Jump to content

TR Dropper infection


Recommended Posts

Hello, I seem to have caught a TR/Drop... and TR/Spy... infection. Avira has removed some of the offending files, Malwarebytes has removed some, and SUPERAntispyware has removed some. But alas, I'm still getting browser redirects. I've uninstalled all instances of Java and JRE - used JavaRA and deleted Java folders. I'm currently running Kaspersky Virus Removal Tool - now close to 4 hours and it's only at 21%. I will likely exit out of that shortly.

I've cleared both IE8 and Firefox caches, histories, cookies, etc. I also ran HijackThis but didn't see anything unusual but what do I know... I'm running Vista SP2 with all updates. Anyway, I've finally decided that I can't do this on my own and need expert help from you folks. I would really appreciate any help you could provide. Thank you!

Link to post
Share on other sites

Thank you, Chris! Here they are:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4412

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

8/10/2010 12:20:10 AM

mbam-log-2010-08-10 (00-20-10).txt

Scan type: Quick scan

Objects scanned: 130304

Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Jeff at 0:16:17.91 on Tue 08/10/2010

Internet Explorer: 8.0.6001.18928

Microsoft

Link to post
Share on other sites

Forgive me for my impatience, but I'm sort of stuck in limbo until I can resolve this. Is there something I can/should do like run Combofix or HijackThis or...? I really appreciate the willingness of you folks to take time out of your day to help me out. Thanks!

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Thanks, but I couldn't wait any longer. I was forced to reformat and do a clean install. It wasn't so much a matter of impatience on my part than the real-time necessity of having a workable, uncompromised computer to do my work. I fully understand that you volunteer your time to help people like me, but when you're stranded out in the middle of nowhere so-to-speak, you do what is necessary to get back on the road.

I see the value of only following a single person's uniquely tailored instructions but there are also inherent liabilities in such a model. In my case, the liabilities outweighed the advantages by several days. In the end, the problem was entirely mine as was the solution. Lesson learned. Thanks for your time.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.