Tech Support Forum - View Single Post - Trojan found - xlibgfl254.dll infected by Generic Downloader.bt

Sempurna · 02-08-2007, 11:51 PM

Hi megan,

Welcome to Tech Support Forum!

I apologize for the delay in getting to your log. The helpers here are all volunteers and are not online 24-hours a day. If you are still having malware problems I will be glad to help.

OK, let's do this first.

Please download CCleaner (freeware) and save it to your desktop:

Run the CCleaner installer.
During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
Once installed, run CCleaner and click the Windows tab.
Select the following:
- Check everything under the Internet Explorer section.
- Check everything under the Windows Explorer section.
- Check everything under the System section.
- Check ONLY Old Prefetch data under the Advanced section.
Then, click the Applications tab:
- UNCHECK everything there.
Next, click the Options button, then click the Advanced button:
- UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit.

CAUTION : Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

NEXT:

Let's run an online scan to make sure we're not leaving anything behind.

Please do an online scan with Kaspersky Online Scanner:

Click on Kaspersky Online Scanner.
You will be prompted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded click on Next.
Now click on Scan Settings.
In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
  Extended
- Scan Options:
  Scan Archives
  Scan Mail Bases
Click OK.
Now under select a target to scan:
- Select My Computer.
This program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save Report As button.
- In the File name: field, type kavscan.
- In the Save as type: field, select Text file (*.txt).
Save the file to your desktop.
Copy and paste that information in your next post.

NEXT:

Scan for Hidden Data Streams

Open HijackThis.
Click on the "Config" button on the bottom right.
Click on the tab "Misc Tools".
Click on "Open ADS Spy"
Click on "Scan".
Click on "Save Log".
Copy and paste the list from notepad into your next post.

NEXT:

Please reboot your computer normally into Windows, and then please post the log from the Kaspersky scan, the log from the Hijackthis ADS Spy scan, and a new HijackThis log.

02-08-2007, 11:51 PM	#2 (permalink)
Sempurna Analyst, Security Team Join Date: Sep 2006 Posts: 1,302 OS: Windows XP SP2	Hi megan, Welcome to Tech Support Forum! I apologize for the delay in getting to your log. The helpers here are all volunteers and are not online 24-hours a day. If you are still having malware problems I will be glad to help. OK, let's do this first. Please download CCleaner (freeware) and save it to your desktop: Run the CCleaner installer. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar". Once installed, run CCleaner and click the Windows tab. Select the following: Check everything under the Internet Explorer section. Check everything under the Windows Explorer section. Check everything under the System section. Check ONLY Old Prefetch data under the Advanced section. Then, click the Applications tab: UNCHECK everything there. Next, click the Options button, then click the Advanced button: UNCHECK : "Only delete files in Windows Temp folders older than 48 hours". Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit. CAUTION : Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system. NEXT: Let's run an online scan to make sure we're not leaving anything behind. Please do an online scan with Kaspersky Online Scanner: Click on Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, click Yes. The program will launch and then begin downloading the latest definition files. Once the files have been downloaded click on Next. Now click on Scan Settings. In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK. Now under select a target to scan: Select My Computer. This program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save Report As button. In the File name: field, type kavscan. In the Save as type: field, select *Text file (.txt). Save the file to your desktop. Copy and paste that information in your next post. NEXT: Scan for Hidden Data Streams Open HijackThis. Click on the "Config" button on the bottom right. Click on the tab "Misc Tools". Click on "Open ADS Spy" Click on "Scan". Click on "Save Log". Copy and paste the list from notepad into your next post. NEXT: Please reboot your computer normally into Windows, and then please post the log from the Kaspersky scan, the log from the Hijackthis ADS Spy scan, and a new HijackThis log**. __________________ Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum