Spyware and Trogens

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have had mega problems with a particulat computer. I had several togens
and spyware amongst which were downloader and a particulal problem with
look2me. I think these have been cleaned / deleted or put to AVG vault. I
have had a clean virus scan reported back along with a clean spybot scan.
Can I assume that the system is now clean or should I be doing something else
first before I return the computer to its owner. For information, I am not
able to connect to the internet with this computer as the connection is at
the owners house. SP2 is installed. The only thing that is still a problem
is that the following error message appears when I boot in normal mode (not
in safe mode) RUNDLL error loading specific module "woo31f8f.dll" Thank you
all.
KR S
 
Doubtful it's clean or clean enough for normal/daily use. The tools
and processes you listed are minimal to remove Malware. The use
of the customer's ISP connection shouldn't limit your ability to put
the system on the Internet and get the machine fully updated. Do
not put this machine back in service with Boot error(s) or any kind
of Application/System Event Log errors.
 
Hi
What do you suggest please?
KR S

R. McCarty said:
Doubtful it's clean or clean enough for normal/daily use. The tools
and processes you listed are minimal to remove Malware. The use
of the customer's ISP connection shouldn't limit your ability to put
the system on the Internet and get the machine fully updated. Do
not put this machine back in service with Boot error(s) or any kind
of Application/System Event Log errors.
Click to expand...
 
You need to run "multiple" virus scans and multiple spyware scans

On-Line scanners can be found at:

http://www.trendmicro.com/hc_intro/default.asp

http://www.bitdefender.com/scan8/ie.html ,

http://www.pandasoftware.com/produc...5D4-4DA2-B310-B1DBEC2971F2}&NRCACHEHINT=Guest

http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

http://us.mcafee.com/root/mfs/default.asp

http://www.kaspersky.com/virusscanner


Google for other "online scanners"


--
Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
 
Sal said:
Hi
What do you suggest please?
KR S
Click to expand...

If you don't have the skill or ability to clean up this computer, give
your customer the option to take it to someone who does or do a clean
install.

Here are links to malware removal steps and to information about
installing Windows:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To
http://www.elephantboycomputers.com/page2.html#reinstall_Windows - What
you will need on-hand

Malke
 
From: "Sal" <[email protected]>

| Hi
| What do you suggest please?
| KR S
|



Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
 
Hello again on this fine sunny Sunday morning in the UK.
I have tried all the above help and ifo and I think that I am clean from
Spyware and Trogens. I had difficullty in sorting out the start up initial
error message which was RUNDLL error loading specific module w0031f8f.dll.
What I did was go into msconfig and untick from start up the foloowing:
RUNDLL32
dfndrff_12
kybrdff_12
Everything seems to work ok when I try and I don't get any error messages.
Any comments from anybody.
KRS

David H. Lipman said:
From: "Sal" <[email protected]>

| Hi
| What do you suggest please?
| KR S
|



Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
Click to expand...
 
From: "Sal" <[email protected]>

| Hello again on this fine sunny Sunday morning in the UK.
| I have tried all the above help and ifo and I think that I am clean from
| Spyware and Trogens. I had difficullty in sorting out the start up initial
| error message which was RUNDLL error loading specific module w0031f8f.dll.
| What I did was go into msconfig and untick from start up the foloowing:
| RUNDLL32
| dfndrff_12
| kybrdff_12
| Everything seems to work ok when I try and I don't get any error messages.
| Any comments from anybody.
| KRS
|


Hmmmmm.....

I recognize those file names :-).
dfndrff_12
kybrdff_12

DollarRevenue -- http://vil.nai.com/vil/content/v_139042.htm

I recently had samples named...

dfndrff_13.exe
kybrdff_13.exe
nwnmff_13.exe
 
Back
Top