help and i am fucking doomed

[stuveltje]

i cant get on the link fred i get time out

[stuveltje]

that file you pointed me at is infected with the midglieder trojan thing

[f69j69b]

Stu then dont delete it because like I said I'm not 100% sure and wouldn't want to be the cause of making it worse wait and see if someone else that reads the hijackthis log agrees with me.

ok then if that is a virus let hijackthis fix it
Fred

[MrHackula]

Quote:

Originally Posted by stuveltje

wowwwwwwwwwwww Mrhackula i am wokrking on it thanks

You are welcome.

Now, the mitglieder worm you already know about. Here is the details page at symantec:

http://securityresponse.symantec.com...glieder.b.html

The most interesting line is this one:

"The Trojan also downloads and executes PWSteal.Ldpinch"

... so any common passwords in use are to be suspect and should be changed.

For the hijack this log... There is another tool you might find helpful if you can't reach the first:

http://hjt.iamnotageek.com/

In my opinion the only really bad thing there was already pointed out by someone else(f69j69b):

C:\WINDOWS\System32\system.exe


The actual file in this case is called:

"ssgrate.exe"

... it is just lyint to the system process manager to make it think it has a true filename of: "system.exe"

Read the removal instructions at symantec's site (linked above) and all should be well.

If you need anything else, just ask.

Dealing with this shit is fun, isn't it?

Now you know why my blacklist is up to 67,126 domains.

Pity there aren't enough non-"traffic-trading" (circle jerk) sites out there to bother making a communal blacklist.

Most sites approve anything because the surfer only has a 1-10 chance of seeing an actual gallery anyway. :-(

I hope it is easy fixing from here on out.

Mr. H.

[stuveltje]

Quote:

Originally Posted by MrHackula

You are welcome.

Now, the mitglieder worm you already know about. Here is the details page at symantec:

http://securityresponse.symantec.com...glieder.b.html

The most interesting line is this one:

"The Trojan also downloads and executes PWSteal.Ldpinch"

... so any common passwords in use are to be suspect and should be changed.

For the hijack this log... There is another tool you might find helpful if you can't reach the first:

http://hjt.iamnotageek.com/

In my opinion the only really bad thing there was already pointed out by someone else(f69j69b):

C:\WINDOWS\System32\system.exe


The actual file in this case is called:

"ssgrate.exe"

... it is just lyint to the system process manager to make it think it has a true filename of: "system.exe"

Read the removal instructions at symantec's site (linked above) and all should be well.

If you need anything else, just ask.

Dealing with this shit is fun, isn't it?

Now you know why my blacklist is up to 67,126 domains.

Pity there aren't enough non-"traffic-trading" (circle jerk) sites out there to bother making a communal blacklist.

Most sites approve anything because the surfer only has a 1-10 chance of seeing an actual gallery anyway. :-(

I hope it is easy fixing from here on out.

Mr. H.

thanks it seems i got rid of the thing but i got rid of more then needed, i still need to reinstal some of ie and my mail because they dont work good anymore. what a hell, so i am not done yet....i will be back here question is only to ask more or to say i did it

[stuveltje]

oke have runned all the programs now, it looks its gone, but, there is the but....puter is slow with starting up, sintetnet exploere is still fucked and firefox is finme, i tried to reinstal ie with the setup i have, but the puter said cant find iesetup.inf or something like

[Dan]

you should have let me get someone else to do the sites
what a pain in the ass it been so sorry
hit me when you back ok

[Cleo]

Until next month when you get to go through all this again…

[stuveltje]

Quote:

Originally Posted by Dan

you should have let me get someone else to do the sites
what a pain in the ass it been so sorry
hit me when you back ok

na dont be sorry, its the latest of coolwwwsearch thing which attacks you as an virus, could been anybody who got hit with it, ii had most of the programs mentioned here on my puter
and no virus scanner would catch it, its like symantic said , it has to be removed by hadn also, cwshredder thing couldnt find it but it was there.na i think i can be safe now for awhile with firefox, because thats the only one who does work on my puter. i am gonna review this eve again. i have send opti also pm, because all my pass and ids are whiped out too.

[stuveltje]

Quote:

Originally Posted by Cleo

Until next month when you get to go through all this again…

well when it happens to me its everytime an other thing, this one i never ever had , while its bin around since i believe august 2004, but sure it was learning again. And its realy great to see how many people are popping in to help, this way others can learn also about the problem

[stuveltje]

oke uodate even with all the help here, it didnt work, well it did work to get rid of the coollwww and the 100s of other strange stuff in it, but my files are so damnage that xp cant work good anymore, even putting files back from the disk wont work, so what i am going to do is, totally reinstal xp but then with xp sp2 with it, i am gonna back up all my stuff i need and i ned to do something with those emails, because i dont know how to put my emails in an folder so i can burn them on cd . I realy realy wanna thank all for the help it was realy apriciated and you guys are the best!!! btw i have an totally upgrade and updated puter ready just incase i fuck up reinstalling xp pro again.

[ronnie]

Quote:

Originally Posted by stuveltje

oke uodate even with all the help here, it didnt work, well it did work to get rid of the coollwww and the 100s of other strange stuff in it, but my files are so damnage that xp cant work good anymore, even putting files back from the disk wont work, so what i am going to do is, totally reinstal xp but then with xp sp2 with it, i am gonna back up all my stuff i need and i ned to do something with those emails, because i dont know how to put my emails in an folder so i can burn them on cd . I realy realy wanna thank all for the help it was realy apriciated and you guys are the best!!! btw i have an totally upgrade and updated puter ready just incase i fuck up reinstalling xp pro again.

In XP there is a "Settings and Files Transfer Wizard", you can use to back up/burn your e-mails and put them back in on another system or fresh OS. Worked for me...

ronnie