RSS Forums RSS
Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community

help I need to remove this Trojan.Cachecachekit

Join Date: Jul 2005
Location: FL.
Posts: 1,536
Reputation: tayspen is on a distinguished road 
Rep Power: 7
Solved Threads: 98
Colleague
tayspen's Avatar
tayspen tayspen is offline Offline
<Insert title here>

Re: help I need to remove this Trojan.Cachecachekit

  #4  
Apr 23rd, 2006
Download smitRem.exe (http://noahdfear.geekstogo.com/click...lick.php?id=1), saving the file to your desktop. Double click it to extract the contents to a folder of it's own. Restart your computer in safe mode, logon to the user account that is infected, open the smitRem folder and double click the RunThis.bat file to start the tool. Follow the prompts on screen and allow disk cleanup to complete. Upon reboot, you can reset your desktop background. Note: XP users using the XP theme may ex-perience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.

Then run HJT and select Do system scan only, check these items.


O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hp5CC2.tmp

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)

O4 - HKLM\..\Run: [AOLSPYWAREREMOVER] AOLSPYWARECLEANER.EXE

O4 - HKLM\..\Run: [Configuration] msg.exe

O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Cammaestro 4.2GU build 1105

O4 - HKLM\..\RunServices: [Configuration] msg.exe

O4 - HKLM\..\RunServices: [System Support] aimIM.exe

O4 - HKLM\..\RunServices: [Application Helper] rundll_32.exe

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [Configuration] msg.exe

O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Razor\Local Settings\Temp\{7D5F5139-41DB-4D3A-8DE0-063CFFE7D65D}\{6164D2E7-986B-42F5-B3A6-64 D5E53FB889}\NOVG.EXE

O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Razor\Local Settings\Temp\{87BF37B0-764E-486F-ADCD-6475A254BC07}\{0325F1C1-883A-41AB-8981-B2 7359ABDFAF}\NOVG.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UmF6b3I\command.exe (file missing)

O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\dayplannermsn.exe


Click Fix Checked

----------------------------------------------------------------------
Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily

Now Start killbox Copy the list of files below to the clipboard by selecting all of them with your mouse (Left click the start of the list and drag the mouse to the bottom of the list) and when they are all selected ( highlighted in blue) right click on any part of the blue area and say copy

In the Killbox, Go to the toolbar press file and select Paste from clipboard. The first file name will appear in the window and if the file exists it will appear in blue under that window then select standard file kill, press the red X button, say yes to the prompt and once the file deleted message comes up then press the red X again and continue to press untill the last file on the list appears in the window & it says deleted.

File List:

C:\WINDOWS\system32\hp5CC2.tmp

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Common Files\VCClient\VCClient.exe

C:\WINDOWS\msg.exe

C:\WINDOWS\ aimIM.exe

C:\WINDOWS\rundll_32.exe

C:\WINDOWS\AOLSPYWARECLEANER.EXE

---------------------------------------------------------------------

Then go to Start>Control Panel>Add/Remove programs UNinstall (if found): SurfSideKick 3

---------------------------------------------------------------------

Download the Free trial version of Spysweeper

http://www.webroot.com/consumer/pro...&rc=4129&ac=tsg

Update the defintions and run it, let it remove whatever it finds. (save log)

Then download ewido

www.ewido.net - Install. Update. Scan. Remove anything it finds. (save log)

That should take out most of them, but please post a new HJT log, the ewido log, and the Spysweeper log, when done with the following steps.
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes

Member - Alliance of Security Analysis Professionals - Since 2006
Reply With Quote  
Forums | Blogs | Tutorials | Code Snippets | Whitepapers | RSS Feeds | Advertising
All times are GMT -4. The time now is 4:12 am.
Newsletter Archive - Sitemap - Privacy Statement - Acceptable Use Policy - Contact Us
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC