Thread: HijackThis Thread
View Single Post
Old 10-25-2007, 09:13 PM   #8 (permalink)
forhockey
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,931
OS: Windows 7 Ultimate


Re: HijackThis Thread
Hi Reggie

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

--------------------------------------------------------------

Please submit this file to: http://www.bleepingcomputer.com/subm....php?channel=4

C:\WINDOWS\VXNlcg\prh5w0.vbs

Please include a link to this topic in the message.

--------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
KILLALL::

File::
C:\WINDOWS\SYSTEM32\bvdnsbm.dll
C:\WINDOWS\tsitra72.exe
C:\WINDOWS\system32\dn224c1e06.dat
C:\bmgenkji3.exe
C:\bmgenkji2.exe
C:\bmgenkji1.exe
C:\WINDOWS\ytfse.exe
C:\Program Files\desktop.ini
C:\Program Files\folder.htt

Folder::
C:\FOUND.014
C:\WINDOWS\VXNlcg
C:\PROGRA~1\COMMON~1\omuu

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Irdr"=-
"Fvfmsyvt"=-
"Duogpd"=-
"omuu"=-
"Bxvhv"=-
Save this as CFScript




Refering to the picture above, drag CFScript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------

Open My Computer. Select the View menu and click Folder Options. Select the View Tab then select Show all files in the Hidden files section. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.

--------------------------------------------------------------

Delete the following Folder indicated in BLUE

C:\Program Files\Common Files\?ppPatch [color=orange]<-- The question mark can be any character before "ppPatch"

--------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------

Please reply back with the following:

C:\ComboFix.txt
Panda Online Scan Results
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline