Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trouble with trojan cycbot.b


  • Please log in to reply
8 replies to this topic

#1 Bruce555

Bruce555

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 26 October 2010 - 03:21 PM

Dear BC,

just wanted to say you guys have some really useful information and thanks for taking the time to help people out.

I had same problem as this topic starter:
http://www.bleepingcomputer.com/forums/topic354181.html


I followed the steps advised by you guys and followed the steps with DrWeb Cureit, found 18 viruses and they are moved to quarante, and then with Malware, found 4 and removed. My microsoft security essential isn't picking up anymore threats but I cannot use IE or firefox.

any infor or link to other threads please?

thanks in advance!

BC AdBot (Login to Remove)

 


#2 Bruce555

Bruce555
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 27 October 2010 - 09:34 AM

someone who had the same problem recommended me to try "netsh winsock reset" in command prompt and reboot. I did that and still no IE or firefox, other programs are working fine getting on internet (msn, skype etc)

Please help.

Thanks!

#3 MP201

MP201

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 27 October 2010 - 12:14 PM

It would seem you have the same problem that I have. I'm still waiting on an answer for mine, but I've discovered that the problem is only with websites starting with "www". "Mail.google.com" works, whereas "www.google.com" does not.
I don't know if this will help you at all, but I thought I'd give you a little bit more info.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 PM

Posted 27 October 2010 - 02:44 PM

Would be helpful if we can see the scam=n logs,thanks. Are we running XP or another?

Just for the record
Try this--open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...."
OR
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

Edited by boopme, 29 October 2010 - 11:41 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Bruce555

Bruce555
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 28 October 2010 - 01:45 PM

someone who had the same problem recommended me to try "netsh winsock reset" in command prompt and reboot. I did that and still no IE or firefox, other programs are working fine getting on internet (msn, skype etc)

Please help.

Thanks!


no offense but did you bother reading my post? or just copy and pasted an automated response...

like i said in my starting post, im having same issue as this topic starter:
http://www.bleepingcomputer.com/forums/topic354181.html

and we are running windows 7.

really i am hoping for a better response and some help, i have to drive to the library to just to use IE...

#6 Koyunbaba

Koyunbaba

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 28 October 2010 - 04:03 PM

Got the final solution: http://social.answers.microsoft.com/Forums/en-US/msescan/thread/b305ee28-bea5-4278-a7e1-a717cb736282
I closed the proxy setting for LAN and it worked!

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 PM

Posted 28 October 2010 - 04:14 PM

I repeated it for your sake as I did not know if they instructed you properly and mentioned the proxy.
I had said...Just for the record.
I'll ignore the next comment

It would seem that you have more than just trojan cycbot.b

We are going to need to try to get a log posted in the MAlware forum.
So onto A flash drive or CD put these and see if we can get either of these logs... DDS may not work on 64 bit, but OTL will.


Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
SKIP the Gmer part.
Let me know if that went well.


OTL

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Bruce555

Bruce555
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 28 October 2010 - 10:44 PM

Got the final solution: http://social.answers.microsoft.com/Forums/en-US/msescan/thread/b305ee28-bea5-4278-a7e1-a717cb736282
I closed the proxy setting for LAN and it worked!


OK I did the same and IE and firefox are working now!!

and just for the record, boopme did mention it I just only saw the reset winsock step, you should bold the first part IMO and thanks for your help!
Do you still think I need to post the log? looks kind of complicated =S

also one more question:
what does it mean now that I'm using the internet without that checked "Use proxy server for LAN to access internet" etc I searched what a proxy is and it sounds like a way to hide your identity (IP addresss?) while you are surfing web pages?
I mean am i less protected now that I unchecked "use proxy server for LAN"? whlie Im surfing the internet?

Thanks!

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 PM

Posted 29 October 2010 - 11:45 AM

Hello I edited in the Bloding as suggested here and in my notes.Thanks.

Yes a proxy is that way of hiding yourself. But as you do not USE a proxy the malware changed the settings to screw up your connection. It was looking to connect to a proxy server yhat does not exist,,ergo no connect.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users