Author Topic: [Old] - Bit Che 2.0 Release Candidate 4 - Build 35  (Read 92747 times)

April 14, 2012, 04:06:07 am
Reply #135

ID101

  • Devoted Beta Tester
  • *
  • Information Offline
  • Newbie Member
  • Posts: 41
  • Karma: +3/-0
    • View Profile

April 15, 2012, 12:22:33 am
Reply #136

chip!

  • Bad Ass
  • *****
  • Information Offline
  • Unstoppable
  • Administrator
  • Posts: 2142
  • Karma: +619/-5
    • View Profile
modi84

can you try the attached .exe?  note:  this will not create the error.txt

i am still working on this, but i am curios if the changes I have made thus far have fixed the problem or not :)


thanks
chip
« Last Edit: April 15, 2012, 09:12:09 pm by chip! »
  -  http://bitche.es  -   And...  boom goes the dynamite.

April 15, 2012, 03:42:27 am
Reply #137

modi84

  • *
  • Information Offline
  • Newbie Member
  • Posts: 15
  • Karma: +0/-0
    • View Profile

April 15, 2012, 10:33:39 am
Reply #138

chip!

  • Bad Ass
  • *****
  • Information Offline
  • Unstoppable
  • Administrator
  • Posts: 2142
  • Karma: +619/-5
    • View Profile
modi84,

can you go to this folder, and then .rar up all the folders that have bit che in the name?  how many do you have?

%localappdata%\Microsoft\Windows\WER\ReportArchive

type this in either Start | Run or hit  "Windows Key + R"
  -  http://bitche.es  -   And...  boom goes the dynamite.

April 15, 2012, 11:17:44 am
Reply #139

chip!

  • Bad Ass
  • *****
  • Information Offline
  • Unstoppable
  • Administrator
  • Posts: 2142
  • Karma: +619/-5
    • View Profile
modi84,

here are 3 more test builds.. if one of these doesnt crash, then we are making progress :)

« Last Edit: April 15, 2012, 08:17:26 pm by chip! »
  -  http://bitche.es  -   And...  boom goes the dynamite.

April 15, 2012, 12:22:58 pm
Reply #140

modi84

  • *
  • Information Offline
  • Newbie Member
  • Posts: 15
  • Karma: +0/-0
    • View Profile
all crashes  :-\

about "ReportArchive" there are 450+ folders !!
it's too much for you to handle it  :-X

[attachment deleted by admin]

April 15, 2012, 08:53:06 pm
Reply #141

chip!

  • Bad Ass
  • *****
  • Information Offline
  • Unstoppable
  • Administrator
  • Posts: 2142
  • Karma: +619/-5
    • View Profile
well something interesting in your logs.. more than half of the crashes are related to some file: "ShellIcon32.dll" which is not a Microsoft file, and does not exist on my system. Google searching for that file looks like a number of people are reporting it as a Trojan. My guess is that you are infected with something like this: http://home.mcafee.com/virusinfo/virusprofile.aspx?key=856739

Can you check these locations for "ShellIcon32.dll":

C:\windows\
C:\windows\system32\


If it exists, upload it to www.virustotal.com

Also, put it in an .rar and upload it to me too.


NEXT, I'm going to recommend you do a ComboFix scan on your PC.

Download here: http://www.bleepingcomputer.com/download/anti-virus/combofix

Usage guide: http://www.bleepingcomputer.com/combofix/

When that completes, send me: C:\ComboFix.txt

Thanks
Chip
« Last Edit: April 15, 2012, 09:17:09 pm by chip! »
  -  http://bitche.es  -   And...  boom goes the dynamite.

April 16, 2012, 02:30:33 am
Reply #142

modi84

  • *
  • Information Offline
  • Newbie Member
  • Posts: 15
  • Karma: +0/-0
    • View Profile
do u want me to delete ShellIcon32 from my computer ?
« Last Edit: April 16, 2012, 02:52:26 am by modi84 »

April 16, 2012, 07:32:27 am
Reply #143

chip!

  • Bad Ass
  • *****
  • Information Offline
  • Unstoppable
  • Administrator
  • Posts: 2142
  • Karma: +619/-5
    • View Profile
modi84,
you are definitely infected with a spy trojan, which very closely resembles that one I posted from the mcafee database (above):

2012-04-16 09:01 . 2012-02-20 18:26   47104   ----a-w-   c:\windows\system32\ShellIcon32.dll
2012-03-16 04:40 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll
2012-03-15 23:48 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120316].bak
2012-03-14 06:50 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120315].bak
2012-03-12 23:26 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120314].bak
2012-03-12 22:02 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120313].bak
2012-02-20 18:26 . 2012-02-20 18:26   261632   ----a-w-   c:\windows\system32\ShellIcon64.dll_[20120312].bak

there could be other files, which the mcafee site has shown, but from that log, you were infected back in February 20, 2012.

REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellIcon1.01]
@="{C5994580-53D9-4125-87C9-F193FC689CC0}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellIcon1.02]
@="{C5994580-53D9-4125-87C9-F193FC689CC0}"
[HKEY_CLASSES_ROOT\CLSID\{C5994580-53D9-4125-87C9-F193FC689CC0}]
2012-04-16 09:01   47104   ----a-w-   c:\windows\System32\ShellIcon32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellIcon1.01]
@="{C5994580-53D9-4125-87C9-F193FC689CC0}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellIcon1.02]
@="{C5994580-53D9-4125-87C9-F193FC689CC0}"
[HKEY_CLASSES_ROOT\CLSID\{C5994580-53D9-4125-87C9-F193FC689CC0}]
2012-04-16 09:01   47104   ----a-w-   c:\windows\System32\ShellIcon32.dll


the .rar file you posted says the ShellIcon32.dll is corrupt, so I'm not sure if you were able to submit to virustotal.com? 

1. first boot back into Safe Mode
2. Move *all* of those files above into a new folder c:\infected
3. .rar them with a password AND encrypt the file names
4. use regedit to remove those Registry entries above
5. update MBAM and scan your computer
6. Reboot back into regular mode, send me the password protected .rar file.
7. I would try using the trial version of McAfee to scan your computer (I would never normally recommend McAfee, but unless we can confirm from virustotal that other antivirus products are detecting your trojan, then I must suggest using the one which we know detects it.  I would also recommend using Microsoft Security Essentials to scan.)

note:  if you are not familiar with any of these steps, then I will have to suggest you consult with a computer technician to help you clean your computer.

the only good news here is that for the past week I have been trying to fix a bug in Bit Che that does not exist :)  So, when you clean your computer, Bit Che will work with no problems! :)
  -  http://bitche.es  -   And...  boom goes the dynamite.

April 16, 2012, 07:44:08 am
Reply #144

TheHalf™

  • The"better"Half™
  • *****
  • Information Offline
  • Hero Member
  • Administrator
  • Posts: 725
  • Karma: +166/-0
  • Road Runner H.S.I. 30Mbps/5Mbps
    • View Profile
    • Bit Che
True chip, other than paying for a com. tech. I would suggest the factory restore disk which can be run in Safe Mode; correct me if I'am wrong.

TheHalf™

April 16, 2012, 12:23:26 pm
Reply #145

modi84

  • *
  • Information Offline
  • Newbie Member
  • Posts: 15
  • Karma: +0/-0
    • View Profile
finally Bit Che works like a boss .. all versions works  ;D

my bro read ur post and he do all the things .. he said everything is ok now

April 28, 2012, 06:27:55 pm
Reply #146

biatche

  • *
  • Information Offline
  • Newbie
  • Posts: 2
  • Karma: +0/-0
    • View Profile
what does it mean when i double click bitche.exe (2.0b18) nothing happens at all?

it was working before i formatted and now with a clean and up to date system clicking on it doesnt do anything.

May 01, 2012, 01:37:41 pm
Reply #147

chip!

  • Bad Ass
  • *****
  • Information Offline
  • Unstoppable
  • Administrator
  • Posts: 2142
  • Karma: +619/-5
    • View Profile
what does it mean when i double click bitche.exe (2.0b18) nothing happens at all?

it was working before i formatted and now with a clean and up to date system clicking on it doesnt do anything.

Hmm.. try installing Bit Che 1.0 build 60 first... not sure if your system needs additional files.
  -  http://bitche.es  -   And...  boom goes the dynamite.

May 01, 2012, 05:45:00 pm
Reply #148

biatche

  • *
  • Information Offline
  • Newbie
  • Posts: 2
  • Karma: +0/-0
    • View Profile
worked after installing bit che first... care to explain what happened? what was i lacking? I had %appdata%\... from a backup

registries?

May 06, 2012, 01:09:09 am
Reply #149

nissensp

  • *
  • Information Offline
  • Newbie
  • Posts: 3
  • Karma: +0/-0
    • View Profile
According to AVG Antivirus 2012 the file zlibwapi.dll is a treath: Trojan Horse BackDoor.Hipigon.3.AE

Patrick


Sorry, this topic is locked. Only admins and moderators can reply.