Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spylocked-well Sort Of


  • This topic is locked This topic is locked
2 replies to this topic

#1 markbnj

markbnj

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 23 May 2007 - 03:19 PM

Interesting.
First, I am not a newb, but first time posting a log...

Note: I also use sysinternal's (now microsoft) process explorer, and autoruns too.)
Autoruns tells what is starting up on the target system.
process explorer tells what is CURRENTLY running.

client computer, was using norton security,
was active, with

1) norton did find spylocked, and said it was removed.
Rebooted, but still there, norton didnt find it second time.

2) so did adaware SE. It said it was removed, rebooted, still there.

Now: interesting analysis:
Process explorer doesnt show anything strange running.
Neither does autoruns.

The ONLY thing that shows I still have this virus is that
a) the screen shot of the fake "system alert" comes up (still...)
BUT it doesnt still show in autoruns..
(and using sysinternals ROOTkitREVEALer NOW to double-check)

and
with regards to the instructions on THIS board on how to remove spylocked
(here: http://www.bleepingcomputer.com/forums/t/85376/how-to-remove-spylocked-and-spywarelocked-removal-instructions/

a) NO apps like spylocked appear on app list on system
:thumbsup: NONE of the DLL's listed in the article above (like:

fyxkaah.dll, onwtj.dll ,tahxqcj.dll ,qvjpt.dll , and oyopu.dll (as a small subsample)

appear on the system (and yes, I checked in regular, safe, and even safe command prompt mode.
(and I did a dir /as as well as attrib filename.dll /s |more
and found NOTHING!

and look:
Here is my hijackthis 2.0 log:

and HERE's my guess:

I think it's THIS LINE:
O22 - SharedTaskScheduler: equiparant - {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - C:\WINDOWS\system32\indwvm.dll
did you know if you google "equiparant " it comes up with NOTHING?!
and Gee, if you google the dll file name you come up with ..shock shock Awe... Spylocked, and adaware

just tried an EXPERIMENT to use hijack this to REMOVE this ONE LINE..

YES... IT worked. This was the solution!

Now it is NOT loaded in memory!

Hope this helps ALL you folks out there.

See what experience, patience, and understanding what logs can do for you>?????

Good luck to all of you in the future!


3)

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:50 PM

Posted 24 May 2007 - 09:25 AM

Hi,

So I assume this issue is resolved?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:50 PM

Posted 02 June 2007 - 03:50 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users