View Single Post - Help please with Trojans -> Metajuan, Downloader, tc.

**ceewi1** · 02-07-2008, 08:47 AM

Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

File::
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\warnhp.html
C:\WINDOWS\system32\iexplore.exe

Folder::
C:\VundoFix Backups

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iinl"=-
"Ifo"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"intell321.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbxvu]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1D08B3E4-1F0A-0DF8-0605-050600040806}]

Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.

CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

How is your system running now?

02-07-2008, 08:47 AM	#4 (permalink)
ceewi1 Moderator Join Date: Dec 2005 Location: Melbourne, Australia Age: 22 Posts: 5,418	Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: Code: File:: C:\WINDOWS\mrofinu572.exe.tmp C:\WINDOWS\warnhp.html C:\WINDOWS\system32\iexplore.exe Folder:: C:\VundoFix Backups Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Iinl"=- "Ifo"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "intell321.exe"=- [-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbxvu] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1D08B3E4-1F0A-0DF8-0605-050600040806}] Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop. Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log. CAUTION: Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running. How is your system running now? __________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870 RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. Useful PSU Guides