editor.exe--Logger?--Trojan.KKiller?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

XP Home SP2

Have a trojan/virus. The thing disabled the windows f/w and
modified/disabled McAfee v/s & f/w plus. It even "created" a phony display
of my McAfee internet traffic when requested. (ie the graph that monitors
activity that can be refreshed...moving all the time.) The image was a set
non-moving graph image that was BS???? Installed ZoneAlarm Pro (trial) and
Norton (trial)...ran a complete scan with no hits. Also was running
CWShredder, HiJackThis, AdAware and SB S&D...these were being run initially
before McAfee was hacked and also after I installed the new ZA and Norton.
NO HITS. Had all kind of errors/warnings in event viewer/admin. tools area.
Like numerous WAN net adapters were being installed and new remote users
being granted to every friggin thing.

Here are some of the details..I'm manually entering these, so excuse if it
doesn't appear "authentic"

Startup mode has been set to auto.
Internet worm protect setting "port block allow netbios" changed. old value
1..new 0
protecting your connection network to a new detected net adapter "Intel
pro/100...) packet scheduler miniport" (IP xxx.xxxx.xxx)
protecting your connection to newly detected net adapter "WAN (PPP/SLIP)
interface" (IP xxx.xxx)
No user is logged in
IP address xx.xxx.xxx.xxx has dissapeared and is no longer being protected.
protecting your connection to newly detected network ON adapter "Intel..."
packet sked miniport.
Internet worm protect setting "port block allow netbios" changed. old value
1..new 0
user logged in.

HELP PLEASE!!!!
 
From: "MrGib" <[email protected]>

| XP Home SP2
|
| Have a trojan/virus. The thing disabled the windows f/w and
| modified/disabled McAfee v/s & f/w plus. It even "created" a phony display
| of my McAfee internet traffic when requested. (ie the graph that monitors
| activity that can be refreshed...moving all the time.) The image was a set
| non-moving graph image that was BS???? Installed ZoneAlarm Pro (trial) and
| Norton (trial)...ran a complete scan with no hits. Also was running
| CWShredder, HiJackThis, AdAware and SB S&D...these were being run initially
| before McAfee was hacked and also after I installed the new ZA and Norton.
| NO HITS. Had all kind of errors/warnings in event viewer/admin. tools area.
| Like numerous WAN net adapters were being installed and new remote users
| being granted to every friggin thing.
|
| Here are some of the details..I'm manually entering these, so excuse if it
| doesn't appear "authentic"
|
| Startup mode has been set to auto.
| Internet worm protect setting "port block allow netbios" changed. old value
| 1..new 0
| protecting your connection network to a new detected net adapter "Intel
| pro/100...) packet scheduler miniport" (IP xxx.xxxx.xxx)
| protecting your connection to newly detected net adapter "WAN (PPP/SLIP)
| interface" (IP xxx.xxx)
| No user is logged in
| IP address xx.xxx.xxx.xxx has dissapeared and is no longer being protected.
| protecting your connection to newly detected network ON adapter "Intel..."
| packet sked miniport.
| Internet worm protect setting "port block allow netbios" changed. old value
| 1..new 0
| user logged in.
|
| HELP PLEASE!!!!
|


There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus


Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files


1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt520.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .

2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode then shutdown as many applications as possible.
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point

* * Please report back your results * *
 
Back
Top