[Old] - Bit Che 2.0 Release Candidate 4

Bit Che > Bugs & Feature Requests

[Old] - Bit Che 2.0 Release Candidate 4 - Build 35

<< < (29/46) > >>

modi84:
all crashes :-\

about "ReportArchive" there are 450+ folders !!
it's too much for you to handle it :-X

[attachment deleted by admin]

chip!:
well something interesting in your logs.. more than half of the crashes are related to some file: "ShellIcon32.dll" which is not a Microsoft file, and does not exist on my system. Google searching for that file looks like a number of people are reporting it as a Trojan. My guess is that you are infected with something like this: http://home.mcafee.com/virusinfo/virusprofile.aspx?key=856739

Can you check these locations for "ShellIcon32.dll":

C:\windows\
C:\windows\system32\

If it exists, upload it to www.virustotal.com

Also, put it in an .rar and upload it to me too.

NEXT, I'm going to recommend you do a ComboFix scan on your PC.

Download here: http://www.bleepingcomputer.com/download/anti-virus/combofix

Usage guide: http://www.bleepingcomputer.com/combofix/

When that completes, send me: C:\ComboFix.txt

Thanks
Chip

modi84:
do u want me to delete ShellIcon32 from my computer ?

chip!:
modi84,
you are definitely infected with a spy trojan, which very closely resembles that one I posted from the mcafee database (above):

2012-04-16 09:01 . 2012-02-20 18:26   47104   ----a-w-   c:\windows\system32\ShellIcon32.dll
2012-03-16 04:40 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll
2012-03-15 23:48 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120316].bak
2012-03-14 06:50 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120315].bak
2012-03-12 23:26 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120314].bak
2012-03-12 22:02 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120313].bak
2012-02-20 18:26 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120312].bak

there could be other files, which the mcafee site has shown, but from that log, you were infected back in February 20, 2012.

REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellIcon1.01]
@="{C5994580-53D9-4125-87C9-F193FC689CC0}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellIcon1.02]
@="{C5994580-53D9-4125-87C9-F193FC689CC0}"
[HKEY_CLASSES_ROOT\CLSID\{C5994580-53D9-4125-87C9-F193FC689CC0}]
2012-04-16 09:01   47104   ----a-w-   c:\windows\System32\ShellIcon32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellIcon1.01]
@="{C5994580-53D9-4125-87C9-F193FC689CC0}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellIcon1.02]
@="{C5994580-53D9-4125-87C9-F193FC689CC0}"
[HKEY_CLASSES_ROOT\CLSID\{C5994580-53D9-4125-87C9-F193FC689CC0}]
2012-04-16 09:01   47104   ----a-w-   c:\windows\System32\ShellIcon32.dll

the .rar file you posted says the ShellIcon32.dll is corrupt, so I'm not sure if you were able to submit to virustotal.com?

1. first boot back into Safe Mode
2. Move *all* of those files above into a new folder c:\infected
3. .rar them with a password AND encrypt the file names
4. use regedit to remove those Registry entries above
5. update MBAM and scan your computer
6. Reboot back into regular mode, send me the password protected .rar file.
7. I would try using the trial version of McAfee to scan your computer (I would never normally recommend McAfee, but unless we can confirm from virustotal that other antivirus products are detecting your trojan, then I must suggest using the one which we know detects it. I would also recommend using Microsoft Security Essentials to scan.)

note: if you are not familiar with any of these steps, then I will have to suggest you consult with a computer technician to help you clean your computer.

the only good news here is that for the past week I have been trying to fix a bug in Bit Che that does not exist :) So, when you clean your computer, Bit Che will work with no problems! :)

TheHalf™:
True chip, other than paying for a com. tech. I would suggest the factory restore disk which can be run in Safe Mode; correct me if I'am wrong.

TheHalf™

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version