Lots of Trojans
- Thread starter marygg
- Start date
- Status
Look a tad strange (well actually bad)
Have you followed the Viruses/Spyware/Malware, preliminary removal instructions?
If not, I believe it to be your best option.
Blind Dragon
Posts: 3,774 +4
Mary please tell me this is a different computer from:
I'm guessing it is, but just wanted to be sure.
marygg said:
I'm guessing it is, but just wanted to be sure.
Blind Dragon
Posts: 3,774 +4
First I want you to go to Start -> Control Panel -> Add/remove Programs -> remove:
*All versions of Java or JRE
*ShoppingReport <-If there
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Boot into Safe Mode
Run Hijackthis and Select Do A System Scan Only
Put a check mark next to the following entries if there:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndBlock5 BHO Class - {82EA1A55-9CBC-404b-9D0C-E8BFB7EAAE9B} - C:\Program Files\QdrDrive\QdrDrive10.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O8 - Extra context menu item: &Search - ?p=ZCfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - (no file)
O23 - Service: SystemSuite Task Manager - Unknown owner - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe (file missing)
Reboot into Normal Mode
Update your Java Runtime Environment
Run Hijackthis one last time and post the log along with combofix.txt
*All versions of Java or JRE
*ShoppingReport <-If there
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Run Hijackthis and Select Do A System Scan Only
Put a check mark next to the following entries if there:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndBlock5 BHO Class - {82EA1A55-9CBC-404b-9D0C-E8BFB7EAAE9B} - C:\Program Files\QdrDrive\QdrDrive10.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O8 - Extra context menu item: &Search - ?p=ZCfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - (no file)
O23 - Service: SystemSuite Task Manager - Unknown owner - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe (file missing)
Reboot into Normal Mode
Update your Java Runtime Environment
- Click the following link
Java Runtime Environment 6 Update 4 - The 4th option down is the one you want
- After the download locate and double click the installer jre-6u4-windows-i586-p-iftw.exe
- Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
Run Hijackthis one last time and post the log along with combofix.txt
Blind Dragon
Posts: 3,774 +4
Run System Scan only with Hijackthis and fix this entry:
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - (no file)
I don't see the combofix log, and we will work on Java after I see the combofix log, it should be gone, just have to remove it from add/remove list. Did you already install java 6 update 4
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - (no file)
I don't see the combofix log, and we will work on Java after I see the combofix log, it should be gone, just have to remove it from add/remove list. Did you already install java 6 update 4
Blind Dragon
Posts: 3,774 +4
We removed Java already, so you can take it off of add/remove list by clicking remove, a box should pop that says the program no longer exist, would you like to remove it from add/remove list, click YES. If it doesn't give you that option let me know and we can remove them with Hijackthis
But first
CFScript
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post a fresh HJT log.
Update your Java Runtime Environment
But first
CFScript
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post a fresh HJT log.
Update your Java Runtime Environment
- Click the following link
Java Runtime Environment 6 Update 4 - The 4th option down is the one you want
- After the download locate and double click the installer jre-6u4-windows-i586-p-iftw.exe
- Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions in your case Java 6 Update 3
These two files won't uninstall: Java SE Runtime Environment 6 update 1 and J2SE Runtime Environment 5.0 Update 9. When I try to uninstall I get and error message "Fatal error duing instalation."
Sorry, I accidently deleted the combofixlog. Is there any way to retrieve it? It's not in recycle. Here's the hijackthis. Sorry I screwed it up.
Sorry, I accidently deleted the combofixlog. Is there any way to retrieve it? It's not in recycle. Here's the hijackthis. Sorry I screwed it up.
Blind Dragon
Posts: 3,774 +4
marygg,
Launch Hijackthis
Open the misc Tools section
Open Uninstall manager
Select those versions of Java then click Delete this entry
We deleted the uninstallers with the programs.
check add/remove to verify they are gone.
Disable Teatimer
Run Hijackthis and check these entries
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - (no file)
Select Fix Checked
Now to enable teatimer
Nayeem39,
If you are having problems can you please start your own thread in our security forums found https://www.techspot.com/vb/menu28.html. These instructions are specifically for Marygg
Launch Hijackthis
Open the misc Tools section
Open Uninstall manager
Select those versions of Java then click Delete this entry
We deleted the uninstallers with the programs.
check add/remove to verify they are gone.
Disable Teatimer
- Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
- Open Spybot S&D
- Click on Mode at the top and make sure that Advanced is checked
- Expand the Tools tab in the left pane
- Single click on the Resident Icon also in the left pane
- Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
- Close spybot
Run Hijackthis and check these entries
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - (no file)
Select Fix Checked
Now to enable teatimer
- Expand the Tools tab in the left pane
- Single click on the Resident Icon also in the left pane
- check Resident "TeaTimer" (Protection of over-all system settings) Active
- Close spybot
Nayeem39,
If you are having problems can you please start your own thread in our security forums found https://www.techspot.com/vb/menu28.html. These instructions are specifically for Marygg
Blind Dragon
Posts: 3,774 +4
Anytime, glad your problem is fixed.
Use this thread if you have any more issues with this computer
Use this thread if you have any more issues with this computer
- Status
Similar threads
