Jump to content

Infected with the trojan:JS/Medfos.A


Hoddy

Recommended Posts

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

~~~~~~~~~~~~~~~~~~~~

Reboot and...........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 48 hours, please send me a PM)

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKLM\[...]\Run : rtfto ("C:\Windows\System32\rundll32.exe" "C:\Users\Hoddy\AppData\Roaming\rtfto.dll",Module_New) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Now click Delete on the right hand column under Options

-------------

Next click on the Processes tab and put a check next to these and uncheck the rest. (if found)

[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Hoddy\AppData\Roaming\rtfto.dll -> KILLED [TermProc]

[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Hoddy\AppData\Roaming\rtfto.dll -> KILLED [TermProc]

Now click Delete on the right hand column under Options

Delete these files if found:

You may have to enable hidden files to see them:

http://www.howtogeek...-windows-vista/

C:\Users\Hoddy\AppData\Roaming\rtfto.dll

C:\Users\Hoddy\AppData\Local\Temp\IHUFE4B.tmp.exe

~~~~~~~~~~~~~~~~~~~~~~~~~

Can you post the log from Malwarebytes??

MrC

Link to post
Share on other sites

I believe that has fixed it....before the first rogue killer scan every five minutes I was getting a little popup at the right hand bottom corner of my screen from MSE saying items deteced...no action needed. And if I opened Microsoft Security Essentials under the history tab in "Quaranteed items" and "all items deteced" would be the trojan...it would manifest itself every 5 minutes like clockwork...it hasn't shown up since I ran rogue killer at 8:36...so I think rogue killer got it.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.