1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Trojan.Win32.Monder.yl

Discussion in 'Malware and Virus Removal Archive' started by fakin, 2008/08/02.

Page 2 of 2
  1. 2008/08/05
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK please do this.

    Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

    First step:
    • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
    • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
    • If you have Version 1.4, Click on Exit Spybot S&D Resident
    Second step, For Either Version :
    • Open Spybot S&D
    • Click Mode, choose Advanced Mode
    • Go To the bottom of the Vertical Panel on the Left, Click Tools
    • then, also in left panel, click Resident shows a red/white shield.
    • If your firewall raises a question, say OK
    • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer "(Protection of over-all system settings) active
    • OK any prompts.
    • Use File, Exit to terminate Spybot
    • Reboot your machine for the changes to take effect.


    Make sure TeaTimer has been disabled, and verifying via Task Manager> Processes tab that TeaTimer.exe is not running.

    Download ResetTeaTimer.bat by right clicking the link and selecting Save Target As and save it your desktop.
    Now double click ResetTeaTimer.bat to run it.
    Then since it will not be needed again delete ResetTeaTimer.bat



    Now Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F11D5D5-3FB2-4ADD-84AD-D69BC9A5D312}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYQJab]

    • Please go to Jotti's malware scan
    • Copy and paste the following file path into *the * "File to upload & scan "box on the top of the page: one at a time
      • C:\WINDOWS\system32\vete.1
    • Click on the submit button
    • Please post the results in your next reply.

    Please post the combofix log and the Jotti results.

    Thanks
    Geri
     
    Geri,
    #21
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...