Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan-Spy.HTML.Smitfraud [RESOLVED]


  • This topic is locked This topic is locked

#76
joshuageeks6999

joshuageeks6999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
:tazz: LET'S DO IT!!! ....at least, that's my first thought!...I like doing things the HARD way sometimes....

but, i'm not sure if it seems smart...will we be 100%? what about the other accounts? are you going to do this totally by hand!!!???

...and it does seem that i can easily upgrade the protection if I reload the OS...SP2 etc...

...what's your best judgement...? would it not be a cleaner system if i start with a clean drive...that is, can i truly trust that we've got them all...enough to restart the bank account programs, etc???

Please, weigh in on this with your best opinion!! joshua ;)
  • 0

Advertisements


#77
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Next, I need you to disable System Restore (you have, oh, about 1,000 trojans hiding in your System Restore! Disabling System Restore will clear them all OUT!):

*On the Desktop, right-click My Computer.
*Click Properties.
*Click the System Restore tab.
*Check Turn off System Restore.
*Click Apply, and then click OK.
  • 0

#78
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Joshua - you're just going to have to trust me!! :tazz:
  • 0

#79
joshuageeks6999

joshuageeks6999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Oh, here...with you...I'm learning about trust....I just pulled the blindfold a little bit more snug....

....sysrestore off...

.......i do like to keep my hands free though....


PS...I just don't want you to get hurt if i still decide to wipe out the harddrive.....other issues in play....using it at work in the future....etc....so, please, with all that you're doing here...do understand that I may choose that path even if we get this bear clean. OF COURSE, getting it clean allows me to grab a few things that i need and use them with confidence on my other systems...joshua
  • 0

#80
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Did you clear out the quarantined items from Norton and MS Anti-Spyware?
  • 0

#81
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I need you to copy all of these instructions and paste them into a notepad and save it for use while in safe mode.

1) Please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

2) Once in Safe Mode, please run Killbox.

3) Select "Delete on Reboot".

4) Open the notepad file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing CTRL + C:

C:\WINDOWS\BHOASSUI.exe
C:\WINDOWS\corelsys.dll
C:\WINDOWS\stlbd.dll
C:\WINDOWS\System32\corelsys.dll
C:\ntdetect_hta.vir
C:\Program Files\URLToysPerlSA\lib\WWW\URLToys.pm
C:\RECYCLER\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc40.exe
C:\RECYCLER\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc41.exe
C:\RECYCLER\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc45.exe
C:\RECYCLER\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc46.exe
C:\RECYCLER\xxx\Dc53\Dc51\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc49\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc21\Dc14.html
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\d_alexeyman.exe
C:\WINDOWS\Downloaded Program Files\d_alexeyman.exe


5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Let the system reboot.
  • 0

#82
joshuageeks6999

joshuageeks6999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
No...did you ask me to?? You mean last week...what??

I don't think we've discussed Norton or MS Anti today....first of all, Norton isn't working and i was asking you for help uninstalling it when you suggested Panda which i have run today. I did run MS Anti early today before we started discussing this....??
  • 0

#83
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Joshua - yes we did. Let me refer you to post 75 from just a little bit ago:

Joshua - I got it (nearly froze up my MS word haha j/k)

Ok, this isn't going to take as long as I thought!  Most of the infected items are quarantined! YAY!  Go here:

C:\Program Files\Norton AntiVirus\Quarantine

Delete EVERYTHING that is quarantined there (don't delete the Quarantine folder just the items in it).

Or an alternative way is to open Norton, click on "reports", then click on "View Report" under Quarantined Items and delete everything in there.

Then I need you to go into Microsoft Anti-Spyware program and delete everything it has quarantined also.

View Post


  • 0

#84
joshuageeks6999

joshuageeks6999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Oops...sorry :tazz: ...right after a comment to sysdba, i went over there and looked around a bit...then on to a new forum page here....

okay, so i explored the quarantine folder...about a thousand things in it...do i have to delete/ yes / okay to recycle for everyone?? a faster way.....??

Norton not working at last check...will try again while i await your response...will go ahead with MS Anti...

Also, should i delete the Folders inside the quarantine folder eg. Portal etc...joshua
  • 0

#85
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
1.) I can fix Norton Auto-Protect/E-mail scanning - no problem just a little registry edit.

2.) Delete absolutely EVERYTHING in that folder. No, I don't know a quicker way!

3.) Norton is obviously working otherwise it wouldn't have quarantined umpteen thousand viruses.

:tazz:
  • 0

Advertisements


#86
joshuageeks6999

joshuageeks6999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Norton was working for 1 1/2 years, but is not working now...can not get into reports, run scans, etc...

When i enter the Quarantine folder and start deleting, it responds by making copies of the files i'm deleting and labeling them Copy of ..... etc...

i've tried right click, left click, moving to recycle etc...same result...just makes a copy

Can i delete the whole folder and then create a new folder that's empty??

I tried to delete the folder, wouldn't let me...

Edited by joshuageeks6999, 25 April 2005 - 10:57 PM.

  • 0

#87
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Please follow my directions in post 81.

At the end when your computer is restarting, tap the f8 key to boot into safe mode, then try deleting the Norton quarantined items.
  • 0

#88
joshuageeks6999

joshuageeks6999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
whewwww!!!...well, i had a small seizure and my left hand is still sort of spazzing out...'delete enter delete enter delete enter delete enter delete enter delete enter delete enter delete enter....but its done...post 81 and deleted all files in the Quarantine folder (ps..why did i do that?? if you don't mind me asking...remember, i've been right there trying...but since my hand's shaking, i've got to ask...WHY???...you can answer off-forum if you like...you know, if it's personal...if you were just playing with me...now that i've deleted 1405 files one at a time!!!!!!!!!!)...

...and deleted the two files from MS antispy quarantine...and now what...joshua :tazz:
  • 0

#89
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Why did you delete VIRUSES out of the quarantine folder? I figured that was pretty self-explanatory! :tazz: Although they're in quarantine, they are still malware and I don't want them on your computer!!

Also, in Killbox did you have "delete on reboot" clicked or "standard file kill"? You shouldn't have had to keep hitting the X unless it was on standard file kill ;) - one time woulda done it!

Please run MWav again to make sure we didn't miss any files ;) (quite sure we got ALL of them, but I like to know FOR SURE!)
  • 0

#90
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
EMPTY YOUR RECYCLE BIN!!!! before running MWav!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP