Trojan SpyBurner SPM/L4 Need help on removal! - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Trojan SpyBurner SPM/L4 Need help on removal! Trojan SpyBurner SPM/L4

#1 ejan443

  • Group: Member
  • Posts: 1
  • Joined: 07-March 08

  Posted 07 March 2008 - 02:51 PM

I have Windows Defender, Windows Live One Care, and since this trojan decided to infect my computer, I bought TrojanPro and have Spybot. None of it is working to get rid of this trojan! Please help. I even downloaded SmitFix and this is what I have:

SmitFraudFix v2.300

Scan done at 14:29:55.83, Fri 03/07/2008
Run from C:\Users\Janel\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{41C14802-0146-48BD-A2F5-F6B8B5984DAE}: DhcpNameServer=66.255.85.8 66.255.85.9 199.72.1.1 207.59.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6A89AC60-AF0A-42F2-B91B-37B9B126CDA8}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E9AD759-FAEF-48D5-9E87-A6D381CF5216}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9EA9D0F8-1B67-4439-AE36-9AA3BAC02DD1}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E4D687C4-370D-4FB1-B6E5-29B97850FBE7}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{41C14802-0146-48BD-A2F5-F6B8B5984DAE}: DhcpNameServer=66.255.85.8 66.255.85.9 199.72.1.1 207.59.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9EA9D0F8-1B67-4439-AE36-9AA3BAC02DD1}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E4D687C4-370D-4FB1-B6E5-29B97850FBE7}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS2\Services\Tcpip\..\{41C14802-0146-48BD-A2F5-F6B8B5984DAE}: DhcpNameServer=66.255.85.8 66.255.85.9 199.72.1.1 207.59.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6A89AC60-AF0A-42F2-B91B-37B9B126CDA8}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E9AD759-FAEF-48D5-9E87-A6D381CF5216}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9EA9D0F8-1B67-4439-AE36-9AA3BAC02DD1}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E4D687C4-370D-4FB1-B6E5-29B97850FBE7}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{41C14802-0146-48BD-A2F5-F6B8B5984DAE}: DhcpNameServer=66.255.85.8 66.255.85.9 199.72.1.1 207.59.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6A89AC60-AF0A-42F2-B91B-37B9B126CDA8}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9E9AD759-FAEF-48D5-9E87-A6D381CF5216}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9EA9D0F8-1B67-4439-AE36-9AA3BAC02DD1}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E4D687C4-370D-4FB1-B6E5-29B97850FBE7}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

How can I get rid of this annoying little bug??? A popup keeps telling me my computer is affected and my desktop background now has a message warning instead of my pic that I had on there.

#2 hfcg

  • Group: Member
  • Posts: 2,496
  • Joined: 15-November 07

Posted 07 March 2008 - 03:05 PM

Hello, and welcome to Geeks To Go.
I suggest you go to the Malware Forum and run all the steps located in the START HERE. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post a HiJackThis Log in THAT forum. If you are unable to run and/or post a HJT log, then post that in your initial post in the topic you create in that forum.
If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).

Share this topic:


Page 1 of 1