Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Die Hard Cloaked Malware I [ljjatnfe.dll]


  • Please log in to reply
3 replies to this topic

#1 Ruski

Ruski

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 26 May 2008 - 10:08 PM

Gentlemen,

There is above-referenced malware which is incredibly sturdy and utterly resilient to any attempts of removal. These include:
  • Goes undetected by virus scanners, among them McAfee VSE, Avira AntiVir, BitDefender, and Spyware Doctor. Only Prevx picks up on it correctly as the file creation date and time coincide with a Blackster infection.
  • Other pointers towards its malicious character include: messing with the start menu, deletion of program shortcuts to the right of it, ascribing "virus alert" in capitalised letters to the notification area clock, changing the background of desktop icon's text to Blackster's blue colour, hiding hard drives in My Computer and more UI alterations that go in a similar vein.
  • > Reinscribes itself into the registry even when autoruns.exe is deployed in safe mode. Its companion- gnowmebk.dll- has also been a tough nut, but crackable.
  • Unlisted as a process running.
Point is this rudiment needs to go. There is no question as to who is the villain. Therefore, does any of you gentlemen have the armour or wits to dispose of ljJATNfe.dll?

Cheers, Ruski

Edited by Orange Blossom, 26 May 2008 - 10:47 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:48 PM

Posted 27 May 2008 - 12:19 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Acan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Ruski

Ruski
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 28 May 2008 - 05:42 AM

Private Ruski reporting.

In God's name, that was a HOWITZER ! First and foremost the prog picked up on the germ and next, what has not been removed on reboot I assassinated manually. Victory.

Just that one thing: Why is my system clock still hijacked? On running ComboFix it was temporarily repaired- how to pull it off again?

Kudos from Ruski

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:48 PM

Posted 28 May 2008 - 08:38 AM

Can you post the log results from the MBAM scan?

Why is my system clock still hijacked?

You will need to explain what the problem is with your clock. Hijacked is too broad of a term.

Generally, the clock settings get 'stuck' at 24 hour format when ComboFix does not complete properly.
If that was the case, go to Start > Control Panel > Regional and Language Options, click the Customize button, and select the Time tab. Reset to preferred time format, click Apply and OK.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users