Jump to content

dan12

Members
  • Posts

    119
  • Joined

  • Last visited

Posts posted by dan12

  1. The following will implement some cleanup procedures as well as reset System Restore points:

    Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

    ComboFix /u

    You can delete RootRepeal

    just need to reverse what you did earlier for me when you checked BOOTLOG it may well be done already ,like to ake sure.

    Click on START - RUN and type in MSCONFIG go to the BOOT.INI tab and uncheck BOOTLOG

    Click on OK and you will be prompted to RESTART Windows. Please do restart now.

    Let me know when done and can you tell me how things are now.

  2. Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

    O4 - HKLM\..\RunOnce: [GooredFixCleanup] C:\WINDOWS\system32\cmd.exe /Q /C "del C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\_gooredcleanup.bat"

    WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

    Your good to go.

    Congratulations you are clean! :)

    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

    You don't need to put all of these programs on your system unlike your Antivirus and firewall of which you can only have one of each.

    However you can have several Antimalware programs

    Create a new System Restore Point

    This is a good time to clear your existing system restore points and establish a new clean restore point:

    • Go to Start > All Programs > Accessories > System Tools > System Restore
    • Select Create a restore point, and Ok it.
    • Next, go to Start > Run and type in cleanmgr
    • Select the More options tab
    • Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.

    Here are some free programs I recommend that could help you improve your computer's security.

    Spybot Search and Destroy 1.6.2

    Download it from here. Just choose a mirror and off you go.

    Find here the tutorial on how to use Spybot properly here

    Find here changes from older version 1.4 here

    Install Spyware Guard

    Download it from here

    Find here the tutorial on how to use Spyware Guard here

    Install SpyWare Blaster

    Download it from here

    Find here the tutorial on how to use Spyware Blaster here

    Install WinPatrol

    Download it from here

    Here you can find information about how WinPatrol works here

    Install FireTrust SiteHound

    You can find information and download it from here

    Install MVPS Hosts File from here

    The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.

    Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

    You can use one of these sites to check if any updates are needed for your pc.

    Secunia Software Inspector

    F-secure Health Check

    Visit Microsoft often to get the latest updates for your computer.

    http://www.update.microsoft.com

    Please check out Tony Klein's article here

    Read some information here how to prevent Malware.

    Stand Up and Be Counted!

    Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions.

    >> Here << you can see how you can help us.

    Happy safe surfing!

    Dan

  3. I noticed firfox is out of date Mozilla Firefox (3.0.7) I believe it's 3.0.8 now

    boot up in SAFE MODE

    Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

    O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

    WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

    Boot into normal mode

    ------------------------

    The following will implement some cleanup procedures as well as reset System Restore points:

    Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

    ComboFix /u

    Click Start >> Run and then copy/paste the following into the box and hit Enter:

    "%userprofile%\Desktop\GooredFix.exe" /uninstall

    If any of your security programs query a new Registry/AutoStart value being added please allow the changes.

    You can delete RootRepeal and javara

    post a fresh HJT log and let me know if above went ok.

  4. 1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    KILLALL::File::c:\windows\system32\drivers\uhzzdvnk.sysDriver:: xrxyv

    Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

    CFScriptB-4.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    -------------------------------

    Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

    Then run this tool to help cleanup any left over Java

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Please download JavaRa and unzip it to your desktop.

    ***Please close any instances of Internet Explorer (or other web browser) before continuing!***

    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location and post it back when you reply
      Then look for the following Java folders and if found delete them.
      C:\Program Files\Java
      C:\Program Files\Common Files\Java
      C:\Documents and Settings\All Users\Application Data\Java
      C:\Documents and Settings\All Users\Application Data\Sun\Java
      C:\Documents and Settings\username\Application Data\Java
      C:\Documents and Settings\username\Application Data\Sun\Java

    ------------------------

    Download and Update Java Runtime

    The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 13.

    • Go to http://java.sun.com/javase/downloads/index.jsp
    • Go to Java Runtime Environment (JRE) 6 Update 13 about half way down the page and click on the Download button.
    • In Platform box choose Windows.
    • Check the box to Accept License Agreement and click Continue.
    • Click on Windows Offline Installation, click on the link under it which says jre-6u12-windows-i586-p.exe and save the downloaded file to your desktop.
    • Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
    • Uncheck the Toolbar button (unless you want the toolbar)
    • Reboot your computer

    ----------------------

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases

    [*]Click on My Computer under Scan.

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

    [*]Please post this log in your next reply.

    Post combofix log

    java report

    kaspersky report

  5. Mcafee was only doing it's job. Items flagged are quite safe as I have them in a secure place and will deal with them when I'm happy were clean.

    c:\mfe <<You can delete this folder

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases

    [*]Click on My Computer under Scan.

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

    [*]Please post this log in your next reply.

    Post:

    jotti's report

    kaspersky report

    fresh HJT log

  6. Submit a File For Analysis

    We need to have the files below Scanned by Uploading them/it to Jotti

    Please visit Jotti

    Copy/paste the the following file path into the window

    c:\program files\dMC-r10.exe

    Click Submit/Send File

    Please post back, to let me know the results.

    Please do the same for the following file

    c:\windows\system32\10E31F1BA8.sys

    If Jotti is too busy please try Virustotal

    -----------------------------

    ATF Cleaner

    Download ATF Cleaner here by Atribune.

    • Double-click ATF-Cleaner.exe to run the program
      Under Main choose: Select All
      Click the Empty Selected button

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button
      NOTE: If you would like to keep your saved passwords, please click No at the prompt

    If you use Opera browser

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button
      NOTE: If you would like to keep your saved passwords, please click No at the prompt

    Click Exit on the Main menu to close the program.

    ----------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    File::c:\windows\system32\uactmp.dbC:\register.batc:\documents and settings\Raven\register.batFolder::c:\program files\LimeWireDirLook::c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}C:\mfeC:\e51e30ab8bb3b01752a8c619c942Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{148dd71f-040f-11dc-95e1-00038a000015}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

    Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

    CFScriptB-4.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    ------------------------------

    : Malwarebytes' Anti-Malware :

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware

      [*] then click Finish.

      [*]If an update is found, it will download and install the latest version.

      [*]Once the program has loaded, select Perform full scan, then click Scan.

      [*]When the scan is complete, click OK, then Show Results to view the results.

      [*]Be sure that everything is checked, and click Remove Selected.

      [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt

    Post:

    combofix log

    malwarebytes report

    jotti's report

  7. Ok, don't worry.

    Download and run Combofix

    This tool is not a toy and not for everyday use.

    ComboFix SHOULD NOT be used unless requested by a forum helper

    Please download ComboFix from one of these locations:

    Link 1

    Link 2

    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

    If you need help, see this link:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    ----------------------------------------------

    Post back:

    Combofix report.

    A new HijackThis log.

  8. You will be able to run in normal mode now

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    File::c:\windows\system32\drivers\uhzzdvnk.sys c:\windows\system32\vtfojmze.fzv Folder::c:\program files\Full Tilt Pokerc:\program files\BitTorrentc:\documents and settings\Stephen Conroy\Application Data\utorrentDriver::xrxyv;xrxyvVTFOJMZERegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}][HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VTFOJMZE]"ImagePath"=-

    Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

    CFScriptB-4.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Can you update malwarebytes and do a full scan.

    Post:

    combofix report

    Malwarebytes report

  9. I noticed you have allowed some sites into your trusted zone!

    If you use these sites frequently, and trust the sites, and are comfortable leaving these entries in your Trusted Zone, that's up to you.

    however, realize that you are taking a big security risk by allowing any site to have unfettered access to your Trusted Zone.

    This is your call it's your machine, I can only advise you.

    Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O15 - Trusted Zone: http://*.gonintendo.com

    O15 - Trusted Zone: http://download.windowsupdate.com

    WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

    Post a further HJT log and let me know how things are with the pc

    dan

    • Close all programs so that you are at your desktop.
    • Double-click on the My Computer icon.
    • Select the Tools menu and click Folder Options
    • After the new window appears select the View tab.
    • Place a checkmark in the checkbox labeled Display the contents of system folders
    • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders
    • Remove the checkmark from the checkbox labeled Hide file extensions for known file types
    • Remove the checkmark from the checkbox labeled Hide protected operating system files
    • Press the Apply and then the ok button and shut down my computer
    • Now your computer is configured to show all hidden files.
    • For you and the tools to be able to see appropriate files we need to Show Hidden Files

    This installer can go..

    mbam-setup.exe

    This folder needs to go

    C:\Documents and Settings\Yuri Naumtchik>dir f:\"Nokia Music Manager"\N-1-5-21-1895552279-3129831995-389225551-6003

    Run the Desinfector through again.

  10. Create a NEW folder on your Desktop named: BadFiles

    Start Root Repeal and click on the Drivers tab and then click the Scan button.

    Then right click on this file: UACpwvyeppf.sys and select Dump File

    This will bring up a Dump to file dialog box. Browse or select your Desktop where you created the BadFiles folder.

    Then type in the name UACpwvyeppf.sys and save it in that folder.

    You can quit Root Repeal now.

    Then zip up that file and upload it to: uploads.malwarebytes.org

    How To Use Compressed (Zipped) Folders in Windows XP

    Compress and uncompress files (zip files) in Vista

    Start Root Repeal again and click on the Drivers tab and then click the Scan button.

    Then right click on this file: UACpwvyeppf.sys Next right mouse click on it and select *wipe file* option only then immediately reboot the computer.

    Now update and scan with malwarebytes again, a quick scan

    Post the report

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.