Problem with IE

Printable View

10.05.2007, 18:52
Palya

Problem with IE

I have problem with IE and update for DrWeb. Every time i want to start IE i have mistake. The same with Drweb Update
DrWeb has found files in c:\windows\system32 infected Trojan. When i remove this file to another directory, everythink work. Every time i restart computer 1 files add to the system32 directory with name ie?????.dll . The 3rd,4th letter is the same with 6th and 7th letter.

In 2 weeks my comp stop to connect to the internet and write mistake 800.

Please help me. I speak russian, but can not create new thread in russian language.

Pavel
10.05.2007, 19:08
Bratez

Please, execute the following script in AVZ:
[code]
begin
SetAVZGuardStatus(True);
QuarantineFile('rsvp32_2.dll','');
ExecuteRepair(14);
BC_QrFile('C:\Documents and Settings\Mama.MAMANOTEBOOK\Главное меню\Программы\Автозагрузка\MSWin--2055792087.exe');
BC_QrFile('C:\WINDOWS\System32\ieubcub.dll');
BC_QrFile('C:\WINDOWS\System32\iekjvkj.dll');
BC_DeleteFile('C:\WINDOWS\System32\iekjvkj.dll');
BC_DeleteFile('C:\WINDOWS\System32\ieubcub.dll');
BC_DeleteFile('C:\Documents and Settings\Mama.MAMANOTEBOOK\Главное меню\Программы\Автозагрузка\MSWin--2055792087.exe');
BC_Activate;
RebootWindows(true);
end.
[/code]
After system reboots, upload all quarantined files according to appendix #3 of Rules.
Use this page to upload:
[url]http://virusinfo.info/upload_virus.php?tid=9611[/url]
10.05.2007, 19:38
Palya

zakachal - закачал
10.05.2007, 19:50
Palya

done
10.05.2007, 21:44
Rene-gad

[QUOTE=Palya;108960]done[/QUOTE]
Files contain:
[QUOTE]Trojan-Spy.Win32.Goldun.pf
Trojan-Spy.Win32.Banker.ckj [/QUOTE]
Pls. repeat the logs.
11.05.2007, 02:10
Bratez

[quote=Rene-gad;108979]Pls. repeat the logs.[/quote]

Don't hurry, please :)
First, execute the following script in AVZ:
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\WINDOWS\system32\iewilwi.dll');
DeleteFile('C:\WINDOWS\system32\iepyvpy.dll');
DeleteFile('C:\WINDOWS\system32\ierglrg.dll');
DeleteFile('C:\WINDOWS\system32\ienbrnb.dll');
DeleteFile('C:\vir\iephhph.dll');
DeleteFile('C:\vir\iehoiho.dll');
DeleteFile('C:\vir\ieecwec.dll');
DeleteFile('C:\WINDOWS\System32\ieggogg.dll');
DeleteFile('C:\WINDOWS\System32\iekjvkj.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/code]
After system reboots, make new logs.
11.05.2007, 06:22
anton_dr

Hello.

New malicious software was found in the attached file.
Trojan-Spy.Win32.Goldun.pf
It's detection will be included in the next update. Thank you for your help.
-----------------
Regards, Roman Gavrilchenko
Virus Analyst, Kaspersky Lab.
11.05.2007, 11:05
Palya

Hi, Thanks for your help again.
I have execute this log
11.05.2007, 11:12
Bratez

So, after executing the script, you have to make new logfiles - see the Rules starting at step #8. Then attach these logs to your next message.
11.05.2007, 16:07
Palya

I'm ready for your command
11.05.2007, 17:07
drongo

1.)Please [B][url=http://virusinfo.info/showthread.php?t=9206] Fix in Hijack this[/B][/url]:
[code]
O20 - AppInit_DLLs: C:\WINDOWS\System32\ieikaik.dll[/code]

2)Please execute the following script in AVZ :
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\WINDOWS\System32\ieikaik.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/code]

***after executing the script, you have to make a new logfiles - see the Rules starting at step #8. Then attach these logs to your next message.
3) You need to update your system to sp2 and install about 200 security updates after that . Oterwise your system is like a honey to a bear ;) P.S. Remember: after sp2 you will need an activation for windows ;) Resset.dll will not work ;)
11.05.2007, 17:18
Bratez

Yet another [I]ie?????.dll [/I]appeared... But I can't see their "mother"!
Did you try to launch Internet Explorer?
IMHO, we need to inspect your [B]iexplore.exe[/B].
So, execute this script in AVZ:
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\Program Files\Internet Explorer\iexplore.exe','');
DeleteFile('C:\WINDOWS\System32\ieikaik.dll');
BC_DeleteFile('C:\WINDOWS\System32\ieikaik.dll');
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/code]
and upload new quarantine as you did before.
11.05.2007, 18:06
Palya

Bratan what to do????
Listen to you or listen to Drongo

I can not launch IE.
11.05.2007, 18:12
drongo

both , it is almost the same ;)
11.05.2007, 18:49
Palya

At first i did it for Bratez, because second way for 2,5 hours
11.05.2007, 18:54
Palya

There is no new filies ie?????.dll after we check iexplore.exe in system32 directory
12.05.2007, 03:02
Bratez

I don't see your new quarantine with [I]iexplore.exe[/I].
You have uploaded the old one, with [I]ie?????.dll [/I]collection.
14.05.2007, 19:50
Palya

There was the big weekend. Attached you can find fresh logs
15.05.2007, 16:47
Bratez

As far as I can see, everything is OK now.
Is there still any problem in computer's behaviour?