Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bagle.IX and Download Bagle Trojan [RESOLVED]


  • This topic is locked This topic is locked

#106
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Good Afternoon :)
I will post the results around 8:00 to 8:30 pm EDT tonight.

Are you aware that IE was reinstalled on my computer and it is still active i.e. installed? Should I uninstall it or do we need this program to be there for the scan?

Linda
  • 0

Advertisements


#107
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts

Good Afternoon :)
I will post the results around 8:00 to 8:30 pm EDT tonight.

Are you aware that IE was reinstalled on my computer and it is still active i.e. installed? Should I uninstall it or do we need this program to be there for the scan?

Linda

No problems. :) :)
  • 0

#108
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
..the link at bleeping is incorrect, does not have the winpfind3u file on it.
The link was probably changed!!
I don't have it on my system anymore.
  • 0

#109
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts

..the link at bleeping is incorrect, does not have the winpfind3u file on it.
The link was probably changed!!
I don't have it on my system anymore.

Mmmm... It works for me. They were doing some type of maintenance this afternoon at BC. Here you go again.

http://download.blee...er/OTScanIt.exe

Follow the instructions on the previous post and perform the Online Scan.
  • 0

#110
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
...that file OTSCANIT.EXE works...but it does not contain the winpfind3u file
The OTSCNIT.EXE file creates a folder with catchme.bat and otscanitIt. Where is the winpfind3u coming from?
  • 0

#111
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts

...that file OTSCANIT.EXE works...but it does not contain the winpfind3u file
The OTSCNIT.EXE file creates a folder with catchme.bat and otscanitIt. Where is the winpfind3u coming from?

Sorry. I had an old speech. Is now edited.

Thanks!
  • 0

#112
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Much quicker than anticipated

Attached Files


  • 0

#113
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Nothing out of the ordinary in that log. Lets see what the Trend's Online Scanner has to say:

http://housecall.trendmicro.com/

Download the enclosed folder. It contains a batch file. Run the batch file and post its report.
  • 0

#114
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi,
I have been running Housecall for the past 20 minutes and it is still on Testing platform and browser (and has been since the beginning). The message says that cookies and Active X controls or Java applets must be loaded. I know the use of cookies is a "go", but not sure about the other two.

Here is report.txt from the findfiles batch process

Volume in drive C has no label.
Volume Serial Number is 4864-BB69

Directory of C:\WINDOWS\Downloaded Program Files

04/12/2008 12:32 PM <DIR> .
04/12/2008 12:32 PM <DIR> ..
12/11/2007 10:30 AM 288 CpnMgr.inf
03/05/2006 10:10 PM 65 desktop.ini
05/22/2006 04:37 PM 1,793 erma.inf
05/16/2007 09:22 AM 399 gp.inf
06/06/2007 06:32 PM 377 ImageUploader4.inf
09/25/2007 02:33 AM 1,055 jinstall-6u3.inf
04/16/2007 10:50 PM 295 muweb.inf
06/03/2002 05:53 PM 144 QTPlugin.inf
06/03/2005 01:24 PM 395 SnapfishActivia1000.inf
06/11/2007 01:21 PM 5,021 swflash.inf
08/11/2004 02:22 AM 3,036 wmv9dmo.inf
04/16/2007 10:50 PM 293 wuweb.inf
12 File(s) 13,161 bytes
2 Dir(s) 1,132,109,824 bytes free
Volume in drive C has no label.
Volume Serial Number is 4864-BB69

Directory of C:\Windows\system32\dllcache

08/03/2004 08:07 PM 93,184 iexplore.exe
1 File(s) 93,184 bytes

Total Files Listed:
1 File(s) 93,184 bytes
0 Dir(s) 1,132,109,824 bytes free
  • 0

#115
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Let the ActiveX and Java Applets to load.

Very strange there is no Iexplore.exe in C:\Program files\Internet Explorer. Does the Internet Explorer folder exists?
  • 0

Advertisements


#116
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Yes, the folder exists under program files.
The testing platform and browser page states that it should only run for a few seconds. I don't know why it is taking so long to get past this point ... it has been several minutes.
  • 0

#117
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
I would like to get a sample of files imported by Iexplorer.exe when ran.

First download the attached catchme.txt to your desktop.

Next,

Download catchme.exe from thespykiller forum here and save it to your desktop.

Alternate download: http://www2.gmer.net/catchme.exe

Double click the catchme.exe to run it and click on Add. A window will open with a list of files, select the catchme.txt on your desktop and press open. The files listed in it will appear in the catchme window. Now click on Zip to make a copy of these files which will be backed up to catchme.zip on your desktop.

Next, please go to TheSpykiller forum and upload this file so we can examine it. In order to do so, click on New Topic, fill in the needed details and give a link to your post here. ClIck on Browse and navigate to the Catchme.zip on your desktop select the .zip folder and once on the window, click on Post.

Let me know when done.

Afterwards, set Explorer to view Hidden Files and Folders:
  • Right-click your Start button and go to "Explore".
  • Select Tools from the menu
  • Select Folder Options
  • Select the View tab
  • Click on Show all Files and Folders
  • Select Apply to All Folders | Yes | Apply | OK.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), navigate to the C:\Windows\system32\dllcache folder. Locate the Iexplore.exe file, right click on it and select Copy.

Navigate to the C:\Program files\Internet Explorer folder. Right click on an empty space and select Paste. Overwrite the existing file is any. (Let me know if there is and error)

Set Explorer to Defaults:
  • Right-click your Start button and go to "Explore".
  • Select Tools from the menu
  • Select Folder Options
  • Select the View tab
  • Click on Restore Defaults
  • Select Apply to All Folders | Yes | Apply | OK.

  • 0

#118
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
It's there ...
Sorry, had some problems with the upload
Here is the link ...
http://www.thespykil...=post;board=1.0
  • 0

#119
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Files received. I like to see also where the registry is running Iexplore.exe from.

Download the enclosed folder. Extract its contents and double click on the batch file. Attach the report it will produce.

I will need some time to revise all this.
  • 0

#120
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I have something interesting to tell you in a follow-up reply.
Want to get this file to you ASAP though ...
It is about the last step in your previous reply. The report.txt is attached.

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP