[megalick]

Hi, i apologize if this is the wrong forum but can someone help identify this trojan? Ive tried smitfraudfix(safe mode), fixiedef, ccleaner, combofix and cant get rid of it. I figured if I could identify it, it would be easier to get rid of. here are the pop ups I keep getting along with a window telling me to purchase a specific spyware remover.

Edited by megalick, 13 February 2008 - 04:57 PM.

[Advertisements]

heres another

Edited by megalick, 13 February 2008 - 04:58 PM.

[megalick]

heres another

Edited by megalick, 13 February 2008 - 04:58 PM.

[Rorschach112]

Hello

Please don't attach the reports

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[megalick]

Deckard's System Scanner v20071014.68
Run by Gene on 2008-02-13 04:10:52
Computer is in Normal Mode.

Edited by megalick, 14 February 2008 - 07:42 PM.

[Rorschach112]

Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[megalick]

Ive run hijackthis twice, why do I have to reboot to be able to access the internet afterwards?

Edited by megalick, 14 February 2008 - 07:42 PM.

[Rorschach112]

It is a consequence of removing so much malware

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\pbar.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\764.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\default.htm
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\rxjddnvj.exe

Folder::
C:\Program Files\e-zshopper
C:\Program Files\amsys
C:\Program Files\p2pnetworks
C:\Program Files\Accoona
C:\Program Files\akl
C:\Program Files\3721

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[megalick]

Im not sure if you wanted me to post this. it looks like the previous log.

Edited by megalick, 14 February 2008 - 07:43 PM.

[megalick]

I downloaded and ran malwarebytes which seems to have cleared it up. did the other programs help or is it just finding the compatible software for a certain malware?

[Rorschach112]

ComboFix was the program that removed it. You posted the wrong ComboFix log, it should be ComboFix(1).txt

If you can't find it then do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Rorschach112]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.