Home > General > Trojan.32.looksky

Trojan.32.looksky

C:\WINDOWS\nsduo.dll Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{0358B946-EAAB-4097-BDF7-D826C54F467F}: DhcpNameServer=58.69.254.70 58.69.254.134 HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EE657F1-0D7B-45A4-AFEC-4716A4DF8921}: DhcpNameServer=58.69.254.70 58.69.254.134 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DF61F082-42D8-4919-9CCF-42D44CBCA380}: DhcpNameServer=58.69.254.104 58.69.254.105 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3EE657F1-0D7B-45A4-AFEC-4716A4DF8921}: DhcpNameServer=58.69.254.70 58.69.254.134 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DF61F082-42D8-4919-9CCF-42D44CBCA380}: DhcpNameServer=58.69.254.104 58.69.254.105 HKLM\SYSTEM\CS3\Services\Tcpip\..\{0358B946-EAAB-4097-BDF7-D826C54F467F}: DhcpNameServer=58.69.254.70 58.69.254.134 HKLM\SYSTEM\CS3\Services\Tcpip\..\{3EE657F1-0D7B-45A4-AFEC-4716A4DF8921}: DhcpNameServer=58.69.254.70 58.69.254.134 HKLM\SYSTEM\CS3\Services\Tcpip\..\{DF61F082-42D8-4919-9CCF-42D44CBCA380}: DhcpNameServer=58.69.254.104 58.69.254.105 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.70 58.69.254.134 thanks again for your patience & step-by-step guidance. i have followed the directions given in the help2go article and nothing is working. C:\WINDOWS\system32\ntoskrnl.exe No streams found. http://softmem.com/general/trojan-exe.html

o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. Thanks. --flwriter Back to top #10 ken545 ken545 Forum God Classroom Teacher 22,959 posts Interests:Fighting Malware and cooking some great Italian and TexMex food Posted 04 September 2007 - 11:39 AM Logfile of HijackThis v1.99.1 Scan saved at 4:50:03 PM, on 9/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe https://forums.techguy.org/threads/hit-by-trojan-32-looksky.624222/

MFDnNC, Sep 20, 2007 #12 abush Thread Starter Joined: Sep 15, 2007 Messages: 8 Thanks. If that happens, just continue on with all the files. I did not do so. This will take some time!!!!!!!!

thank you :) Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 buddy215 buddy215 BC Advisor 10,771 posts ONLINE Gender:Male Location:West Tennessee Local time:07:17 Click here to Register a free account now! My backbround keeps turing fire red with a bid warning signs. I get icons that show up on my computer for erroc check, pc scan, etc and numerous pop-ups.

What do you recommend to handle this? Now i dont know how to remove the Viruses from the mobile phone ... Jump to content FacebookTwitter Geeks to Go Forum Security Virus, Spyware, Malware Removal Welcome to Geeks to Go - Register now for FREE Geeks To Go is a helpful hub, where I have the following: router for network of 3 computers, Spybot Search & Destroy (now), AVG 7.5, Spyware Blaster, and pc tools Spyware Doctor, Reigstry Mechanic, and I have just purchased

o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. - 3. Here is the new Hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:01:14 PM, on 9/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLLYahoo! C:\WINDOWS\msmhost.dll Deleted msmhost not found.

o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. https://www.zonealarm.com/forums/showthread.php/48200-Trojan-w32-looksky Click on the Programs tab then click the Reset Web Settings button. WE'RE SURE THAT YOU'LL LOVE US! Ken Want to help others, Join our Malware Removal Classroom HEREThe forum is staffed by volunteers who donate their time and expertise.If you feel you have been helped, please consider a

Once the setup is complete you will need run Ewido and update the definition files. check my blog Please click here if you are not redirected within a few seconds. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; Learn More.

Log in or Sign up Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Computer problem? For IE-SPYAD, run the batch file and reinstall the protection. Also tell me the ways to protect the mobile phone from the Viruses. ... this content When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or

Let me see the Smifraud log and a new Complete HJT log please Want to help others, Join our Malware Removal Classroom HEREThe forum is staffed by volunteers who donate their Sign In Create Account Body Background skin color theme reset What the Tech Search Advanced Search section: Google This topic Forums Members Help Files Downloads Unreplied Topics View New Content All Rights Reserved.

What do you want tme to do about this?

Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this Under Reports Select Automatically generate report after every scan Un-Select Only if threats were Here is the new log - Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:05:56 PM, on 9/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\privacy_danger\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{AE71A3FA-37C9-4D55-8CCF-31BE8F4D1133}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{AE71A3FA-37C9-4D55-8CCF-31BE8F4D1133}: jeniskies Private E-2 I have this virus on my computer or so that's what all the pop ups say.

Doubleclick on the HJTInstall.exe icon on your desktop. Download SDFix and save it to your Desktop. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; http://softmem.com/general/trojan-again.html Back to top Advertisements Register to Remove #2 ken545 ken545 Forum God Classroom Teacher 22,959 posts Interests:Fighting Malware and cooking some great Italian and TexMex food Posted 03 September 2007

Log in or Sign up MajorGeeks.Com Support Forums Home Forums > ----------= PC, Desktop and Laptop Support =------ > Malware Help - MG (A Specialist Will Reply) > This site uses What do I do? Did we mention that it's free. SmitFraudFix v2.241Scan done at 14:50:50.10, Wed 11/07/2007Run from C:\Documents and Settings\Jonathan\Desktop\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix!!!Attention, following keys

When I connected it to my computer my AVG anti Virus detected and deleted a Virus from ts Samsung Beat 450 mobile ... Messenger"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\Jonathan\Application DataCLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zipCLIENTNAME=ConsoleCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=JONATHAN-1BB3B4ComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\JonathanLOGONSERVER=\\JONATHAN-1BB3B4NUMBER_OF_PROCESSORS=1OS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRAM FILES\QUICKTIME\QTSYSTEMPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 15 Model 63 Stepping 2, AuthenticAMDPROCESSOR_LEVEL=15PROCESSOR_REVISION=3f02ProgramFiles=C:\Program FilesPROMPT=$P$GQTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zipSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\Jonathan\LOCALS~1\TempTMP=C:\DOCUME~1\Jonathan\LOCALS~1\TempUSERDOMAIN=JONATHAN-1BB3B4USERNAME=JonathanUSERPROFILE=C:\Documents and Settings\Jonathanwindir=C:\WINDOWS-- User Profiles ---------------------------------------------------------------Jonathan (admin)-- If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box.