Jump to content
Sign in to follow this  
stuinsnow

Trojan horse, SuperAntispyware and problems...

Recommended Posts

Hello,

My computer was infected by Trojan horse virus (trojan aspx.js.win32). The virus itself was successfully removed. However, I face following problems.

I used both:

(i) MalwareBytes’s Anti-Malware (http://www.malwarebytes.org/mbam.php) and

(ii) SuperAntispyware (www.superantispyware.com)

After using the second one, my laptop faces following problems:

1. Windows XP start-up and closing images look older version.

2. Links to "***.exe" are dead regardless of location of "***.exe", i.e., in C drive or USB. Now all icons are empty white, i.e., round Internet explorer icons is now white rectagle

3. Wireless network is all dead and cannot repair.

4. I used System Restore to go back to situation which my computer is affected by the virus. But it did not work.

Could you tell me how to fix these?

Stu

Share this post


Link to post
Share on other sites

Hello,

My computer was infected by Trojan horse virus (trojan aspx.js.win32). The virus itself was successfully removed. However, I face following problems.

I used both:

(i) MalwareBytes’s Anti-Malware (http://www.malwarebytes.org/mbam.php) and

(ii) SuperAntispyware (www.superantispyware.com)

After using the second one, my laptop faces following problems:

1. Windows XP start-up and closing images look older version.

2. Links to "***.exe" are dead regardless of location of "***.exe", i.e., in C drive or USB. Now all icons are empty white, i.e., round Internet explorer icons is now white rectagle

3. Wireless network is all dead and cannot repair.

4. I used System Restore to go back to situation which my computer is affected by the virus. But it did not work.

Could you tell me how to fix these?

Stu

Stu - sounds like the infection has damaged some of your system files. You may want to back up your data, then try a windows repair installation from the CD/DVD.

Share this post


Link to post
Share on other sites

Stu - sounds like the infection has damaged some of your system files. You may want to back up your data, then try a windows repair installation from the CD/DVD.

That might be the only solution, but I'd first try the .exe file association fix:

http://www.dougknox.com/xp/file_assoc.htm

Can the laptop connect to the internet by wire?

Share this post


Link to post
Share on other sites

Seth,

Thanks for reply. I took following steps:

1. Save the .exe file to my USB through another computer because I do not have access to internet (I used wireless)

2. Copy the file to desktop of my infected laptop.

3. Open the file, messages come out, click yes and yes

4. Nothing changes because registry does not open

5. Open registry as instructed and type regedit.exe

6. Nothing changes...

7. In registry, type xp_exe_fix.reg

8. Nothing changes...

Can you tell me if I miss important steps or Do I need reinstall CD/DVD?

That might be the only solution, but I'd first try the .exe file association fix:

http://www.dougknox.com/xp/file_assoc.htm

Can the laptop connect to the internet by wire?

Share this post


Link to post
Share on other sites

Hello,

Thanks for your reply. I am confused by repair installation and reinstallation. Are these two the same?

I am afraid that some software would be deleted if reinstalled because I do not have back-up CD-ROM for this software. Does reinstallation delete previously installed (after purchase) software?

Thanks,

Stu

Stu - sounds like the infection has damaged some of your system files. You may want to back up your data, then try a windows repair installation from the CD/DVD.

Share this post


Link to post
Share on other sites

A Repair install will replace the System files with the files on the XP CD used for a repair install. It will leave your applications and settings intact but you will probably have to redo the Windows Updates.

A Repair install will replace files altered by Adware and Malware but will not fix the malware problem. Also remember to backup any personal data incase something does go wrong.

A complete Windows reinstall will write over everything and you will have a fresh install of Windows with no personal data or settings saved.

Share this post


Link to post
Share on other sites

Seth,

After restarting computer, access to .exe works!!!!!! It is still white dead icons though.

When the computer starts up, QuickScan starts to work, saying my computer is affected by Trojan.zefarch in amuluheqic.dll. What can I do for this?

Still, start-up and closing images of Windows look old version, i.e., without icons for restart, shut down, etc, rather scrolling these down. Can you also tell me how Windows goes back to the ones with icons?

Stu

That might be the only solution, but I'd first try the .exe file association fix:

http://www.dougknox.com/xp/file_assoc.htm

Can the laptop connect to the internet by wire?

Share this post


Link to post
Share on other sites

That's great news.

Make sure SAS is fully updated, then run a complete scan. If the icons are still damaged, download TweakUI from here:

http://download.cnet.com/Tweak-UI/3000-2072_4-10002117.html

When you run the program, go to the "Logon" option and open "Repair". You'll then see the option to rebuild the icons.

Right click on the start menu and choose properties. You can then change between a classic and regular start menu.

Share this post


Link to post
Share on other sites

Seth,

Thanks again.

I tried to update SAS but my computer say it is blocked by firewall. So, I tried to open security center in control panel, but could not because rundll32.exe is not executed.

Again, start-up and closing images are still old. Property at Start can change Start-up menu. It looks OK, but not opening and closing images.

I am really appreciate you and this community. Is there any way I can contribute, i.e., donate?

Stu

That's great news.

Make sure SAS is fully updated, then run a complete scan. If the icons are still damaged, download TweakUI from here:

http://download.cnet.com/Tweak-UI/3000-2072_4-10002117.html

When you run the program, go to the "Logon" option and open "Repair". You'll then see the option to rebuild the icons.

Right click on the start menu and choose properties. You can then change between a classic and regular start menu.

Share this post


Link to post
Share on other sites

You're welcome.

https://www.superantispyware.com/donation.html

Did TweakUI repair the icons?

