Home > Help With > Help With Malware A Trojan.W32.looksky

Help With Malware A Trojan.W32.looksky

Avenger Log ShowNew Log GetRunKey Log HijackThis Log abri abri, Sep 10, 2007 #6 Papito Private E-2 Hi abri! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - With any security software, the best way to install it is to never allow yourself to be unprotected. The other is System detected viruses activites. http://tenten10.com/help-with/help-with-malware-spybot-defragment.php

Let's continue the cleanup... SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}"="NetWrap for Windows" Killing process hosts localhost Generic Renos Fix GenericRenosFix by S!Ri Deleting infected files C:\WINDOWS\country.exe Deleted C:\WINDOWS\main_uninstaller.exe Please copy and paste the Scan Log results in your next reply. On the right, under "Complete Scan", choose Perform Complete Scan. directory

Thank you, Papito. I updated to windows SP2 and got all the updates, downloaded all the software you recommended, using now Mozilla instead of Win Explorer... I also got two more alerts one a security warning Trojan.W32.Looksky detected on your machine. Jump to content FacebookTwitter Geeks to Go Forum Security Virus, Spyware, Malware Removal Welcome to Geeks to Go - Register now for FREE Geeks To Go is a helpful hub, where

When it has completed post the log found here C:\rapport.txt. Leuretha, Aug 27, 2007 #11 sjpritch25 Malware Specialist Joined: Sep 8, 2005 Messages: 9,113 Here some screenshots on saving it to your Desktop. Click on the magnifying glass icon. Do you know of a good ad blocker Abnormal ping with Cable internet?

Select 2 and hit Enter to delete the infected files You will be prompted: Do you want to clean the registry? I do want to thank you again for your help. Welcome to Major Geeks! Answer Y (yes) and hit Enter to restore a clean file. ~~~~ Restart the computer to complete the removal process. ~~~~ Next, download ComboFix (by sUBs) Save it to the Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.exe http://siri.geekstogo.com/SmitfraudFix.exe Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes. At the top, click: Format If there is a check next to Word wrap, click on Word wrap to turn it off. abri abri, Sep 13, 2007 #14 abri MajorGeek Papito, With regard to your second question, thanks for the offer. The worm has its own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself.

Your computer might be working perfectly! A log file from Avenger will be produced at C:\avenger.txt 5) Please download ATF Cleaner by Atribune. Please open Notepad (Start > Run > in the Open field type: notepad) Click: OK Copy/ paste the blue text below to Notepad: File:: C:\WINDOWS\System32\icgwaa.exe Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uxzeaenjcrnl] Save as CFScript.txt For IE 7 users, simply click the "Reset all zones to default level" button.

Several functions may not work. Get More Info answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com Under Main choose: Select All Click the Empty Selected button.

If a security alert appears, allow the program to run. Trojan.W32.Looksky Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Papito, Sep 9, 2007. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. http://tenten10.com/help-with/help-with-trojan-small-f.php Now click the 'Done' button.

Double-click combofix.exe and follow the prompts. Open the extracted SDFix folder and double click RunThis.bat to start the script. Latest logs attached.

What DSS will do: create a new System Restore point in Windows XP and Vista.

This virus is distributed via the Internet through e-mail and Active-X objects. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Scan for tracking cookies. So while in safe mode I go into "My Computer" and have to open the file from there.

Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [utsgmon] TForm1.exe O4 - HKCU\..\Run: [srbho] driver32.exe O4 - HKCU\..\Run: I keep getting 2 different system warnings advising an internet hijack has been detected and trojan.w32.looksky has been detected and then IE opens up to a spyware removal site and places I keep getting pop-ups trying to get me to download Udefender saying I have the Trojan.W32.looksky virus. this page If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button.

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! An icon will be created on your desktop. REGEDIT4 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88418AA3-16F5-4FC2-A9D8-90B1266DF841}] Click to expand... 3) Please try running Avenger again. SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll End Back to top #4 huxyboy huxyboy New Member Members 7 posts Posted 12 August 2007 - 01:23 PM Here is the ComboFix.txt: ComboFix

This process should be removed from your system. Click Close to exit the program. Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-02-21 12:50] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-03 00:03] "utsgmon"="TForm1.exe" [] "srbho"="driver32.exe" [] "gabber"="FLKPT.exe" [] "PCPal"="C:\Program Files\PCPal\PalAgnt.exe" [2007-04-19 11:28] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Profiler"=C:\Program Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 -

Attached Files: avenger.txt File size: 398 bytes Views: 3 runkeys-11sep07.txt File size: 21.6 KB Views: 2 newfiles-11sep07.txt File size: 53.7 KB Views: 2 Papito, Sep 11, 2007 #7 Papito Private E-2 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console