Tech Support Forum - View Single Post - Hijacked browser. Pop-ups. Trojans galore

sUBs · 09-22-2006, 07:01 AM

Excellent, your pop ups should have abated

Before fixing anything, Please download the Suspicious File Packer → http://www.safer-networking.org/files/sfp.zip

Unzip it to the desktop and run it.
Paste the following list of bad files into the Suspicious File Packer window:

C:\WINDOWS\system32\bkd.exe
C:\DXC1205b.exe
C:\803_104.exe
C:\912_121.exe
C:\WINDOWS\popupwithcast.exe
C:\WINDOWS\system32\nswCB.dll
C:\WINDOWS\uninst.exe

Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site → http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.

* * * * * * *

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools → Folder Options → View tab.

Tick - 'Show hidden files and folder'
Untick - 'Hide file extensions for known types'
Untick - 'Hide protected operating system files'
Click Yes to confirm & then click OK

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

C:\WINDOWS\system32\bkd.exe
C:\DXC1205b.exe
C:\803_104.exe
C:\912_121.exe
C:\WINDOWS\popupwithcast.exe
C:\WINDOWS\system32\nswCB.dll
C:\WINDOWS\uninst.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\popupwithcast

* * * * * * *

Next, perform an online scan using Internet Explorer at http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *

In your next post, please include fresh logs from:

Fresh Hijackthis log taken just before replying

Online scan

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

09-22-2006, 07:01 AM	#4 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,486 OS: N/A	Excellent, your pop ups should have abated Before fixing anything, Please download the Suspicious File Packer → http://www.safer-networking.org/files/sfp.zip Unzip it to the desktop and run it. Paste the following list of bad files into the Suspicious File Packer window: C:\WINDOWS\system32\bkd.exe C:\DXC1205b.exe C:\803_104.exe C:\912_121.exe C:\WINDOWS\popupwithcast.exe C:\WINDOWS\system32\nswCB.dll C:\WINDOWS\uninst.exe Allow SFP to pack the files. This will generate a CAB archive on your desktop. Please submit it to this site → http://www.bleepingcomputer.com/subm....php?channel=4 Please include a link to this topic in the message. * * * * * * * If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools → Folder Options → View tab. Tick - 'Show hidden files and folder' Untick - 'Hide file extensions for known types' Untick - 'Hide protected operating system files' Click Yes to confirm & then click OK Locate and delete the following files/folders: (let me know if you fail to find/delete any) C:\WINDOWS\system32\bkd.exe C:\DXC1205b.exe C:\803_104.exe C:\912_121.exe C:\WINDOWS\popupwithcast.exe C:\WINDOWS\system32\nswCB.dll C:\WINDOWS\uninst.exe C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe C:\Program Files\popupwithcast * * * * * * * Next, perform an online scan using Internet Explorer at http://www.kaspersky.com/service?chapter=161739400 Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan * * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * * In your next post, please include fresh logs from: Fresh Hijackthis log taken just before replying Online scan Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Question - what have you done for the community today?