Tech Support Forum - View Single Post

Ried · 07-31-2006, 08:01 AM

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

**********************************************************************************************************

Download CleanUp! (Alternate Link if main link doesn't work) and install it. Do not run it yet. Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it! If you don't already know, you're probably not using XP64, but you can download & run this tool to find out for sure.....http://www.kellys-korner-xp.com/regs...p_whichcpu.exe[/size][/b]

Please download Look2Me-Destroyer.exe to your desktop.

Close all windows before continuing.
Double-click to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When it re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX and place it in your C:\Windows\System32 Directory.

-----------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login on your usual account. Make sure to close any open browsers.

-----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any)

O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\gp46l3hs1.dll
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\o4lule391h.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\c6002gdmg60a2.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\mv20l9fm1.dll (file missing)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\l8n4li5q18.dll (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\irp6l57s1.dll (file missing)

Click 'Fix Checked' and close HijackThis.

-----------------------------------

Delete the following Files and Folders

c:\windows\teller2.chk
C:\WINDOWS\system32\i
C:\WINDOWS\system32\TFTP1968
C:\WINDOWS\system32\TFTP3520
C:\WINDOWS\system32\TFTP3924
E:\Stevz Comp\Warez P2P Client\WarezP2P.exe[NNWARZ3_88.exe]

-----------------------------------
*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
Click on see report. Then click Save report

-----------------------------------

Download fl.zip
Extract the contents of the fl.zip to a new folder on Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply.

Create an Uninstall List:
Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here.

Please include the following in your next reply:

Look2Me-Destroyer.txt
Panda results
find lop.txt
uninstall_list.txt
New HijackThis log

Please tell me what happened when you ran combofix.exe. Did it reboot your PC? Did you receive any error messages? Provide as much detail as possible from the time you double-clicked combofix.exe--until the tool completed.

07-31-2006, 08:01 AM	#11 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,531 OS: WinXP and Vista	Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ******************************************************************************************************** Download CleanUp! (Alternate Link if main link doesn't work) and install it. Do not run it yet. Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it! If you don't already know, you're probably not using XP64, but you can download & run this tool to find out for sure.....http://www.kellys-korner-xp.com/regs...p_whichcpu.exe[/size][/b] Please download Look2Me-Destroyer.exe to your desktop. Close all windows before continuing. Double-click to run it. Put a check next to Run this program as a task. You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK When it re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. Once it's done scanning, click the Remove L2M button. You will receive a Done Scanning message, click OK. When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK. Your computer will then shutdown. Turn your computer back on. Please post the contents of C:\Look2Me-Destroyer.txt If you receive a message from your firewall about this program accessing the internet please allow it. If you receive a runtime error '339' please download MSWINSCK.OCX and place it in your C:\Windows\System32 Directory. ----------------------------------- Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login on your usual account. Make sure to close any open browsers. ----------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\gp46l3hs1.dll O20 - Winlogon Notify: Run - C:\WINDOWS\system32\o4lule391h.dll (file missing) O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\c6002gdmg60a2.dll (file missing) O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\mv20l9fm1.dll (file missing) O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\l8n4li5q18.dll (file missing) O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\irp6l57s1.dll (file missing) Click 'Fix Checked' and close HijackThis. ----------------------------------- Delete the following Files and Folders** c:\windows\teller2.chk C:\WINDOWS\system32\i C:\WINDOWS\system32\TFTP1968 C:\WINDOWS\system32\TFTP3520 C:\WINDOWS\system32\TFTP3924 E:\Stevz Comp\Warez P2P Client\WarezP2P.exe[NNWARZ3_88.exe] ----------------------------------- WARNING Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click on the "Temporary Files"* and uncheck the box for "Scan drives for file matching" if it's checked. Click OK Press the CleanUp! button to start the program. Reboot/logoff when prompted. ----------------------------------- Reboot into Normal Mode. ----------------------------------- Perform an online scan using Internet Explorer with Panda ActiveScan click on "Free use ActiveScan" located on the top right hand corner Click Check Now** & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Enter your e-mail address, country, and state & click Scan Now* ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and wants you to buy the program for removal as we will address this later. Click on see report. Then click Save report ----------------------------------- Download fl.zip Extract the contents of the fl.zip to a new folder on Desktop. Within the folder, locate & double-click fl.bat. It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply. Create an Uninstall List: Open HijackThis Click on the "Configure" button on the bottom right Click on the tab "Misc Tools" Click on the Box that says "Open Uninstall Manager" Click on the button "Save list" The list will automatically be saved in your HijackThis folder. Please copy and paste the uninstall_list.txt here. Please include the following in your next reply: Look2Me-Destroyer.txt Panda results find lop.txt uninstall_list.txt New HijackThis log Please tell me what happened when you ran combofix.exe. Did it reboot your PC? Did you receive any error messages? Provide as much detail as possible from the time you double-clicked combofix.exe--until the tool completed. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."