[katta]

hi,

i am totally new to this site. so please bear with me, if i am not doing the things right.my computer was infected with TROJANDOWNLOADER.XS, two days back. i read on this site and ran comboFix . Attached is the log generated by comboFix. please advise, how i can get rid of this malware.

thanks a lot for your help.

enjoy.

Attached Files

•  log.txt   14.6KB   140 downloads

[Advertisements]

Welcome to GTG.

Right click on this file -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd and choose Edit. Copy and paste the contents of that file here.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\system32\palorila.exe
C:\WINDOWS\system32\dkdcdmba.exe
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\dpevflbg.dll
C:\WINDOWS\olgdqarf.exe
C:\WINDOWS\system32\evoxuhgv.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd
c:\windows\pss\run_startmenu.cmdCommon Startup
Folder::
C:\Documents and Settings\All Users\Application Data\upitghid
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lgjvaxhu"=-
"uytsitof"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"uTAxUNdQ8s"=-

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Edited by greyknight17, 24 April 2008 - 06:59 AM.

[greyknight17]

Welcome to GTG.

Right click on this file -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd and choose Edit. Copy and paste the contents of that file here.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\system32\palorila.exe
C:\WINDOWS\system32\dkdcdmba.exe
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\dpevflbg.dll
C:\WINDOWS\olgdqarf.exe
C:\WINDOWS\system32\evoxuhgv.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd
c:\windows\pss\run_startmenu.cmdCommon Startup
Folder::
C:\Documents and Settings\All Users\Application Data\upitghid
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lgjvaxhu"=-
"uytsitof"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"uTAxUNdQ8s"=-

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Edited by greyknight17, 24 April 2008 - 06:59 AM.

[katta]

hi,

thanks a lot for your help. i followed the path C:\Documents and Settings\All Users\Start Menu\Programs\Startup on my computer. but in the start folder i have only one file named "Exif Launcher 2". i made a search for the file "run_startmenu.cmd" on my computer and i found"run_startmenu.cmdCommon Startup" in the folder c:\windows\pss. if i open that file with notepad it reads as follows:

@echo off
c:\windows\i386\apps\startmenu.cmd



i apologise for this but i could not really understand what you meant by "Copy and paste the contents of that file here" and "paste the text into the quotebox below".

once again, thanks a lot for your help.

thanks and enjoy.

[greyknight17]

Copy/paste....exactly what you did. Those two lines you posted

I edited my last reply. Please follow the instructions for running CFScript.txt (I added two extra lines in it to include the startmenu.cmd files.

[greyknight17]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.