Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan attack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Trogan » January 22nd, 2007, 5:28 pm

Hi touranagram

Please do the following...

Open Notepad!
Copy and Paste everything from the Quote box into Notepad:

del \\.\C:\Program Files\Windows NT\com4.exe
del \\.\C:\Program Files\Common Files\Services\com4.exe


Go to File > Save As
Save File name as "Fix.bat" (including quotes)
Save the file to your desktop.

Close Notepad, and double-click Fix.bat on your Desktop. A window will open and close. This is normal.

Reboot the computer and check that those files are gone.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London
Advertisement
Register to Remove

Unread postby touranagram » January 22nd, 2007, 6:01 pm

:cry: Did as you said and they are still there.. mmm strange they are write protected files which I cannot change
touranagram
Regular Member
 
Posts: 22
Joined: January 22nd, 2007, 7:28 am
Location: UK

Unread postby Trogan » January 22nd, 2007, 6:10 pm

What is the File System of the computer - FAT32 or NTFS?
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby Trogan » January 22nd, 2007, 6:22 pm

Please do the following...

Download Fixgrom.zip from any of the locations below and unzip it to your desktop. (do not run from within the archive)

http://aknow.prevx.com/zeroL/FixGrom.exe
http://pcalsicuro.phpsoft.it/FixGrom.exe
  1. Doubleclick FixGrom.exe
  2. Click Scan.
  3. If you get a warning that the Rootkit Component was not found on the system, answer YES to the question if you want to continue removal anyway.
  4. Prevx will ask you to reboot, click OK.
  5. After reboot, Prevx will scan your system, this might take a couple of minutes, please be patient.
  6. When done, click Exit.
  7. Answer No to the question if you want to download and install Prevx1 now.
  8. A log will be created named C:\gromozon_removal.log, please post that back here.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby Trogan » January 23rd, 2007, 6:17 am

Hi touranagram!

It seems like you have a nasty infection which is preventing those files from deleting. I hope we can get your computer fully cleaned up with help from other experts.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby touranagram » January 24th, 2007, 5:17 am

Sorry been away yesterday. the file system is NTFS. Do you still want me to do the Fixgrom.exe?
touranagram
Regular Member
 
Posts: 22
Joined: January 22nd, 2007, 7:28 am
Location: UK

Unread postby touranagram » January 24th, 2007, 6:09 am

As requested

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Program Files\Common Files


Trojan.Gromozon does not exist - your system is clean.

Hope that helps
touranagram
Regular Member
 
Posts: 22
Joined: January 22nd, 2007, 7:28 am
Location: UK

Unread postby Trogan » January 24th, 2007, 12:10 pm

Hi touranagram! Sorry for the delay. Lets try this.

Download http://images.malwareremoval.com/Kimberly/cleanme.zip

Unzip to your desktop.
Boot into Safe Mode.
Double-click cleanme.bat
The cacls command will ask for confirmation, anwser Y (Yes)
Notepad will open with c:\log.txt, I will need that later on.
Reboot in Normal Mode and double-check if the files are still present.
Please post the content of c:\log.txt
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby touranagram » January 24th, 2007, 1:52 pm

The log file only has..

checking files

It ran in a dos window ok and stopped. Have I not waiting long enough (5 mins maybe). there was NO disc activity ongoing...

The files are still there as well. Do I need to leave it for ages?

Sorry I have done it wrong..
touranagram
Regular Member
 
Posts: 22
Joined: January 22nd, 2007, 7:28 am
Location: UK

Unread postby Trogan » January 24th, 2007, 2:01 pm

I will get back to you on that, but for now can I get you to do this please...

Start > Run > type control userpasswords2 and hit enter. Post all accounts you don't recognize as a reply

Thanks!
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby touranagram » January 24th, 2007, 2:09 pm

3 users I do not see normally

Administrator

which is not on the normal start up page but on the safe mode. I assume that is OK

Then we have these two administrator passwords which I have never seen

YePV
yKAPYJTjVdj

That looks pretty bad to me, shall I delete these?
touranagram
Regular Member
 
Posts: 22
Joined: January 22nd, 2007, 7:28 am
Location: UK

Unread postby Trogan » January 24th, 2007, 2:53 pm

I'm waiting to hear back from the expert assisting me with this. Shouldn't be too long.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby Trogan » January 24th, 2007, 5:31 pm

Hi touranagram! Here we go...

You may want to print this out as the Internet will not be available once in Safe Mode

1. Lets delete those bad accounts...

Go to Start > Control Panel > User Accounts

Select these Accounts, one by one, and click on Delete Account

YePV
yKAPYJTjVdj


2. Reboot the computer back in Safe Mode.

3. Once in Safe Mode, Double-click cleanme.bat
When you start the batch file, you will see this message :
Cacls command will ask for confirmation, press Y
Press any key to continue ...

Press any key, the batch will now run the cacls command. It will popup with a message "Are you sure ?". Type "Y" and hit enter on the keyboard.
This will happen twice.
The DOS window should now close and notepad will pop up. If the DOS window does not close, close it yourself.
*Notepad will be saved to c:\log.txt*
Reboot in Normal Mode and double-check if the com4.exe files are still present. Let me know!
Please post the content of c:\log.txt
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby touranagram » January 25th, 2007, 5:20 am

OK here goes.

Could not find the 2 user accounts within the control panel they were not listed so I used the control userpasswords2 and I deleted them there.

Rebooted into safe mode and tried to run the batch file again but the same happened the dos window opened and lots of commands/info wizzed by and it closed. the Logfile opened and froze at

checking files

The files are still there and they are read only still so I cannot delete them manually.

The batch file seems not to work correctly what am I doing wrong?

Hope that helps and thanks for you help so far its been much appreciated
touranagram
Regular Member
 
Posts: 22
Joined: January 22nd, 2007, 7:28 am
Location: UK

Unread postby Trogan » January 25th, 2007, 12:50 pm

Hi touranagram

Please do the following...

Go to C:\Documents and Settings and look for these Folders:

YePV
yKAPYJTjVdj


If they are found, right-click on them and select Delete.
______________________________

Please download The Avenger by Swandog46 to the Desktop.
http://swandog46.geekstogo.com/avenger.zip
Click on Avenger.zip to open the file
Then, extract avenger.exe to the Desktop

Next, copy all the blue text below to the Clipboard by highlighting it and pressing Ctrl+C:

Files to delete:
C:\Program Files\Windows NT\com4.exe
C:\Program Files\Common Files\Services\com4.exe


Start The Avenger program by clicking its icon on the Desktop.
Under: Script file to execute, select: Input Script Manually
Now click on the Magnifying Glass icon
It opens a new window titled: View/edit script
Paste the text copied to clipboard into this window by pressing Ctrl+V.
Click Done

Next, click on the Green Light to begin the execution of the script
Answer Yes twice when prompted.

The Avenger automatically does following:
Restarts the computer.
On reboot, briefly opens a black command window on the Desktop. This is normal.

After the restart, it creates a log that opens with the results of Avenger’s actions.
This log is located at C:\avenger.txt

Please provide C:\avenger.txt in your reply.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware