Jump to content

Trojan.Hitori/Trojan.Agent.U/Google Redirect etc


Recommended Posts

Hi Guys,

I've been affected by Malware/Virus recently and resulted in me scanning my system with Malwarebytes and finding Trojan.Hitori and then today Trojan.Agent.U - I have experienced Explorer freezing up and slow response from programs. Also Google would not direct to links I would search for but that is fine now. I've enclosed a Hijack this log. Take a peek & let me know what other logs are needed & what needs to be done. Help would be greatly appreciated.

Cheers

Matt

Link to post
Share on other sites

Hi Guys,

I've been affected by Malware/Virus recently and resulted in me scanning my system with Malwarebytes and finding Trojan.Hitori and then today Trojan.Agent.U - I have experienced Explorer freezing up and slow response from programs. Also Google would not direct to links I would search for but that is fine now. I've enclosed a Hijack this log. Take a peek & let me know what other logs are needed & what needs to be done. Help would be greatly appreciated.

Cheers

Matt

The Log would help...

hijackthis.log

Link to post
Share on other sites

Hello STARKS87

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Hi Kahdah,

Thank you for taking time to assist me.

I must provide you with an update - I downloaded Stopzilla which located the following; instcat.dll, ntidrvr.sys and quarantined & deleted them. It popped up advising Desktopvirii - Search Hijacker.G - Search Hijacker Proxy - System Policies.DisableRegistryTools - Explorer Policies.NoControlPanel had been detected. Since this, Explorer has stopped freezing. I have ran the OTL scan and the results are the following; By the way, I did try to download the Rootkit unhooker but it will not download.

Both files are attached beneath.

Extras.Txt OTL.Txt

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.