Reply
« First 2 3

Join Date: Jul 2004
Posts: 95
Reputation: geoss is an unknown quantity at this point 
Solved Threads: 1
geoss geoss is offline Offline
Junior Poster in Training

Re: 2 trojans reappear

 
0
  #21
Dec 7th, 2008
Hi,
Did as was instructed, but after double clicking the batch file it gave me a black screen with...paraphrasing:
Could not find c:\windows\system32\stu2.exe
'pauseDel' is not recognized as internal or external command, operable program or batch file.....................

when I checked system 32, I did not see a "Stu" file, but there was a userinit file.....I think that is good?
Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:06 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://excite.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

--
End of file - 1326 bytes
Thanks,,,,,,george
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,204
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 188
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: 2 trojans reappear

 
0
  #22
Dec 7th, 2008
Hi, George... I don't know how pauseDEL got into that last batch command... .. it should have had just pause as the second command. But no matter. And i did not see where stu2.exe got deleted in our procedure...
Any further occurrences of the two trojans?
Last edited by gerbil; Dec 7th, 2008 at 8:45 pm.
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 95
Reputation: geoss is an unknown quantity at this point 
Solved Threads: 1
geoss geoss is offline Offline
Junior Poster in Training

Re: 2 trojans reappear

 
0
  #23
Dec 8th, 2008
Hi,
I ran Malwarebytes full scan this morning and No trojan.agent appeared.
Should i run it in safe mode with files "not hidden"? or anything else...
Thanks
George
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,204
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 188
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: 2 trojans reappear

 
0
  #24
Dec 8th, 2008
I would be satisfied, george, with where you are at now. The hidden files thing is just a presentation option for explorer... it does not actually set attributes on a file that are not already there. Other pgms can see them. Do a quick scan in safe mode if you wish, but any keys present would be found in normal mode; you would be hoping to spot a rootkit only that had not started up.
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 95
Reputation: geoss is an unknown quantity at this point 
Solved Threads: 1
geoss geoss is offline Offline
Junior Poster in Training

Re: 2 trojans reappear

 
0
  #25
Dec 10th, 2008
Hi,
Did another scan last night and nothing appeared..thank you, again, very, very much. I really appreciate your time and effort!. Have a great day.
George
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,204
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 188
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: 2 trojans reappear

 
0
  #26
Dec 10th, 2008
You are welcome, George.
Please go Start, Run, and type or paste in:
combofix /u
-this will remove combofix and its quarantine folder with malware contents.
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Reply
« First 2 3

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email exam exploit facebook fancheckvirus gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC