W32.Myzor....Trojan from myspace got in! HELP!

  adopted.son 00:27 15 Jun 2007

hi. long time.
i oftentimes will link your responses to others having problems, and now i have a huge concern:
while discriminating which "friend" requests to accept on myspace, i clicked an innocent-enough looking link from a normal-enough looking requestor and got hit with a bunch of spyware that is (forgve me as i forgot mostly what they're called) running in active x and in my registry (i think).
i loaded avast and ran it and quaranteed four bugs and scanned internet explorer today and "trunked" two more trojan horses.
Question: what do i do now?
How do i kill 'em off entirely? Will a fire wall help me in the future?

  johnnyrocker 00:39 15 Jun 2007

i wwould think so but if you get spywareblaster or spybot you can via either of them disable active x unless you specifically need it.


  adopted.son 00:45 15 Jun 2007

i'm not sure i understand wht you just said, johnny.
are you referring to a fire wall? not that i understand what i just said! a fire wall is what keeps stuff out and the anti virus kills it right? why are these trojans in a trunk?

  adopted.son 01:01 15 Jun 2007

this horse, according to MS security has gone to %Windir%\directory and has "added values to the registry" HKEY_LOCAL_MNACHINE\software\Microsoft\Windows\Current version\run
At least that is what the pop-up says.
Now What Do I Need To Do???

  skidzy 07:08 15 Jun 2007

Some advice for you click here

Read through carefully and start with asquared click here

  ICF 07:22 15 Jun 2007
  adopted.son 00:38 17 Jun 2007

a hearty "Thank you!" to you who have advised me in this dilemma.

  adopted.son 16:12 17 Jun 2007

i ran a2 and they found this. i opted to delete rather than quarantine. admittedly i don't know what i'm doing, however you folks are an invaluable asset to my learning experience.

a-squared Anti-Malware - Version 3.0
Last update: 6/17/2007 10:10:23 AM

Scan settings:

Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 6/17/2007 10:12:12 AM

c:\windows\system32\fonts detected: Trace.Directory.IamBigBrother
c:\windows\system32\$sys$filesystem detected: Trace.Directory.XCP.Sony.Rootkit
c:\windows\cdproxyserv.exe detected: Trace.File.XCP.Sony.Rootkit
c:\windows\system32\$sys$caj.dll detected: Trace.File.XCP.Sony.Rootkit
c:\windows\system32\$sys$upgtool.exe detected: Trace.File.XCP.Sony.Rootkit
c:\windows\system32\drivers\$sys$cor.sys detected: Trace.File.XCP.Sony.Rootkit
c:\windows\system32\tmpx\apix.vxd detected: Trace.File.XCP.Sony.Rootkit
c:\windows\system32\tmpx\aspienum.vxd detected: Trace.File.XCP.Sony.Rootkit
c:\windows\system32\tmpx\wnaspi.dll detected: Trace.File.XCP.Sony.Rootkit
c:\windows\system32\tmpx\wnaspi32.dll detected: Trace.File.XCP.Sony.Rootkit
Key: HKEY_CLASSES_ROOT\clsid\{78037074-0beb-496e-9e4c-92d92d562168} detected: Trace.Registry.XCP.Sony.Rootkit
Key: HKEY_CLASSES_ROOT\clsid\{c62a2089-4eb1-4ebb-8635-0d1fcdd6bf25} detected: Trace.Registry.XCP.Sony.Rootkit
Key: HKEY_CLASSES_ROOT\interface\{6d92b32f-ef61-4366-bd2a-2fff9220e331} detected: Trace.Registry.XCP.Sony.Rootkit
Key: HKEY_CLASSES_ROOT\interface\{d3c63786-0568-477d-b39d-f04cddc3c574}

  adopted.son 16:13 17 Jun 2007

detected: Trace.Registry.XCP.Sony.Rootkit
Key: HKEY_CLASSES_ROOT\typelib\{98cdb417-4f5c-4d8c-93dc-df5ab156e997} detected: Trace.Registry.XCP.Sony.Rootkit
Key: HKEY_CLASSES_ROOT\xcpplayercontrol.xcpplayercontrolctrl.1 detected: Trace.Registry.XCP.Sony.Rootkit
Key: HKEY_USERS\S-1-5-21-2981701393-708145802-2290132749-1003\software\cdextrainstall detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_USERS\S-1-5-21-2981701393-708145802-2290132749-1003\software\cdextrainstall --> lastalbum detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_USERS\S-1-5-21-2981701393-708145802-2290132749-1003\software\cdextrainstall --> lastartist detected: Trace.Registry.XCP.Sony.Rootkit
Key: HKEY_LOCAL_MACHINE\software\$sys$reference detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\software\$sys$reference --> classid detected: Trace.Registry.XCP.Sony.Rootkit
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$drmserver detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$drmserver --> nextinstance detected: Trace.Registry.XCP.Sony.Rootkit
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cd_proxy detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cd_proxy --> nextinstance detected: Trace.Registry.XCP.Sony.Rootkit
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$cor detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$cor --> errorcontrol detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$cor --> group detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$cor --> imagepath detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$cor --> start detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$cor --> type detected: Trace.Registry.XCP.Sony.Rootkit
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$crater detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$crater --> errorcontrol detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$crater --> group detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$crater --> imagepath detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$crater --> start detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$crater --> type detected: Trace.Registry.XCP.Sony.Rootkit
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$drmserver detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$drmserver --> displayname detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$drmserver --> errorcontrol detected: Trace.Registry.XCP.Sony.Rootkit
Value: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$drmserver --> failureactions

  adopted.son 16:15 17 Jun 2007

while a2 was scanning, avast arrested another trojan which i trunked. question:
does a2 kill those items quarantined by avast?

  skidzy 19:03 17 Jun 2007

Remember to use some of the other programs from my safe and Clean link.

Spybot SD

Though if you are still picking up Trojans,your best advice now is to run HJT (hijackthis)click here and post the scan log MWR (Malwaremoval) click here here the experts will advise accordingly.

Though you could try Trojanhunter on a trial basis click here

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Dell XPS 13 9370 (2018) review

No need to scan sketches into your computer with Moleskine's new smart pen

How to use 3D Touch on iPhone

Comment importer des contacts d’un iPhone à un autre iPhone ?