Tech Support Forum - View Single Post - Slow Laptop, Trojans, Viruses, Help Needed

sUBs · 06-27-2007, 12:28 AM

We're not out of the woods yet. Machine is still heavily infected. Let's keep hacking away at it

--------------

Open notepad and Copy/Paste the text in the box below into it:

Code:

@echo off
For %%g in (
C:\WINDOWS\system32\SecMon.sys
C:\WINDOWS\repair\cmsvc.exe
C:\WINDOWS\system32\jrotiaos.exe
C:\WINDOWS\system32\ejqjeabk.dll
C:\WINDOWS\system32\lblcskcc.dll
C:\WINDOWS\system32\tmpnt.exe
C:\WINDOWS\system32\tqqfosnn.dll
C:\WINDOWS\system32\ygqvgsmo.dll
C:\WINDOWS\vbmgs.exe
) do catchme -l nul -k %%g >nul
echo.Please submit the file, catchme.zip located on Desktop
pause
exit

Save this as Submit.bat Choose to "Save type as - All Files". It should look like this:

Double click on Submit.bat & allow it to generate a zipped file on your Desktop called catchme.zip
Please submit catchme.zip to this site → http://www.bleepingcomputer.com/subm....php?channel=4

The file must be uploaded before proceeding to the next step.

---------------

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\system32\SecMon.sys
C:\WINDOWS\repair\cmsvc.exe
C:\WINDOWS\system32\jrotiaos.exe
C:\WINDOWS\system32\ejqjeabk.dll
C:\WINDOWS\system32\lblcskcc.dll
C:\WINDOWS\system32\tmpnt.exe
C:\WINDOWS\system32\tqqfosnn.dll
C:\WINDOWS\system32\ygqvgsmo.dll
C:\WINDOWS\vbmgs.exe
Folder::
C:\hjt\backups

Save this as ComboFix-Do.txt

Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Then post the resultant log

---------------

Please download this tool > System Repair Engineer

Extract it to it's own folder & double click SREng.exe to run it
Select 'Smart Scan' & tick "Verify Digital Signatures"
Click on the [Scan] button
When finished, click on the [Save Reports] button & save the log to Desktop
Attach the log in your next reply. Dont post it

Note: You may have to rename SREngLog.log to SREngLog.txt before attaching

---------------

Download this tool - http://www.majorgeeks.com/download.php?det=5198

Extract the contents of the zipped file to desktop.
Disconnect from internet and close all running programs.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...say NO.
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and uncheck the Registry box.
Then click the Scan button & wait for it to finish.
Once done click the Copy button. Open Notepad and hit ctrl+v to paste the log. Save the log to your desktop & then post it here.

---------------

In your next post, please include fresh logs from:

Fresh Hijackthis log taken just before replying

Gmer's log

SRENG log

ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

06-27-2007, 12:28 AM	#7 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,498 OS: N/A	Re: Slow Laptop, Trojans, Viruses, Help Needed We're not out of the woods yet. Machine is still heavily infected. Let's keep hacking away at it -------------- Open notepad and Copy/Paste the text in the box below into it: Code: @echo off For %%g in ( C:\WINDOWS\system32\SecMon.sys C:\WINDOWS\repair\cmsvc.exe C:\WINDOWS\system32\jrotiaos.exe C:\WINDOWS\system32\ejqjeabk.dll C:\WINDOWS\system32\lblcskcc.dll C:\WINDOWS\system32\tmpnt.exe C:\WINDOWS\system32\tqqfosnn.dll C:\WINDOWS\system32\ygqvgsmo.dll C:\WINDOWS\vbmgs.exe ) do catchme -l nul -k %%g >nul echo.Please submit the file, catchme.zip located on Desktop pause exit Save this as Submit.bat Choose to "Save type as - All Files". It should look like this: Double click on Submit.bat & allow it to generate a zipped file on your Desktop called catchme.zip Please submit catchme.zip to this site → http://www.bleepingcomputer.com/subm....php?channel=4 The file must be uploaded before proceeding to the next step. --------------- Open notepad and copy/paste the text in the quotebox below into it: Code: File:: C:\WINDOWS\system32\SecMon.sys C:\WINDOWS\repair\cmsvc.exe C:\WINDOWS\system32\jrotiaos.exe C:\WINDOWS\system32\ejqjeabk.dll C:\WINDOWS\system32\lblcskcc.dll C:\WINDOWS\system32\tmpnt.exe C:\WINDOWS\system32\tqqfosnn.dll C:\WINDOWS\system32\ygqvgsmo.dll C:\WINDOWS\vbmgs.exe Folder:: C:\hjt\backups Save this as ComboFix-Do.txt Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe Then post the resultant log --------------- Please download this tool > System Repair Engineer Extract it to it's own folder & double click SREng.exe to run it Select 'Smart Scan' & tick "Verify Digital Signatures" Click on the [Scan] button When finished, click on the [Save Reports] button & save the log to Desktop Attach the log in your next reply. Dont post it Note: You may have to rename SREngLog.log to SREngLog.txt before attaching --------------- Download this tool - http://www.majorgeeks.com/download.php?det=5198 Extract the contents of the zipped file to desktop. Disconnect from internet and close all running programs. Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...say NO. In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and uncheck the Registry box. Then click the Scan button & wait for it to finish. Once done click the Copy button. Open Notepad and hit ctrl+v to paste the log. Save the log to your desktop & then post it here. --------------- In your next post, please include fresh logs from: Fresh Hijackthis log taken just before replying Gmer's log SRENG log ComboFix's log Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Question - what have you done for the community today?