Thread: Morpheus Toolbar and TSPY_PUPER
View Single Post
Old 02-17-2007, 04:55 AM   #13 (permalink)
Sempurna
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Hi ct456568,

No worries about the late reply. We are not on a timetable here. There’s no longer any major malware on your system.

Quote:
I only get one prompt that asks me if I would like to reboot, which I do. Is this ok?
Yep, that is OK.


Quote:
I don't think VirusTotal found anything on the files scanned either.
Yes, I think those files are fine. Just wanted to make sure with a scan at VirusTotal.


Quote:
Strange, Killbox does not seem to be working in deleting the Morpheus folders.
Doesn't HJT have a file delete on reboot feature too? Is it any good?
Yes, that is somewhat strange. I’ve never encountered a Morpheus folder that is so resilient. Is there anything in those folders, btw?

That’s right, HJT does have a delete on reboot feature as well. Unfortunately you have to do it one file/folder at a time and that is a pain. With Killbox, you can do multiple files/folders all at one go.

Let’s try a more powerful file deletion utility.

Please download OTMoveIt by OldTimer:
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Morpheus
    C:\Program Files\MorpheusBar

  • Return to OTMoveIt, right-click on the Paste List of Files/Folders to be moved window and choose Paste.
  • Click the red MoveIt! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it on your next reply.
  • Close OTMoveIt.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

You should get a notification that the folders were moved successfully or not.

Reboot your computer and see if the folders regenerate. If they don’t, then please delete the C:\_OTMoveIt folder to dispose of the malware folders.


NEXT:

If the Morpheus folders do regenerate, then please do this next.

Please download the Registry Search Tool and save it to your desktop:
  • Unzip (extract) it to your desktop and double-click on regsrch.vbs
    (if you have script protection, please allow this to run).
  • In the dialog that opens enter the following:

    Morpheus

  • Press OK
  • The search will run for a while, then alert you when it is finished.
  • Press OK and copy the contents of the WordPad window and post in this thread.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline