JeanInMontana
-
Posts
3,859 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JeanInMontana
-
-
Hi, please keep your responses in this same topic, do not start a new one.
Be sure you have your system set to show all files and folders.
Please set your system to show
all files; Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Find these files using Windows Explorer, C:\WINDOWS\system32\wdfmgr.exe and C:\WINDOWS\Wildcensored.exe -n , please and put it into a zip file, by right clicking on it and choosing send to zipped folder, name it adhareula and upload to here . Then delete the zipped file and the one you sent to the zipped folder.
Do a scan only with HJT and put a check next to these lines below and click fix.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Wildcensored] C:\WINDOWS\Wildcensored.exe -n
O8 - Extra context menu item: &Search - ?p=ZJ
O18 - Filter hijack: text/html - (no CLSID) - (no file)
Reboot and update MBAM run a quick scan.
Post that log and a new HJT log in this thread in your next response. Let me know how things are running.
-
Hi and welcome to Malwarbytes. Sorry for the bad advice, I have that under control now.
Please turn off TeaTimer it can interfere with removal. If you haven't already please read these instructions and post the logs requested in the order requested. Someone will be happy to help.
-
Please update MBAM and run a quick scan again, post that log, then scan again with HJT and post that log. The HJT scan must always come after the removal tool.
-
AboutBuster is no longer maintained and can't be reliable. Please follow the instructions for pre HJT posting at the top of this forum and someone will have a look for you.
-
Hi iris3456 and welcome to Malwarbytes. Your MBAM log shows your not removing the malware. Please update MBAM, quick scan again and make sure you have checked the boxes next to the malware found to be removed. Then scan again with HJT and post a new log.
-
Hi faircot and welcome to Malwarebytes. Thanks for your kind words. We don't need to plant testimonials, the product stands on it's own strong and tall. It's always nice to hear the good from another. Thanks again.
-
Due to lack of response this thread will be closed.
The fixes in this thread are for this machine only! DO NOT apply them to any other.
-
http://www.malwarebytes.org/forums/index.php?showtopic=2936 Follow those instructions.
-
I moved this to the correct forum, and that was why it was overlooked. Please rescan with an updated MBAM and post that log and a new HJT log.
-
When you scan for malware, you do just that. Otherwise you get false reports just as you did. Delete SDfix and ComboFix and their logs etc all files associated with them. I don't see anything malware. How are you running?
-
Since this topic has been resolved I will close it to prevent others from posting to it.
-
MyWebSearch is nasty I suggest you follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and start your own topic in that forum.
-
Please tell me this box has no live internet connection?
Pretty sure he has gone on as though it's all fine and dandy. Will not post in HJT forum so we can be sure.
-
The worst system I've ever seen had around 24000 traces picked up by MBAM, almost all of them in the Fonts directory. Unfortunately MBAM crashed with a runtime error before it finished removing them all.
Did you try again? If this is your machine please start a topic in the malware removal forum?
-
Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.
Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.
-
You have no malware showing. All you need to do is delete Smitfraud from your desktop, you must have downloaded this on your own, because I never asked for it. Panda sees it as malware, it's not. Then set a new System Restore point. Add the layers of protection I have listed, they are all free and can save you from this in the future.
-
Cheers darlin'
........ can I have that barrel? 
Yup the barrel is for you.
Your other beverage of choice too. -
Panda is detecting the Smitfraud fix tool, you should not run stuff like this on your own. And it sees stuff in the System Restore.
We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.
Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.
Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price.
-
Your adding new programs, no not do that during the cleaning. Avast and what ever the other one showing is.
C:\Documents and Settings\GS\Application Data\U3\0000060501007077\285E6953-BF3C-4445-9376-3FE5D7F645B2\Exec\bin\SignupShield.exe
C:\Documents and Settings\GS\Application Data\U3\0000060501007077\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\AvastU3.exe
Review this article here how to use ComboFix
Be sure you cover the section on How to install and use the Windows XP Recovery Console and make sure it is installed on your machine. This is important should anything go wrong and we need to recover your PC and not lose all the data.
1. Download this file :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe save it to your desktop.
2. Double click combofix.exe. It will be a red icon with a white X on your desktop.
Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter.
3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt.
Post that log and a HiJack log in your next reply
Note:
Do not mouseclick combofix's window while its running. That may cause it to stall.
-
Please post all scans in the body of your reply and the HJT scan is always run after any other scans.
-
Here's to many more my friend!!
-
Did you use IE? Post the other logs asked for and try the ESET scan.
-
OK, if AVG removed it that is why you can't find it. Can you get a copy from the vault and submit it? Limewire and Utorrent are a dangerous programs to be using and might be why you got infected. P2P programs are not safe and often the files are illegal. I recommend you get rid of them now.
Run HJT again in scan only, put a check next to these items and then click fix.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {36D9BC0E-A273-469B-B16C-12715F3B969C} - C:\Program Files\Online Services\wodefagerC:\DOCUME~1\GS\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
LaunchU3.exe <======= Have you purposely installed this? From what I find it can be malware if you didn't install it.
Please upload the file C:\WINDOWS\system32\nvsvc32.exe to and post the results in your next reply. We will make sure it is malware this way.
Update MBAM and do a quick scan post that log and a new HJT please.
-
Oh, I removed the infection once I detected that thousand over bugs, my system is ok already.
Thanks.
You need to have it looked at. I would bet it's not clean.
........ can I have that barrel? 
Welcome Malwarebytes Newest Moderater
in General Chat
Posted
I would like to welcome 1972vet to the management team here at Malwarebytes. He has been an invaluable asset over this summer helping in the HJT forum. We are lucky to have someone with his knowledge and dedication with us.