 CajunTekInsane CajunPremium,MVM
join:2003-08-08
Arlington, TX | Don't worry, Give CJ a little time to analyze this and she'll get ya straightened out... She's the best!!!!
--
da Cajun Darn I hate Malware |
| reply to Jesse2
Thanks, Jesse, got it 
This is definitely LOP (aka Trojan Swizzor). It's an adware pest. Panda online will detect it but not remove it.
As suspected, detection for this is spotty and not detected by the scanners you have used thus far.
Follow these steps for removal please.
1. Make a copy of these instructions so you have them handy as the next steps will be done in SAFE MODE with all browsers closed (so you won't be able to view this window)
2. Reboot into Safe Mode
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
3. Open HijackThis and do a *system scan only*.
When it finishes, checkmark this entry, then press the *fix checked* button
O4 - HKLM\..\Run: [loud balm junk nurb] C:\Documents and Settings\All Users\Application Data\find gpl loud balm\License heart.exe
(if this entry does not appear in the HijackThis scan, don't about it - we can fix that later in normal mode)
4. Stay in safe mode and Delete this folder:
C:\Documents and Settings\All Users\Application Data\find gpl loud balm
5. Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Clean out your Temporary Internet files.
[Quit Internet Explorer and quit any instances of Windows Explorer.
[*]Click Start, click Control Panel, and then double-click Internet Options.
*]On the General tab, click Delete Files under Temporary Internet Files.
[*]In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
6. Reboot back into normal mode.
7. Get an free online AV scan at the following:
BitDefender Free Online Virus Scan
»www.bitdefender.com/scan8/ie.html
BitDefender does detect this variant so it may find additional files and/or registry entries to delete.
8. When done, reboot your computer.
Scan once more with HijackThis and post a fresh log and let me know if you see any remaining problems at that point.
--
It takes a disaster to make a woman out of a femaleMicrosoft MVP/Windows Security 2003-2006Proud Member of ASAP (Alliance of Security Analysis Professionals) |
| It's not that complicated really. The main thing is to reboot into SAFE MODE and delete the folder:
C:\Documents and Settings\All Users\Application Data\find gpl loud balm
And clear your TEMP files:
C:\Windows\Temp
C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
And then in normal mode do the online BitDefender scan which should do a full system scan and hopefully take care of any leftovers.
Do those main things and we can take care of the rest after you finish with BitDefender scan
I have emailed your infected files to the Security Product vendors who did not detect this (including your Trend-Micro AV) so they should be including detection for it in the near future.
--
It takes a disaster to make a woman out of a femaleMicrosoft MVP/Windows Security 2003-2006Proud Member of ASAP (Alliance of Security Analysis Professionals) |
