Tech Support Forum - View Single Post - problem with trojan-keylogger.win32.fung

tetonbob · 10-31-2008, 02:04 PM

Good, now we're making progress. Let's see about removing the malware now.

It's very important that you do exactly as I ask, and only provide the information I request. If you have questions, please ask them before acting. I'll be glad to clarify if it's needed.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

ComboFix is updated frequently. This latest version will address the infection you have. If ComboFix.exe is present still, delete your existing version.

Next....

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop

---------------------------------------------------------------------------------------------
Using Internet Explorer, Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As. Save it to your desktop, or somewhere you can find it easily.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

AVIRA ANTIVIR
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: )
- right click it-> untick the option AntiVir Guard enable.
- You should now see a closed, white umbrella on a red background (looks to this: )
You succesfully disabled the AntiVir Guard.

S& D Spybot's Tea Timer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
- Open Spybot Search & Destroy.
- In the Mode menu click "Advanced mode" if not already selected.
- Choose "Yes" at the Warning prompt.
- Expand the "Tools" menu.
- Click "Resident".
- Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
- In the File menu click "Exit" to exit Spybot Search & Destroy.
- See this link for a tutorial
---------------------------------------------------------------------------------------------
Double click on combofix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

10-31-2008, 02:04 PM	#9 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,228 OS: 2000 Pro; XP Pro; XP Home	Re: problem with trojan-keylogger.win32.fung Good, now we're making progress. Let's see about removing the malware now. It's very important that you do exactly as I ask, and only provide the information I request. If you have questions, please ask them before acting. I'll be glad to clarify if it's needed. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- ComboFix is updated frequently. This latest version will address the infection you have. If ComboFix.exe is present still, delete your existing version. Next.... Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Place combofix.exe on your Desktop --------------------------------------------------------------------------------------------- Using Internet Explorer, Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As. Save it to your desktop, or somewhere you can find it easily. Double click ResetTeaTimer.bat to remove all entries set by TeaTimer. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. AVIRA ANTIVIR Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: ) right click it-> untick the option AntiVir Guard enable. You should now see a closed, white umbrella on a red background (looks to this: ) You succesfully disabled the AntiVir Guard. S& D Spybot's Tea Timer While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. See this link for a tutorial --------------------------------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009