Tech Support Forum - View Single Post

Ried · 07-28-2006, 12:13 AM

Hello aloholoh,

We have a bit more to do here.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

*********************************************

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop. Do not run it yet.

Download the attached aloholoh.zip file to your desktop. Double click on the aloholoh.zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry.

Download combofix from one of these locations:

Extract combofix & place it on the desktop.

Click Start>Run and copy/paste the following into the Run box:

"%userprofile%\desktop\combofix.exe" /v mljjh

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------------------

Reboot into Safe Mode.

-----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entry:

O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)

Click 'Fix Checked' and close HijackThis.

-----------------------------------

Click Start>Run and copy/paste regsvr32 /u occache.dll and click OK.

Delete the following files:

c:\windows\system32\ot.ico
c:\windows\system32\MYDLL.dll
c:\windows\downloaded program files\installer.exe
C:\Archivos de programa\Mozilla Thunderbird\plugins\npclntax.dll
C:\Archivos de programa\Mozilla Firefox\plugins\npclntax.dll

Now, click Start>Run and copy/paste regsvr32 occache.dll and click OK.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Run another online scan at Panda and post the results here.

-----------------------------------

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

-----------------------------------

Finally, double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please include the following in your next reply:

C:\Combofix.previous.run.txt
Panda results
Smitfraud log
C:\Combofix.txt
HJT

07-28-2006, 12:13 AM	#9 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,591 OS: WinXP and Vista	Hello aloholoh, We have a bit more to do here. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ******************************************* Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Do not run it yet. Download the attached aloholoh.zip file to your desktop. Double click on the aloholoh.zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry. Download combofix from one of these locations: http://www.techsupportforum.com/sectools/combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe Extract combofix & place it on the desktop. Click Start>Run and copy/paste the following into the Run box: "%userprofile%\desktop\combofix.exe" /v mljjh Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ----------------------------------- Reboot into Safe Mode. ----------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entry: O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing) Click 'Fix Checked' and close HijackThis. ----------------------------------- Click Start>Run and copy/paste regsvr32 /u occache.dll and click OK. Delete the following files: c:\windows\system32\ot.ico c:\windows\system32\MYDLL.dll c:\windows\downloaded program files\installer.exe C:\Archivos de programa\Mozilla Thunderbird\plugins\npclntax.dll C:\Archivos de programa\Mozilla Firefox\plugins\npclntax.dll Now, click Start>Run and copy/paste regsvr32 occache.dll and click OK. ----------------------------------- Reboot into Normal Mode. ----------------------------------- Run another online scan at Panda and post the results here. ----------------------------------- Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter" and a text file will appear which lists infected files (if present). Please copy/paste the content of that report into your next reply. IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so! ----------------------------------- Finally, double click on combofix.exe** & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Please include the following in your next reply: C:\Combofix.previous.run.txt Panda results Smitfraud log C:\Combofix.txt HJT __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."