Also, try running the SAS portable scanner. It doesn't need an internet connection:

https://www.superantispyware.com/portablescanner.html

I forgot that your wireless wasn't working, so that's why SAS wouldn't update.

If you can open Internet Options from Control Panel, then go into the Connections tab and click on Lan Settings. Make sure "Use a Proxy..." is unchecked, then check the internet. Also post the Default Gateway IP for the wirless connection if the above doesn't get you online:

http://kb.iu.edu/data/ajfx.html

BTW-Do you have an XP cd?

Share this post


Link to post
Share on other sites

Seth,

After running SAS, all icons are repaired. Still rundll32.exe does not work.

I restarted my computer, then all corrections are disabled again!

When I install xp_exe_fix.reg and run SAS, wireless network revived. But again, they are dead now. Even when connected to wireless network, I could not update SAS.

I have XP CD/DVD.

Thanks!

You're welcome.

https://www.superantispyware.com/donation.html

Did TweakUI repair the icons?

Also, try running the SAS portable scanner. It doesn't need an internet connection:

https://www.superantispyware.com/portablescanner.html

I forgot that your wireless wasn't working, so that's why SAS wouldn't update.

If you can open Internet Options from Control Panel, then go into the Connections tab and click on Lan Settings. Make sure "Use a Proxy..." is unchecked, then check the internet. Also post the Default Gateway IP for the wirless connection if the above doesn't get you online:

http://kb.iu.edu/data/ajfx.html

BTW-Do you have an XP cd?

Share this post


Link to post
Share on other sites

Hi Seth,

I did repair install. But nothing is changed. Still, icons are dead and .exe are not executed.

I tried xp_exe_fix.reg and SAS, then reboot. But again no changes.

After running SAS, every time diagnostics says it finds one dagame and it is System.BrokenFileAssociation in Threat description.

Then SAS removes ".exe\" I doubt this is problematic.

Since repair install did not work, all I can do now is reinstallation??? Sign...

Stu

Share this post


Link to post
Share on other sites

I wouldn't resort to a clean install just yet.

Run ComboFix from Safe Mode With Networking.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Once it's running, don't touch the computer until ComboFix's log file appears. If you still have the icon issue following that, then run the TweakUI icon repair. If the .exe is still broken, run the exe fix utility I posted.

The above should clear things up. If not, then back up your data in preparation for a clean install of XP. Before proceeding with the clean install, please post the make and model of the PC.

Share this post


Link to post
Share on other sites

Seth,

Thanks again for your help.

I have a couple of questions.

1. Because my computer lost wireless access, can I first save ComboFix on USB through another computer, then paste it on desktop of infected computer?

2. Should I start for normal XP, then ComboFix automatically proceed to safe mode with networking? Or Should I start with safe mode from the scratch, pressing F8 when start-up?

Have good long holiday!

Toru

I wouldn't resort to a clean install just yet.

Run ComboFix from Safe Mode With Networking.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Once it's running, don't touch the computer until ComboFix's log file appears. If you still have the icon issue following that, then run the TweakUI icon repair. If the .exe is still broken, run the exe fix utility I posted.

The above should clear things up. If not, then back up your data in preparation for a clean install of XP. Before proceeding with the clean install, please post the make and model of the PC.

Share this post


Link to post
Share on other sites

Yes, download it to a USB, then go directly to Safe Mode and paste the file to the desktop. Double click the pasted desktop file to run it.

I initially suggested Safe Mode With Networking, but just use regular Safe Mode.

Share this post


Link to post
Share on other sites

Seth,

I proceeded to Windows recovery console part. Then it says it needs internet connection.

Should I use safe mode with networking? However, I am afraid but I do not have wireless network now...

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I closed the box anyways, then without "Combofix console recovery finished" poping out, "Completed Stage_1, ..." lines come out.

Should I proceed without internet connection?

Yes, download it to a USB, then go directly to Safe Mode and paste the file to the desktop. Double click the pasted desktop file to run it.

I initially suggested Safe Mode With Networking, but just use regular Safe Mode.

Share this post


Link to post
Share on other sites

Seth,

In Safe mode, icons are indicated correctly. Then restart and in normal mode, icons are dead and .exe does not work after double-clicking "xp_exe_fix" on desktop.

I still don't know how to use TweakUiPro though...

Attached is log by ComboFix.

Yes. Just let it go until you see the log file appear.

ComboFixLog.txt

Share this post


Link to post
Share on other sites

What is the make and model# of the PC?

It is Dell Latitude D620.

I restarted with Safe mode (without networking). I found shortcut to Internet explorer and Word Pad are working, and actually even in normal mode.

Thank you so much indeed.

Share this post


Link to post
Share on other sites

I forgot to mention that when finished running ComboFix in safe mode, Windows asked to do System Restore. But I did not do anything.

At this moment, in starting in normal mode, Windows pops out "Windows cannot open this file" windows. And it seems xp_exe_fix does not work except Internet Explorer. I should have made this clear. ".exe" works only for Internet Explorer (I found not for Word Pad, but for Word pad document saved on desktop).

Should I have done System Restore? If so, should I repeat ComboFix?

Or should I do Super Anti Spy?

Thanks!

You're welcome.

Is everything working now?

Share this post


Link to post
Share on other sites

You said you already tried System Restore, but go ahead and try a different restore point.

If that doesn't work, you might as well back up the data and clean install XP. Note that you should also have a cd with the drivers on it. If you don't have that cd, then the needed drivers can be found on Dell's website.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×