[Old] - Bit Che 2.0 Release Candidate 4 - Build 35

[ID101]

FC@ scrape magnet link form TPB

[chip!]

modi84

can you try the attached .exe?  note:  this will not create the error.txt

i am still working on this, but i am curios if the changes I have made thus far have fixed the problem or not


thanks
chip

[modi84]

still crashes 

[chip!]

modi84,

can you go to this folder, and then .rar up all the folders that have bit che in the name?  how many do you have?

%localappdata%\Microsoft\Windows\WER\ReportArchive

type this in either Start | Run or hit  "Windows Key + R"

[chip!]

modi84,

here are 3 more test builds.. if one of these doesnt crash, then we are making progress

[modi84]

all crashes 

about "ReportArchive" there are 450+ folders !!
it's too much for you to handle it 

[attachment deleted by admin]

[chip!]

well something interesting in your logs.. more than half of the crashes are related to some file: "ShellIcon32.dll" which is not a Microsoft file, and does not exist on my system. Google searching for that file looks like a number of people are reporting it as a Trojan. My guess is that you are infected with something like this: http://home.mcafee.com/virusinfo/virusprofile.aspx?key=856739

Can you check these locations for "ShellIcon32.dll":

C:\windows\
C:\windows\system32\

If it exists, upload it to www.virustotal.com

Also, put it in an .rar and upload it to me too.


NEXT, I'm going to recommend you do a ComboFix scan on your PC.

Download here: http://www.bleepingcomputer.com/download/anti-virus/combofix

Usage guide: http://www.bleepingcomputer.com/combofix/

When that completes, send me: C:\ComboFix.txt

Thanks
Chip

[modi84]

do u want me to delete ShellIcon32 from my computer ?

[chip!]

modi84,
you are definitely infected with a spy trojan, which very closely resembles that one I posted from the mcafee database (above):

2012-04-16 09:01 . 2012-02-20 18:26   47104   ----a-w-   c:\windows\system32\ShellIcon32.dll
2012-03-16 04:40 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll
2012-03-15 23:48 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120316].bak
2012-03-14 06:50 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120315].bak
2012-03-12 23:26 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120314].bak
2012-03-12 22:02 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120313].bak
2012-02-20 18:26 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120312].bak

there could be other files, which the mcafee site has shown, but from that log, you were infected back in February 20, 2012.

REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellIcon1.01]
@="{C5994580-53D9-4125-87C9-F193FC689CC0}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellIcon1.02]
@="{C5994580-53D9-4125-87C9-F193FC689CC0}"
[HKEY_CLASSES_ROOT\CLSID\{C5994580-53D9-4125-87C9-F193FC689CC0}]
2012-04-16 09:01   47104   ----a-w-   c:\windows\System32\ShellIcon32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellIcon1.01]
@="{C5994580-53D9-4125-87C9-F193FC689CC0}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellIcon1.02]
@="{C5994580-53D9-4125-87C9-F193FC689CC0}"
[HKEY_CLASSES_ROOT\CLSID\{C5994580-53D9-4125-87C9-F193FC689CC0}]
2012-04-16 09:01   47104   ----a-w-   c:\windows\System32\ShellIcon32.dll


the .rar file you posted says the ShellIcon32.dll is corrupt, so I'm not sure if you were able to submit to virustotal.com? 

1. first boot back into Safe Mode
2. Move *all* of those files above into a new folder c:\infected
3. .rar them with a password AND encrypt the file names
4. use regedit to remove those Registry entries above
5. update MBAM and scan your computer
6. Reboot back into regular mode, send me the password protected .rar file.
7. I would try using the trial version of McAfee to scan your computer (I would never normally recommend McAfee, but unless we can confirm from virustotal that other antivirus products are detecting your trojan, then I must suggest using the one which we know detects it.  I would also recommend using Microsoft Security Essentials to scan.)

note:  if you are not familiar with any of these steps, then I will have to suggest you consult with a computer technician to help you clean your computer.

the only good news here is that for the past week I have been trying to fix a bug in Bit Che that does not exist   So, when you clean your computer, Bit Che will work with no problems!

[TheHalf™]

True chip, other than paying for a com. tech. I would suggest the factory restore disk which can be run in Safe Mode; correct me if I'am wrong.

TheHalf™

[modi84]

finally Bit Che works like a boss .. all versions works 

my bro read ur post and he do all the things .. he said everything is ok now

[biatche]

what does it mean when i double click bitche.exe (2.0b18) nothing happens at all?

it was working before i formatted and now with a clean and up to date system clicking on it doesnt do anything.

[chip!]

what does it mean when i double click bitche.exe (2.0b18) nothing happens at all?

it was working before i formatted and now with a clean and up to date system clicking on it doesnt do anything.

Hmm.. try installing Bit Che 1.0 build 60 first... not sure if your system needs additional files.

[biatche]

worked after installing bit che first... care to explain what happened? what was i lacking? I had %appdata%\... from a backup

registries?

[nissensp]

According to AVG Antivirus 2012 the file zlibwapi.dll is a treath: Trojan Horse BackDoor.Hipigon.3.AE

Patrick