip that step and go to step 2. I`ve added a new set of instructions to deal with the smitFraud infection, in step 3.

Post a fresh HJT log as an attachment, only after completing as many steps as you can. This is a very nasty infection and needs everything, including the kitchen sink throwing at it.

Regards Howard :)
 
I'm having trouble getting HJT log file saved as a .txt file. I'll try again tomorrow when I have a little more time.

I now have Avast! antivirus running and Windows Defender.

Look 2 Me and Vundo didn't seem to be able to run. I installed them as instructed and clicked "run". they were supposed to "come back" after about a minute but never did.

Are there any specific apps that have known cures for this dreaded virus yet?
 
The smitfraudfix should get rid of the infection.

Once I have your HJT log, I`ll have a better idea of what`s going on.

Regards Howard :wave: :wave:
 
Here is my HJT file. Thanks in advance for all the help on this.

I ran smitfraudfix and it did seem to help but i'm not sure it's completely gone.

Thanks.
 
Ok, your main infection seems to have gone. However, you have several smaller infections and have not followed the instructions I gave you properly.

Go HERE and starting at step 1 follow all the instructions.

Post a fresh HJT log, only after doing the above.

Regards Howard :)
 
Status
Not open for further replies.

Similar threads

dcovalencia
Solved Downloaded a .exe file from a copy of a website
Replies
23
Views
3K
Broni
Broni
Z
New multi-threading technique promises to double processing speeds
2
Replies
37
Views
589
HardReset
H
Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
637
Feng Lengshun
F

Latest posts

Back