1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

trojan dropper

Discussion in 'Virus & Other Malware Removal' started by mimo2005, Sep 23, 2004.

Thread Status:
Not open for further replies.
  1. mimo2005

    mimo2005 Thread Starter

    Joined:
    Aug 14, 2004
    Messages:
    454
    First...



    Open My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders"

    Click "Apply" then "OK"

    Next: go to:

    Start>Search>All Files and Folders

    Go down to More advanced options and....



    Be sure the first three boxes are selected:

    Search System folders

    Search Hidden Files and folders

    Search SubFolders



    Then...



    Reboot your system into safe mode (tap F8 key while booting) select safe mode.



    Then...



    Using the Task Manager, Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => right click on the following processes and select "End Process" for if present (just a check).



    brsvc01a.exe

    brss01a.exe

    Brmfrmps.exe

    BRMFRSMG.EXE

    zzdjmaf.exe



    Now...



    Go to: Start>Run and type in HijackThis >OK to open the program, scan, and place a check beside the entries listed below. Make sure ALL Browsers and Explorer Windows are closed (most important). Then click on the "Fixed checked" button.
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    O1 - Hosts: 192.1.1.2 mris_sv1
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mris.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mris.com

    Then still in safe mode....


    Go to Start>Search>All Files and Folders.

    Search for the following and delete:

    C:\WINDOWS\System32\brsvc01a.exe

    C:\WINDOWS\System32\brss01a.exe

    C:\WINDOWS\system32\Brmfrmps.exe

    C:\WINDOWS\System32\BRMFRSMG.EXE

    C:\WINDOWS\System32\zzdjmaf.exe

    C:\WINDOWS\System32\ffe.dll

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV -----> folder

    C:\WINDOWS\System32\zzdjmaf.exe



    Reboot as normal and go to your control panel->add/remove programs ,look for any suspicious program like window search ,800rebate,webrebate ,MYWEB :you know stuff like that ,good luck
     
  2. mimo2005

    mimo2005 Thread Starter

    Joined:
    Aug 14, 2004
    Messages:
    454
    quote "ok I turned off restore and ran nortons anti-virus again. These are the problems that came out of the anti-virus test:
    file name: ezstub.exe, incredfind.exe x2, memwatcherz.exe x2
    threat names: all were adware
    I tried to delete them, but nortons will not do this."

    you have to kill them in task manager first ctrl+alt+del
    then scan in safe mode with NAV (norton) ,then he can quarantine them or delete them ,if the problem persist ,let us know ,good luck
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/277184

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice