Tech Support Forum - View Single Post

Ried · 01-24-2008, 10:14 PM

Hello meich and welcome to TSF,

Nice work so far, but I need you to delete your existing ComboFix.exe and download the newest version from one of the links below:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Disconnect from the internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: The egodktf - {82EA267C-402D-4DB6-A2B8-EBF03D385CC1} - C:\WINDOWS\egodktf.dll (file missing)

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/213856-trojan-found-cannot-get-deleted-post1285202.html#post1285202

Collect::
C:\WINDOWS\aslpmqk.dll 

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"aslpmqk"=-

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note: When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.
A browser will open.
Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
New HijackThis log
Update on system behavior

01-24-2008, 10:14 PM	#5 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,103 OS: WinXP and Vista	Re: Trojan found and cannot get it deleted Hello meich and welcome to TSF, Nice work so far, but I need you to delete your existing ComboFix.exe and download the newest version from one of the links below: Link 1 Link 2 Link 3 Note: It is important that it is saved directly to your desktop -------------------------------------------------------------------- 1. Disconnect from the internet. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries: O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O3 - Toolbar: The egodktf - {82EA267C-402D-4DB6-A2B8-EBF03D385CC1} - C:\WINDOWS\egodktf.dll (file missing) Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Open notepad and copy/paste the text in the code box below into it: Code: http://www.techsupportforum.com/security-center/hijackthis-log-help/213856-trojan-found-cannot-get-deleted-post1285202.html#post1285202 Collect:: C:\WINDOWS\aslpmqk.dll Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "aslpmqk"=- Save this as CFScript.txt Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you. Post that log in your next reply. Note: When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file. --------------------------------------------------------------------- Please include the following in your next reply: C:\ComboFix.txt New HijackThis log Update on system behavior __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."