PDA

Просмотр полной версии : Problem with IE



Palya
10.05.2007, 17:52
I have problem with IE and update for DrWeb. Every time i want to start IE i have mistake. The same with Drweb Update
DrWeb has found files in c:\windows\system32 infected Trojan. When i remove this file to another directory, everythink work. Every time i restart computer 1 files add to the system32 directory with name ie?????.dll . The 3rd,4th letter is the same with 6th and 7th letter.

In 2 weeks my comp stop to connect to the internet and write mistake 800.

Please help me. I speak russian, but can not create new thread in russian language.

Pavel

Bratez
10.05.2007, 18:08
Please, execute the following script in AVZ:


begin
SetAVZGuardStatus(True);
QuarantineFile('rsvp32_2.dll','');
ExecuteRepair(14);
BC_QrFile('C:\Documents and Settings\Mama.MAMANOTEBOOK\Главное меню\Программы\Автозагрузка\MSWin--2055792087.exe');
BC_QrFile('C:\WINDOWS\System32\ieubcub.dll');
BC_QrFile('C:\WINDOWS\System32\iekjvkj.dll');
BC_DeleteFile('C:\WINDOWS\System32\iekjvkj.dll');
BC_DeleteFile('C:\WINDOWS\System32\ieubcub.dll');
BC_DeleteFile('C:\Documents and Settings\Mama.MAMANOTEBOOK\Главное меню\Программы\Автозагрузка\MSWin--2055792087.exe');
BC_Activate;
RebootWindows(true);
end.

After system reboots, upload all quarantined files according to appendix #3 of Rules.
Use this page to upload:
http://virusinfo.info/upload_virus.php?tid=9611

Palya
10.05.2007, 18:38
zakachal - закачал

Palya
10.05.2007, 18:50
done

Rene-gad
10.05.2007, 20:44
done
Files contain:

Trojan-Spy.Win32.Goldun.pf
Trojan-Spy.Win32.Banker.ckj
Pls. repeat the logs.

Bratez
11.05.2007, 01:10
Pls. repeat the logs.

Don't hurry, please :)
First, execute the following script in AVZ:


begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\WINDOWS\system32\iewilwi.dll');
DeleteFile('C:\WINDOWS\system32\iepyvpy.dll');
DeleteFile('C:\WINDOWS\system32\ierglrg.dll');
DeleteFile('C:\WINDOWS\system32\ienbrnb.dll');
DeleteFile('C:\vir\iephhph.dll');
DeleteFile('C:\vir\iehoiho.dll');
DeleteFile('C:\vir\ieecwec.dll');
DeleteFile('C:\WINDOWS\System32\ieggogg.dll');
DeleteFile('C:\WINDOWS\System32\iekjvkj.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
After system reboots, make new logs.

anton_dr
11.05.2007, 05:22
Hello.

New malicious software was found in the attached file.
Trojan-Spy.Win32.Goldun.pf
It's detection will be included in the next update. Thank you for your help.
-----------------
Regards, Roman Gavrilchenko
Virus Analyst, Kaspersky Lab.

Palya
11.05.2007, 10:05
Hi, Thanks for your help again.
I have execute this log

Bratez
11.05.2007, 10:12
So, after executing the script, you have to make new logfiles - see the Rules starting at step #8. Then attach these logs to your next message.

Palya
11.05.2007, 15:07
I'm ready for your command

drongo
11.05.2007, 16:07
1.)Please Fix in Hijack this (http://virusinfo.info/showthread.php?t=9206):


O20 - AppInit_DLLs: C:\WINDOWS\System32\ieikaik.dll

2)Please execute the following script in AVZ :


begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\WINDOWS\System32\ieikaik.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.


***after executing the script, you have to make a new logfiles - see the Rules starting at step #8. Then attach these logs to your next message.
3) You need to update your system to sp2 and install about 200 security updates after that . Oterwise your system is like a honey to a bear ;) P.S. Remember: after sp2 you will need an activation for windows ;) Resset.dll will not work ;)

Bratez
11.05.2007, 16:18
Yet another ie?????.dll appeared... But I can't see their "mother"!
Did you try to launch Internet Explorer?
IMHO, we need to inspect your iexplore.exe.
So, execute this script in AVZ:


begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\Program Files\Internet Explorer\iexplore.exe','');
DeleteFile('C:\WINDOWS\System32\ieikaik.dll');
BC_DeleteFile('C:\WINDOWS\System32\ieikaik.dll');
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
and upload new quarantine as you did before.

Palya
11.05.2007, 17:06
Bratan what to do????
Listen to you or listen to Drongo

I can not launch IE.

drongo
11.05.2007, 17:12
both , it is almost the same ;)

Palya
11.05.2007, 17:49
At first i did it for Bratez, because second way for 2,5 hours

Palya
11.05.2007, 17:54
There is no new filies ie?????.dll after we check iexplore.exe in system32 directory

Bratez
12.05.2007, 02:02
I don't see your new quarantine with iexplore.exe.
You have uploaded the old one, with ie?????.dll collection.

Palya
14.05.2007, 18:50
There was the big weekend. Attached you can find fresh logs

Bratez
15.05.2007, 15:47
As far as I can see, everything is OK now.
Is there still any problem in computer's behaviour?