Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help needed for removing torjans


  • This topic is locked This topic is locked
8 replies to this topic

#1 myym

myym

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:04:34 PM

Posted 09 October 2013 - 05:11 AM

I ran Superantispyware for two days ago and it found 5 trojans on my laptop, today I ran the same program and it found the exact same trojans. I did what the software recommended which was to restart the pc, but I am not sure whether they are completely removed.

I experience that my laptop runs smoother after they are removed, but have no other issues with its performance.

I ran Avast antivirus and Malwarebytes but they did not find any.

This is the list of the trojans I mentioned above:

 

Trojan.Smitfraud Variant-Gen/PP

(x86) HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}
(x86) HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\ProxyStubClsid
(x86) HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\ProxyStubClsid32
(x86) HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\TypeLib
(x86) HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\TypeLib#Version

 

Thanks in advance.



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:34 PM

Posted 10 October 2013 - 06:33 AM

Hello myym and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
 

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

 

===================================================
 

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download one of these to your desktop:


for a 32-bt system download this version.
for 64-bit use this one

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

===================================================

 Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run OTL

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT

     

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.

Logs to include with next post:

RKreport.txt
AdwCleaner log
OTL.txt
Extras.txt


Thanks

Satchfan


Edited by satchfan, 10 October 2013 - 08:30 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 myym

myym
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:04:34 PM

Posted 11 October 2013 - 05:05 AM

Hi Satchfan,

Thanks for the reply, I will soon come up with all the logs you mentioned.


Edited by myym, 11 October 2013 - 05:08 AM.


#4 myym

myym
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:04:34 PM

Posted 11 October 2013 - 07:43 AM

here are the log files created of those programs you mentioned.

Attached Files


Edited by myym, 11 October 2013 - 07:45 AM.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:34 PM

Posted 11 October 2013 - 04:49 PM

Thanks for the logs.

 

At a brief glance I see nothing too bad but I've been a bit busy and only had a chance to speed-read through them.

 

I won't have a chance to go through them all thoroughly tonight as it is 10 45pm GMT and I have yet to have my dinner!!

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:34 PM

Posted 12 October 2013 - 03:10 AM

Do you know what this is?:

C:\Windows\SysWow64\⏨䣰š.

It appeared on the 11th October.


Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    
    
    :OTL
    
    O3 - HKLM\..\Toolbar: (no name) - {7C75F7F2-14C6-4c54-B6A8-949781E626E4} - No CLSID value found
    
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    
    [2013-07-29 13:56:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\DP45977C.lfl
    
    [2013-10-10 09:06:16 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\⏨䣰š
    
    
    
    :Commands
    
    [purity]
    
    [emptytemp]
    
    [Reboot]
  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • please post the OTL fix log and new OTL log.

===================================================

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.
 

  • doubleclick CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Logs to include in the next post:

OTL fix log
New OTL log
CKFiles.txt


Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 myym

myym
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:04:34 PM

Posted 12 October 2013 - 04:02 AM

Thanks for the reply Satchfan.

Just ran OTL as you mentioned and it restated my pc after a few seconds and it didn't generate any of those files you mentioned.

The other program did generate a file.

 

The files that you mentioned with the chinese sign, I have no idea how it entered my pc, I looked at its path and it has 98 Mb of size and there is also another chinese sign file which has 98112 kb size, will it be safe to delete them?

Attached Files


Edited by myym, 12 October 2013 - 04:05 AM.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:34 PM

Posted 12 October 2013 - 05:05 AM

You have a illegal software on your system, which is probably how your computer became infected.

 

Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

 

This forum, as well as all the other malware removal forums, does not condone the use of illegal software and does not offer support unless it is for the removal of it.

 

Continuing to help you could be viewed as supporting/condoning this.

 

If you want to continue, I need you to uninstall all the illegal software that you have downloaded and installed.

 

When you have done this, run CKScanner again and post a new log.

 

If I don’t hear back from you in 24 hours I'll close this thread.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 satchfan

satchfan

  • Malware Response Team
  • 2,714 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:34 PM

Posted 15 October 2013 - 02:26 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users