Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora Trojan Attack [RESOLVED]


  • This topic is locked This topic is locked

#61
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, I know I said before that you wouldn't have to zip up anymore files for me :tazz: , but I need both of the files please, so we can figure out which one is the bad guy :)

Please zip both of them up together no password needed and send them to me.

Then let's use killbox on the other file:

* Run Killbox.exe.

* Select "Standard File Kill".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINNT\system32\scanregw.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" if you receive a prompt.

Run findfiles.bat and post the log to make sure it's gone :)

Edited by Michelle, 23 August 2005 - 12:22 PM.

  • 0

Advertisements


#62
nancylpina

nancylpina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here is the log file!

»»»»» Search by size and name...
»»»»» Files found by this method are not necessarily bad...
»»»»» Example PNGFILT.DLL is a windows file...

C:\WINNT\SYSTEM32\PNGFILT.DLL

»»»»»2K XP 9X and ME Misc check's...


»»»»» 9X and ME check's...
  • 0

#63
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hi Nancy :tazz:

The log that I needed was findfiles.bat (the first one you made in post #55 that is on your desktop) not FindQ. Please run the findfiles.bat that you made and post the log. Thanks :)

Then please do this for me:

Download SFP and unzip it to your desktop.
  • Double click sfp.exe that's on your desktop
  • In step one, please copy and paste in the following file path:
    • C:\WINNT\system32\D*Dplay.exe
  • Click "Continue"
  • SFP will create a zip file called requested-files (and the date) on your desktop
  • Please email that file to submit@atribune.org

Edited by Michelle, 23 August 2005 - 09:56 PM.

  • 0

#64
nancylpina

nancylpina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi Michelle! :tazz:

Here is the correct log!

Volume in drive C has no label.
Volume Serial Number is 8C06-FB55

Directory of C:\WINNT\system32

08/08/2005 08:26a 401,408 ??anregw.exe
1 File(s) 401,408 bytes

Directory of C:\Documents and Settings\Nancy\Desktop

Thank you :)
  • 0

#65
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
hmm you did use killbox on C:\WINNT\system32\scanregw.exe correct?

Let's see if sfp will find the file:

Download SFP and unzip it to your desktop.
  • Double click sfp.exe that's on your desktop
  • In step one, please copy and paste in the following file path:
    • C:\WINNT\system32\**anregw.exe
  • Click "Continue"
  • SFP will create a zip file called requested-files (and the date) on your desktop
  • Please email that file to submit@atribune.org

Edited by Michelle, 24 August 2005 - 10:22 AM.

  • 0

#66
nancylpina

nancylpina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I hope I did it right!

I emailed it to submit@atribune.org just now. I also emailed C:\WINNT\system32\D*Dplay.exe earlier.
  • 0

#67
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Let's see if we can get rid of it this way:

Go to Start > Run and type cmd Click OK

Paste the following line into the window:

del /q C:\WINNT\system32\??anregw.exe

Hit enter. Type exit hit enter.

Then run the findfiles.bat that you made again so we can see if it's gone.
  • 0

#68
nancylpina

nancylpina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here is the log but I think it's still there:

Volume in drive C has no label.
Volume Serial Number is 8C06-FB55

Directory of C:\WINNT\system32

08/08/2005 08:26a 401,408 ??anregw.exe
1 File(s) 401,408 bytes

Directory of C:\Documents and Settings\Nancy\Desktop
  • 0

#69
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Did you receive any kind of error when you pasted that line into the black window? "File not found" or anything?
  • 0

#70
nancylpina

nancylpina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
No error message at all .. it ran smoothly then the notepad popped up...
  • 0

Advertisements


#71
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I meant whenever you went to start > run then typed cmd and pasted the file path and hit enter...did it say file not found there?
  • 0

#72
nancylpina

nancylpina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I ran it again and it does say, "Could not find C:\WINNT\system32\??anregw.exe"
  • 0

#73
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Try it with this file path instead, we'll see if that works...

del /q C:\WINNT\system32\scanregw.exe
  • 0

#74
nancylpina

nancylpina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
The same message came up!
  • 0

#75
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
hmm odd. I need to consult with another expert and will be back as soon as possible. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP