w32 blaster child-porn proxyserver worm

View previous topic View next topic Go down

w32 blaster child-porn proxyserver worm

Post by starwalker98 on Wed 22 Feb 2012, 10:03 am

HI guys, yes my sons pc has the w32 blaster child-porn proxyserver worm. he is running windows 7 and google chrome browser. it is a gaming pc with 8gb ram asus motherboard. this looks like a nasty one and any and all help would be greatly appreciated. he cant connect to the internet also

starwalker98

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2012-01-22
Operating System : vista

View user profile

Back to top Go down

Re: w32 blaster child-porn proxyserver worm

Post by Gabethebabe on Wed 22 Feb 2012, 6:40 pm

Hi there starwalker98!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst Im helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. Im here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesnt mean it is clean yet!

====================

Hopefully you have access to a clean computer to download the tools we need and transfer them to the problem PC with a USB memory stick. If that is so, please proceed with the following:

Please download OTL by OldTimer from here and save it to your desktop.
  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:
%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
disk.sys
explorer.exe
userinit.exe
winlogon.exe
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: w32 blaster child-porn proxyserver worm

Post by starwalker98 on Wed 22 Feb 2012, 8:21 pm

thank you gabethebabe,
yes i have a clean pc. after i download oldtimer then click otl.exe. at which time in this process will i download this to the infected pc? thank you

starwalker98

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2012-01-22
Operating System : vista

View user profile

Back to top Go down

Re: w32 blaster child-porn proxyserver worm

Post by Gabethebabe on Wed 22 Feb 2012, 9:04 pm

After you downloaded OTL.exe, move it with the USB stick and copy it to the desktop of the problem computer and run it. Copy the logs back to your USB drive, move them to the clean computer and post them here.

Might be a good idea to first immunize the USB drive that your are using before doing this, to make sure you dont infect your clean computer:

Please download Flash_Disinfector by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run the tool
  • When requested, insert the USB flash disk(s) you want to to immunize/disinfect
  • Hold down the Shift key when inserting the drive(s) until Windows detects the drive
  • Click OK to start the disinfection process
  • Repeat running Flash_Disinfector.exe for every flash drive you wish to immunize.
  • Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that you choose to disinfect. Do not delete that folder!



Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

porn worm

Post by starwalker98 on Thu 23 Feb 2012, 7:27 am

Hi Gabe,
we decided to just reformat his pcas he said he has nothing on it, had i known that, i wouldnt have bothered you. thank you for your time, and sorry to bother you.

starwalker98

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2012-01-22
Operating System : vista

View user profile

Back to top Go down

Re: w32 blaster child-porn proxyserver worm

Post by Sponsored content Today at 2:51 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum