Trojan/Browsela/Looksky
in [Security]
|
Prev: Regedit "Error while opening key"
Next: Norton AntiVirus 2006 does not support the repair feature
From: Bill Suen on 3 Jan 2006 18:55 I have a similar problem: I work a lot from my home PC for a university and has sophos loaded in it. The regular daily scan on Monday revealed that I have a Troj/spyaks-B infected in c:\windows\system32\wbeconm.dll and it cannot delete the file. I went in via command prompt and deleted the infected file but the home page still set to a security centre page. Yesterday I followed the sophos instruction and downloaded a SAV32CLI fix onto a CD-R and try to run it on command prompt via F8 re-start. I am running Window XP 2002 home service pack 2, and it will not let me get onto safe mode with command prompt at restart, so I cannot run the fix on my PC. "benjammin" wrote: > I tried using your method - in command prompt, i typed sfc.exe, then tried > scannow, but it said 'error code is 0x000006ba (The RPC server is > unavailable) and same sort of thing with other scans - what does this mean? > > "Eric" wrote: > > > Try booting in safe mode/command prompt. The file shouldn't be open then. > > > > "benjammin" wrote: > > > > > I have a Trojan download in C:\windows\system32\browsela.dll, and can't > > > delete it. > > > > > > Same applies to w32.looksky.A(a)mm in local settings somewhere. > > > > > > How can I get rid of these things if my antivirusdoesn't?
From: David H. Lipman on 3 Jan 2006 19:04 From: "Bill Suen" <BillSuen(a)discussions.microsoft.com> | I have a similar problem: | I work a lot from my home PC for a university and has sophos loaded in it. | The regular daily scan on Monday revealed that I have a Troj/spyaks-B | infected in c:\windows\system32\wbeconm.dll and it cannot delete the file. I | went in via command prompt and deleted the infected file but the home page | still set to a security centre page. Yesterday I followed the sophos | instruction and downloaded a SAV32CLI fix onto a CD-R and try to run it on | command prompt via F8 re-start. I am running Window XP 2002 home service | pack 2, and it will not let me get onto safe mode with command prompt at | restart, so I cannot run the fix on my PC. Download SmitFraud.exe from the URL -- http://www.ik-cs.com/programs/virtools/SmitFraud.exe Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee } Choose; Unzip Choose; Close NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to enable WGET.EXE to download the needed McAfee related files. Execute; c:\mcafee\clean.bat { or Double-click on 'Clean Link' in c:\mcafee } A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). It is suggested that you move the report out of c:\mcafee before performing another scan. Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your reply. * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
From: Bill Suen on 3 Jan 2006 19:19 David, Thanks for the advice. I use sophos, not McAfee. Do I need McAfee to perfrom the fix? Bill "David H. Lipman" wrote: > From: "Bill Suen" <BillSuen(a)discussions.microsoft.com> > > | I have a similar problem: > | I work a lot from my home PC for a university and has sophos loaded in it. > | The regular daily scan on Monday revealed that I have a Troj/spyaks-B > | infected in c:\windows\system32\wbeconm.dll and it cannot delete the file. I > | went in via command prompt and deleted the infected file but the home page > | still set to a security centre page. Yesterday I followed the sophos > | instruction and downloaded a SAV32CLI fix onto a CD-R and try to run it on > | command prompt via F8 re-start. I am running Window XP 2002 home service > | pack 2, and it will not let me get onto safe mode with command prompt at > | restart, so I cannot run the fix on my PC. > > > > Download SmitFraud.exe from the URL -- > http://www.ik-cs.com/programs/virtools/SmitFraud.exe > > Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee } > Choose; Unzip > Choose; Close > > NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your > FireWall to enable WGET.EXE to download the needed McAfee related files. > > Execute; c:\mcafee\clean.bat > { or Double-click on 'Clean Link' in c:\mcafee } > > A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the > end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). > It is suggested that you move the report out of c:\mcafee before performing another scan. > > > Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your > reply. > > * * * Please report back your results * * * > > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > > >
From: David H. Lipman on 3 Jan 2006 19:58 From: "Bill Suen" <BillSuen(a)discussions.microsoft.com> | David, | | Thanks for the advice. I use sophos, not McAfee. Do I need McAfee to | perfrom the fix? | | Bill No. It will download the McAfee command line scanner and it does not have to pre-exist on the PC. That DLL is associated with a few pieces of malware and tghis uility targets the DLL as well as the malware associated with it. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
From: Bill Suen on 4 Jan 2006 03:42
Dave, I ran the fix and it didn not work. I was watching the scan and there were a lot of files the fix could not open. Now I cannot even got my explorer working in my own sign on, so I am using a guest signon to get on here. Hope you can give me further advice. Here is the log file: McAfee VirusScan for Win32 v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4666 created Jan 03 2006 Scanning for 168508 viruses, trojans and variants. Virus Scan Results 01/04/2006 18:01:54 Options: /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /HTML "C:\MCAFEE\SCANREPORT.HTML" Scanning C: [] Scanning C:\*.* C:\Documents and Settings\Brendan\Local Settings\Temporary Internet Files\Content.IE5\A9S3YT65\systemwarning[1].htm ... Found potentially unwanted program Adware-SpySheriff. The file or process has been deleted. Summary report on C:\*.* File(s) Total files: ........... 229892 Clean: ................. 229863 Possibly Infected: ..... 0 Cleaned: ............... 0 Deleted: ............... 1 Non-critical Error(s): 1 Master Boot Record(s): ......... 1 Possibly Infected: ..... 0 Boot Sector(s): ................ 1 Possibly Infected: ..... 0 Time: 00:50.16 Some pages are now blocked and the message says: block by adware of your pc, download spy trooper: http://www.spytrooper.com/?advid=29 Is this geniune? Many thanks. Bill Suen "David H. Lipman" wrote: > From: "Bill Suen" <BillSuen(a)discussions.microsoft.com> > > | I have a similar problem: > | I work a lot from my home PC for a university and has sophos loaded in it. > | The regular daily scan on Monday revealed that I have a Troj/spyaks-B > | infected in c:\windows\system32\wbeconm.dll and it cannot delete the file. I > | went in via command prompt and deleted the infected file but the home page > | still set to a security centre page. Yesterday I followed the sophos > | instruction and downloaded a SAV32CLI fix onto a CD-R and try to run it on > | command prompt via F8 re-start. I am running Window XP 2002 home service > | pack 2, and it will not let me get onto safe mode with command prompt at > | restart, so I cannot run the fix on my PC. > > > > Download SmitFraud.exe from the URL -- > http://www.ik-cs.com/programs/virtools/SmitFraud.exe > > Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee } > Choose; Unzip > Choose; Close > > NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your > FireWall to enable WGET.EXE to download the needed McAfee related files. > > Execute; c:\mcafee\clean.bat > { or Double-click on 'Clean Link' in c:\mcafee } > > A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the > end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). > It is suggested that you move the report out of c:\mcafee before performing another scan. > > > Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your > reply. > > * * * Please report back your results * * * > > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > > > |