PDA

View Full Version : iworm_attck_v122.02a GOT ME!


Feris
2006-08-03, 07:28
Hello. I've found several sites that gave me intructions on how to handle this nasty beast. These are the ones I followed:

Please download smitRem.zip to get rid of spyware strike and save it to your desktop from this link http://noahdfear.geekstogo.com/smitRem.exe Do not run a it yet.
Open the file and it will extract itself to a new folder called SmitRem.

Reboot into safe mode by following the directions here


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again, this is normal.
Wait for the tool to complete and Disk Cleanup to finish, this may take a while; please be patient.


Next go to Start > Control Panel > click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot into normal mode.Download Ewido Security Suite then set it up this way Ewido Setup Instructions reboot into safe mode and run Ewido

When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop .

Please reboot into normal mode and post the ewido log.

Please post a Hijack This log so that the rest of the malware can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.

Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

And here is my ewido log:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:55:07 PM 8/2/2006

+ Scan result:



C:\Documents and Settings\Jim\Cookies\jim@macromedia.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@stats.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@vip.clickzs[1].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@data3.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@data4.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Jim\Cookies\jim@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end

At this point, I honestly don't know if I'm fixed. I ran Hijackthis.exe and things SEEM to be handled. But I want to be sure. Any help that you can offer at all would be greatly appreciated.

Thanks.
pskelley
2006-08-04, 15:50
Welcome to the forum, I am sure noahdfear's tool is a good one, and use it myself at times, but posted right above where you posted your information are these instructions:

http://forums.spybot.info/showthread.php?t=4015
I would delete all Smitfraud tools you have and follow these instructions. When you get to the "Run ewido" part, please choose to delete or at least quarantine what it locates, choosing to "take no action" does you no good at all.

Once you have finished all of the instruction, then post these three logs:
Copy/paste into your own new topic.
c:\rapport.txt
Ewido log
The HJT log
I will be notified and check to see if there is more to do as soon as possible after that.

Thanks...pskelley
Safer Networking Forums
tashi
2006-08-09, 22:50
This topic is closed due to lack of a response.
If you need it re-opened please send me a pm and provide a link to the thread.

Applies only to the original topic starter.