Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ibm00001.exe


  • Please log in to reply
3 replies to this topic

#1 Peter Nolan

Peter Nolan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 03 October 2005 - 06:30 AM

Hello,

I was attacked by a Trojan for the first time in six years last week and printed out all the instructions I needed from Bleeping Computer. I had everything under control and all I had to do was follow the instructions when I thought I had a brainwave. I figured I could run Autoruns.exe and uncheck "Shell" the name the Trojan is listed under under the Logon Tab and then delete. It didn't work and something is still looking for ibm00001.exe the Trojan program. I didn't follow the instructions and tried to reinstall Shell by restoring ibm00001.exe afte rebooting from the Recycle bin where I put it out of harms way. This didn't work so now I cannot go through the correct procedure. Is there a way to fix this so that I can go through the right procedure or execute some other action? I apologise for acting in such a rash fashion and not following the correct protocol. I got a pop up that is almost certainly the Trojan in action twice before I could get to this site having to press ctrl+alt+del to start all over again.

I'm sorry for messing the whole thing up when all I had to do was follow the instructions provided by Bleeping computer.

Peter Nolan. Ph.D.
Dublin

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:01:01 PM

Posted 03 October 2005 - 10:54 AM

Have you attempted a system restore to a point prior to your changes?
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 Peter Nolan

Peter Nolan
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 04 October 2005 - 05:52 AM

Hello John,

I want to avoid if at all possible doing something like reformatting my HDD because I'm certain I'll loose stuff I value.
Can I ask you or the forum if I could execute the Trojan by double clicking on ibm00001.exe and then if the Entry "Shell" reappears in the the Logon list using Autoruns.exe I could go through the correct procedure and finally get rid of this Trojan which is exactly what would have happened if I didn't take that naive shortcut?
I can view ibm00001.dll and I'll bet it has the information I need to remove the right stuff from the registry.

Peter.
Dublin.

#4 Tech-Helper

Tech-Helper

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 19 November 2005 - 04:25 AM

Hi Peter

Please follow these steps if you have a win9x*Grinler machine
1. Start your computer in MS-DOS Mode
2. change directory to Windows\System (or) find ibm0000*.* in windows folders
3. Delete all the files with names ibm0000?.???
4. Reboot into windows
5. After reboot a window will popup saying cannot load ibm00001.exe click ok
6. run "regedit" from start-run
7. find "ibm00001.exe"
8. delete the key
9. reboot ... your problem would be solved




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users