We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Can someone help me? Trojan
Comments
-
mummy ~ your def' still infected
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\aswBoot.exe
c:\documents and settings\Clare\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
c:\windows\Temp\Perflib_Perfdata_564.dat
c:\windows\Temp\Perflib_Perfdata_714.dat
Folder::
c:\documents and settings\All Users\Application Data\PopCap
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
then id REALLY suggest that kaspersky scan:idea:0 -
Well i ran Combofix but it didn't finish properly
Got to stage 50 (i think), said it was deleting files, then stopped. Couldn't get task manager up so i had to turn computer off and reboot. No Combofix log to be found anywhere. Should i create the notebook file again or run Combofix on its own?
While i await reply will start the Kaspersky scan
0 -
I assume i need to run all 4 areas of the scan - critical area, my computer, folder and file?
Thanks 0 -
yes, thats rightEx forum ambassador
Long term forum member0 -
Not sure if i needed too, but have selected a scan of C:\ on the 'folder' scan.
So far it has detected 2 infections and 1 suspicious - altho they seem to have dissapeared from the scan report now i have started the 'folder' scan 0 -
OK - it has found:
2 threat names
2 infected objects
1 suspicious object
Threat names:
Exploit.Java.Gimsh.a (infected object, can't see exactly where they are as i can't scroll any further right but somewhere in application data\sun\java\deploy..)
Trojan-Spy.HTML.Fraud.gen (suspicious object, again can't see exactly where but somewhere in local settings\application data\ide..)
How do i create a log?0 -
we need each and every EXACT location and file name to do anything mummy. Cant remember how to get log as its been ages since I used it:idea:0
-
Done it
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 1, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 01, 2009 11:39:31
Records in database: 2410846
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - Folder:
C:\
Scan statistics:
Files scanned: 85722
Threat name: 2
Infected objects: 2
Suspicious objects: 1
Duration of the scan: 02:33:21
File name / Threat name / Threats count
C:\Documents and Settings\Clare\Application Data\Sun\Java\Deployment\cache\6.0\43\27c1206b-3a2d6d87 Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Clare\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-2e392bbc.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Clare\Local Settings\Application Data\Identities\{C65BA51D-3597-4A67-B70A-68F5A36C4357}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
The selected area was scanned.0 -
No need to be embarrassed mummy. Sometimes just finding logs can be a nightmare on some programs
Open notepad and copy/paste the text in RED below
File::
C:\Documents and Settings\Clare\Application Data\Sun\Java\Deployment\cache\6.0\43\27c1206b-3a2d6d87
C:\Documents and Settings\Clare\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvm impro.jar-54e206d6-2e392bbc.zip
c:\windows\system32\aswBoot.exe
c:\documents and settings\Clare\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
c:\windows\Temp\Perflib_Perfdata_564.dat
c:\windows\Temp\Perflib_Perfdata_714.dat
Folder::
C:\Documents and Settings\Clare\Application Data\Sun\Java\Deployment\cache\6.0\43\27c1206b-3a2d6d87
c:\documents and settings\All Users\Application Data\PopCap
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
Get rid of all deleted emails in outlook too:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards