Good job. Next step....
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
Is your Norton 2004 subscription current?
---------------------------------------------------------------------------------------------
Open
notepad and copy/paste the text in the quotebox below into it:
Quote:
http://www.techsupportforum.com/security-center/hijackthis-log-help/185888-popups-trj-downloader-ozb-generic-malware-trj-downloader-pcq.html
Killall::
File::
c:\windows\downloaded program files\f3initialsetup1.0.0.15-3.inf
Folder::
C:\WINDOWS\system32\vMW02a
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\WINDOWS\system32\vMW10a
C:\WINDOWS\system32\czr3
C:\WINDOWS\system32\comsz1
C:\WINDOWS\system32\bbs2
C:\temp\xOe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F46967D-45DE-4150-AE52-EA8558EE43DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C908D09-65E8-394B-BD2F-3D766B3A04C1}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcayyy]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqq]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2acf3add-34a1-4f2f-99cf-cc69785d1e90}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2acf3add-34a1-4f2f-99cf-cc69785d1e90}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"exemplars"=-
Collect::
C:\WINDOWS\system32\hggefge.dll
C:\WINDOWS\system32\efcayyy.dll
C:\WINDOWS\tsitra572.exe
C:\WINDOWS\system32\cwygikxf.exe
DirLook::
C:\Program Files\Temporary
|
Save this as
CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.
Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.
---------------------------------------------------------------------------------------------
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
---------------------------------------------------------------------------------------------
Please download
SmitfraudFix (by
S!Ri) to your Desktop.
Double-click
smitfraudfix.exe to start the tool.
Select option
#1 -
Search by typing
1 and press
"Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!
---------------------------------------------------------------------------------------------
Please return with logs from:
ComboFix
HijackThis
SmitfraudFix
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006