Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus: "w32.myzor.fk@yf" & Trojans: "downloader.aux" Help Please?


  • Please log in to reply
7 replies to this topic

#1 goincognito

goincognito

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 21 May 2006 - 04:13 PM

I have a virus called W32.Myzor.FK@yf and a few trojans such as Downloader.AUX and my McAfee Virus Protector isn't really working... It pops up and is unable to delete, clean or quarantine.

Also, when I start Internet Explorer, it does not direct me to my normal homepage, it redirects me to 'topsecuritysite.com'.

I do not know if this is a real site or a way for me to download new virus protection, so I am not sure what to do.

Help would be grrrreatly appreciated.

Thank you mucho!

BC AdBot (Login to Remove)

 


m

#2 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:12:03 PM

Posted 21 May 2006 - 05:22 PM

This doesn't look good at all. Seems like a spyware infection let me research it and I'll get back to you ASAP.


The fake virus alert is a result of a pest called "Smitfraud".

Here is the removal steps until the Antimalware products released new updates for this newest variant out:

1. Print out or save to notepad these instructions as we will need to do most steps offline and in SAFE MODE (so you won't have this window open to see the instruction from)

2. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

3 Download, install, and update Ewido AntiMalware (get the free trial version)
http://www.ewido.net/en/download/

a. Install Ewido AntiMalware

b. Launch Ewido, there should be a big yellowE icon on your desktop, double-click it.

c. The program will prompt you to update click the OK button

d. The program will now go to the main screen

e. On the left hand side of the main screen click on Update

f. Click on Start. The update will start and a progress bar will show the updates being installed.

g. Do not scan yet. We'll do that later in SAFE MODE. After updating close Ewido and any open programs.

4. Reboot into Safe Mode
If you're having trouble getting into safe mode or don't know how, here's a handy tool: Bootsafe.exe
http://www.superadblocker.com/bootsafe.html

5. Once in safe mode, start Ewido AntiMalware

a. Click on scanner

b. Click on *complete system scan*

c. Let the program scan the machine.

d. While the scan is in progress you will be prompted to clean the first infected file it finds. Choose Remove, then put a check next to Perform action on all infections in the left corner of the box so you don't have to sit and watch Ewido the whole time.
Checkmark the box: *Create encrypted backup in the quarantine* (recommended)

Click OK.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.


6. Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.


........................
7. Reboot back to normal mode.

8. Get a free online AV scan at Panda's ActiveScan
Let it remove any infected files found, and when it finishes save the log at the end to post back here.

Panda's Active Scan
http://www.pandasoftware.com/activescan/

Create a HJT log using HiJackThis.exe and post it in the HJT Board NOT here! (Also, including the Ewido scan log might help the HJT Team member in analyzing your log)

This set of instructions was taken from a help post from a lavasoft help member by the name of CalamityJane and modified by myself.

Edited by Elendil, 21 May 2006 - 05:32 PM.

Stanford '14
B.S. Candidate | Computer Science

#3 goincognito

goincognito
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 24 May 2006 - 04:25 PM

Thanks!

I've pretty much got the w32.myzor down, I had this WildTangent thing that was infecting the computer. i also thought I had downloader. aux deleted, but it's still there.

Any tips? I looked up stuff on the internet and it said to delete most of the temporary files, except there is one file that won't delete! It's called CMLS--2006-05-24--16-06-50.log Look familiar?

Thanks again. <33 Legolas. Heh.

#4 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:12:03 PM

Posted 24 May 2006 - 04:53 PM

Ok, I think it's time you used HJT (HiJackThis) in attempt to remove your malware problem.
Visit this HJT tutorial link:

http://www.bleepingcomputer.com/tutorials/how-to-use-hijackthis/

As it says, it is very important that you DO NOT delete anything when the scan is done, but instead copy and paste the HJT log into a post in the HJT FORUM NOT HERE! Good luck with HJT and I hope you're malware problems will be fixed! :thumbsup:
Stanford '14
B.S. Candidate | Computer Science

#5 Bert J

Bert J

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 29 May 2006 - 01:49 AM

Hello,

I have the same problem. I have done everything what you say except running smitFraudFix because it wouldn't run at my PC.

greets

#6 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:12:03 PM

Posted 29 May 2006 - 10:24 AM

Hi BertJ,

At Bleeping Computer it is usually best to start a new topic for each problem.

If you are having the same symptoms as the starter of this topic, and have tried the fixes suggested already, then perhaps it is time for you to post a log in the HiJackThis forum here at BC.

First: Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.)

Second: Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.

NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.

Third: If, after finishing your work with the folks at the HJT forum you have issues with Windows related to the removal of the infection, then come to the other forums and let us help you get your computer back to normal.

You are in good hands! Good luck!
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#7 ZGEE

ZGEE

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 02 June 2006 - 07:23 PM

help I have exactly the same problem so what should i do safely and effectively to get rid of this virus w32.myzor?

#8 ZGEE

ZGEE

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 02 June 2006 - 07:26 PM

help I have exactly the same problem so what should i do safely and effectively to get rid of this virus w32.myzor?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users