Please help me on IE6 Trojan removal

[Simple Guy]

I need help with a hijack of my IE6 homepage. I was infected by a
Trojan, at least that was the message from the virus acanners.
What happened was yesterday I opened my Internet Explorer IE6 but the
usual home page was not there. Instead there was a page that said that
mentioned my IP address and said that my computer IE and Firefox is not
secure and there was a need to download something to fix it. I did not
download.
The Norton Antivirus message box appeared and said something about
secure32.html and ibm00003 and ibm0004 infections. I ran A squared
free, Lavasoft Adware free, Norton Antivirus and One Button Checkup
from Norton SystemWork. That seem to clear up the virus infection
problem.
Now when I boot up my home computer it said that C:\Program
Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe not found.
This is my home computer. I tried looking for the file in the computers
in my office but none have any files with this name or anything near to
it.
I cannot no longer use my IE6. Clicking on Internet Explorer on the
Start Menu or the Desktop icon will result in the mouse cursor showing
an hourglass for showing a program being loaded. After a while the
hourglass disappear and nothing happen. No IE6.
When I shut down my computer a message that say that Internet Explorer
not loaded appear and the computer shut down normally and turn off.
I tried to download IE6 SP1 from Windows Update but can run it. The
message was that there is already a newer version IE6 on my computer. I
ran SP2 and it ran normally and rebooted.
Can anyone tell how can I reinstall into my home computer that program,
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
or how to change the registry and put some other files in the
subdirectory Web Folders.
Can anyone tell me how can I reinstall a working version of IE6 or IE7
beta so that I can use Internet Explorer.
My computer run Windows XP Professional. I have installed SP1, SP2 and
various updates including the very recent ones. I have dotnet 1.1. I
have also updated with the recent DirectX and Scripts and Java and
Firefox. I note that Firefox cannot run certain sites that require IE6
or IE5.X.


Using find of regedit I found only one instance of ibm00003.exe I tried
to export it but at the final screen I clicked on SAVE but nothing
happened. The screen just remain there.
The file details, Type REG_SZ.
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam|MUICache.
Using msconfig there is no item by the name of ibm00003 or whatsoever
ibm...
The files C:\Program
Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe or
ibm00003 or ibm0004 dot whatever cannot be spyware files because this
subdirectory is now empty. There should be something in this
subdirectory. There are few files in this subdirectory of my OFFICE
computer. Also I cannot use Control Panel Add/Remove program to
uninstall or install IE6 because Microsoft does not allow their
Internet Explorer to be uninstalled. Reference recent
Government/States court cases vs. Microsoft. I don't know if new
version being shipped now has IE in the Control Panel>Add/Remove
Program. Mine has none.
I can copy files from my office computer but which files do I need.

How to completely eliminated the
trojan.

 

[David H. Lipman]

From: "Simple Guy" <[email protected]>

| I need help with a hijack of my IE6 homepage. I was infected by a
| Trojan, at least that was the message from the virus acanners.
| What happened was yesterday I opened my Internet Explorer IE6 but the
| usual home page was not there. Instead there was a page that said that
| mentioned my IP address and said that my computer IE and Firefox is not
| secure and there was a need to download something to fix it. I did not
| download.
| The Norton Antivirus message box appeared and said something about
| secure32.html and ibm00003 and ibm0004 infections. I ran A squared
| free, Lavasoft Adware free, Norton Antivirus and One Button Checkup
| from Norton SystemWork. That seem to clear up the virus infection
| problem.
| Now when I boot up my home computer it said that C:\Program
| Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe not found.
| This is my home computer. I tried looking for the file in the computers
| in my office but none have any files with this name or anything near to
| it.
| I cannot no longer use my IE6. Clicking on Internet Explorer on the
| Start Menu or the Desktop icon will result in the mouse cursor showing
| an hourglass for showing a program being loaded. After a while the
| hourglass disappear and nothing happen. No IE6.
| When I shut down my computer a message that say that Internet Explorer
| not loaded appear and the computer shut down normally and turn off.
| I tried to download IE6 SP1 from Windows Update but can run it. The
| message was that there is already a newer version IE6 on my computer. I
| ran SP2 and it ran normally and rebooted.
| Can anyone tell how can I reinstall into my home computer that program,
| C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
| or how to change the registry and put some other files in the
| subdirectory Web Folders.
| Can anyone tell me how can I reinstall a working version of IE6 or IE7
| beta so that I can use Internet Explorer.
| My computer run Windows XP Professional. I have installed SP1, SP2 and
| various updates including the very recent ones. I have dotnet 1.1. I
| have also updated with the recent DirectX and Scripts and Java and
| Firefox. I note that Firefox cannot run certain sites that require IE6
| or IE5.X.
|
| Using find of regedit I found only one instance of ibm00003.exe I tried
| to export it but at the final screen I clicked on SAVE but nothing
| happened. The screen just remain there.
| The file details, Type REG_SZ.
| HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam|MUICache.
| Using msconfig there is no item by the name of ibm00003 or whatsoever
| ibm...
| The files C:\Program
| Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe or
| ibm00003 or ibm0004 dot whatever cannot be spyware files because this
| subdirectory is now empty. There should be something in this
| subdirectory. There are few files in this subdirectory of my OFFICE
| computer. Also I cannot use Control Panel Add/Remove program to
| uninstall or install IE6 because Microsoft does not allow their
| Internet Explorer to be uninstalled. Reference recent
| Government/States court cases vs. Microsoft. I don't know if new
| version being shipped now has IE in the Control Panel>Add/Remove
| Program. Mine has none.
| I can copy files from my office computer but which files do I need.
|
| How to completely eliminated the
| trojan.

ibm0000?.exe is a Password Stealing Trojan. After you get done with the following, you will
have to change account passwords.


It is suggested that you execute the following in Normal Mode then in Safe Mode.

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.



Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
reply.

* * * Please report back your results * * *

 

[Simple Guy]

a squared reported SmitFraud.exe is a malware.

 

[news.microsoft.com]

Did you try http://www.spybot.de

It´s a little but good software to find and remove spyware and malware. It´s
free.