Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spysherriff Help Me Please! Newbie Needs Help!


  • Please log in to reply
2 replies to this topic

#1 tonymartini

tonymartini

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 24 October 2005 - 01:30 PM

Hi guys,
I'm new to all this and i need help!! i've got kapersky antivirus and my router's firewall and i recently got rid of 260 viruses on my PC :thumbsup: BUT now there is a msg that pops up on startup saying something like " C:/....../commonFiles/microsoftshared/ibm00001.exe cannot be found please use search etc...." how can i get rid of this really annoying message!! Please help as i will soon strap dynamite to the damn thing and blow it up!!! :flowers:

BC AdBot (Login to Remove)

 


#2 scotia

scotia

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 24 October 2005 - 01:40 PM

http://www.bleepingcomputer.com/forums/t/22402/how-to-remove-spysheriff-winstallexe-spysheriffexe/

#3 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 PM

Posted 25 October 2005 - 02:02 AM

Sophos trojtorpige

Troj/Torpig-E is an information stealing Trojan for the Windows platform.

When Troj/Torpig-E is run some or all of the following files are created either in the folder C:\Program Files\Common Files\Microsoft Shared\Web Folders or in the folder <System>\..\temp:

ibm00001.dll
ibm00001.exe
ibm00002.dll
.tmp

The file ibm00001.exe is detected is Troj/Torpig-D. The file <random>.tmp is a clean data file. All other files are detected as Troj/Torpig-E.

The following registry entry is created to run ibm00001.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Shell
<path to ibm00001.exe>

The following registry entry may be created to run ibm00001.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
explorer.exe "<path to ibm00001.exe>"

An entry may be added to the file SYSTEM.INI in the "boot" section with a key name of "shell" to attempt to run ibm00001.exe on startup.

The Trojan attempts to steal passwords, as well as logging keypresses and open window titles to text files and periodically sends the collected information to a remote user via HTTP.

Troj/Torpig-E automatically closes security warning messages displayed by common anti-virus and security related applications.


Sophos trojtorpigd

If you think you are infected submit a hijackthis log here.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com

or

DrWeb CureIT

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

If you can't get into safe mode download the following - Ultimate Boot CD however you will need to update the definitions on the disk see here how to do that. Alternatively download a archive version of Public AntiVirus again this will need updating but full instructions are here.

If you want a smaller download look here for instructions on how to create your own boot CD.

Also try installing and running A2 Free and Ewido

I'd also run Spybot(Spybot Tutorial) and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt"

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users