Thread: Everything gone crazy ( Trojan.win32.mondera.gen )
View Single Post
Old 06-22-2008, 04:35 AM   #13 (permalink)
TheBruce1
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Everything gone crazy ( Trojan.win32.mondera.gen )
Ok, we`ll do this another way.

Please navigate to:

C:\Qoobox

Zip the folder C:\Qoobox\Quarantine

Submit that folder here, please:

http://www.bleepingcomputer.com/subm....php?channel=4

Once you have done that, carry on with the rest of the instructions.

========

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
C:\WINDOWS\system32\nsa4.tmp
C:\WINDOWS\system32\nse7.tmp
C:\WINDOWS\system32\nsgA.tmpmciole_dll
C:\WINDOWS\system32\nslD.tmpmciole_dll
Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=========
Logs Required
C:\Combofix.txt
Hijackthis Log
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline