Jump to content

1972vet

Experts
  • Posts

    1,357
  • Joined

  • Last visited

Posts posted by 1972vet

  1. My sincere apologies for the long delay andrewm,

    On occasion, I don't receive an email notification from the forum. This is evidently one of those.

    Back to business...

    Did you create this file, or can you tell me what it is for...do you know with certainty that it is safe?:

    C:\andy.exe

    Please uninstall the following software:

    Viewpoint Media Player

    Viewpoint Tool bar

    Viewpoint Service Manager

    Acrobat 7.0 (Out of date...we will install the latest version once we are convinced your system is clean)

    Please click start-->Control Panel-->Add/Remove Programs...scroll down the list to locate the program names and click Remove for each one found. Reboot when finished uninstalling.

    Next, let's put your AVG back in proper working order:

    Please copy the data in the code box below into notepad and save it as deletereg.reg

    Set File type to "all files"

    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows]"AppInit_DLLs"=-"AppInit_DLLs"="avgrsstx.dll"

    Double-click that file and confirm you want to merge it with the registry. When finished, please reboot the computer once more to properly record those changes to the hard disk.

    Please open a blank Notepad by clicking start-->run

    Then, in the run box type Notepad.exe and click "OK".

    Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

    Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

    File::

    c:\windows\SYSTEM32\nsr19.dll

    Folder::

    c:\windows\fzfu

    c:\program files\Common Files\fzfu

    c:\windows\SGFubmFoIE1vaXNlZXY

    c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint

  2. Looks like you still have some problems there...Please download combofix from This Webpage...and read through the instructions there for running the tool.

    ***Important Note***

    Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

    If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

    The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

    Once installed, a blue screen prompt should appear that reads as follows:

    The Recovery Console was successfully installed.

    When you see that screen, please continue as follows:

    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please post back the following on your next reply:

    C:\ComboFix.txt

    New HijackThis log.

  3. Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

  4. dds_scr.gif

    Download DDS and save it to your desktop from here or here or here.

    Disable any script blocker, and then double click dds.scr to run the tool.

    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt

      [*]Save both reports to your desktop.

    -----------------------------------------------------

    Please include the following logs in your thread:

    • Contents of the DDS.txt posted as text in your reply
    • Attach the Attach.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.
  5. Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

  6. Looks like you may have used msconfig to stop remove some processes from starting. Why not return to the msconfig utility and re-check everything that you unchecked...on reboot, check the box too that pops up "Don't show me this again...".

    You might also want to update your woefully out of date mbam and run another quick scan. Post back THAT log. Thanks!

  7. This issue appears resolved and the thread is closed to prevent others from posting here.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

  8. This issue appears resolved and the thread is closed to prevent others from posting here.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

  9. You did good work Fleeshy...congratulations, I see a clean log!

    Click start-->run...then copy and paste the Bold text below into the run box and click "OK":

    ComboFix /u

    Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.

    To assist in the prevention of spyware infections:

    Immunize your browser by installing Spywareblaster. What does it do?

    • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
    • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
    • Restricts the actions of potentially unwanted sites in Internet Explorer.

    Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

    Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

    You should always have at least (but not more than ) one of these types of third party firewalls running on board:

    Kerio Personal Firewall

    Zone Alarm

    Outpost Free

    Comodo

    Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

    Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

    Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

    If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

    Become familiar with the MalwareBytes anti-malware application. Use it often especially if you begin to notice the system performance behavior is not what it should be. Learn more about the program Here where you can also request assistance if you have some concerns about the programs findings.

    ***Note***

    The licensed version provides real time protection and other automatic features otherwise not available.

    Comodo's BOClean utility is another very good "Free" malware cleaner that runs in the background to help prevent malware intrusions.

    Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...third download link at the bottom of that page)..

    Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

    Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

    So how did I get infected in the first place?

    Regards, and Happy Surfing!

    ...and have a Merry Christmas!!!

  10. Please uninstall the following software:

    Adobe Reader 8 Out of date and exploited...install the latest version Here.

    PeerGuardian2

    uTorrent

    Reboot when the uninstalls complete.

    Please open a blank Notepad by clicking start-->run

    Then, in the run box type Notepad.exe and click "OK".

    Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

    Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

    File::

    c:\windows\Tasks\zlagthjt.job

    Folder::

    c:\documents and settings\Owner\Application Data\uTorrent

    c:\program files\PeerGuardian2

    Registry::

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=-

    "AppInit_DLLs"="wbsys.dll,avgrsstx.dll"

  11. Please download combofix from This Webpage...and read through the instructions there for running the tool.

    ***Important Note***

    Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

    If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

    The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

    Once installed, a blue screen prompt should appear that reads as follows:

    The Recovery Console was successfully installed.

    When you see that screen, please continue as follows:

    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please post back the following on your next reply:

    C:\ComboFix.txt

    New HijackThis log.

  12. Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

  13. Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

  14. This issue appears resolved and the thread is closed to prevent others from posting here.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

  15. You have a number of items disabled from having used the msconfig utility. Please click start-->run

    type:

    msconfig

    ...then click "ok". When the System Configuration Utility opens, click the "Startup" tab. Please check the box next to every program that is listed there. Reboot the system and check the box "Do not show this again" that pops up on reboot.

    Remove a failed Symantec installation or damaged product using their Removal Tool.

    Uninstall these:

    Java Out of date and exploited. We will install the latest version when you are clean

    Adobe Reader 8 Out of date and exploited. Install the latest version Here.

    Please open a blank Notepad by clicking start-->run

    Then, in the run box type Notepad.exe and click "OK".

    Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

    Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

    File::

    c:\windows\system32\iluwakaz.ini

  16. You can delete the gmer utility we used earlier...please delete the deletereg.reg file we created as well.

    Next, please go to this page. Scroll down to the first download link, "Java SE Runtime Environment (JRE) 6 Update 11" and click the "Download" button to the right. Select the platform for "Windows".

    Check the box that says: "I agree to the Java SE Runtime Environment # License Agreement", then click Continue...The page will refresh

    Then, click on the link to download Windows Offline Installation. Save it to your desktop.

    Now, from your desktop, double-click on the executable to install the newest version.

    You can download the latest Adobe Reader Here...you may want to consider using an alternative pdf reader/creator. Personally, I prefer to use Foxit reader. It's just fine for both reading and creating pdf files and takes up much less disk space.

    Next, please click start-->run...then copy and paste the Bold text below into the run box and click "OK":

    ComboFix /u

    Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.

    To assist in the prevention of spyware infections:

    Immunize your browser by installing Spywareblaster. What does it do?

    • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
    • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
    • Restricts the actions of potentially unwanted sites in Internet Explorer.

    Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

    Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

    You should always have at least (but not more than ) one of these types of third party firewalls running on board:

    Kerio Personal Firewall

    Zone Alarm

    Outpost Free

    Comodo

    Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

    Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

    Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

    If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

    Become familiar with the MalwareBytes anti-malware application. Use it often especially if you begin to notice the system performance behavior is not what it should be. Learn more about the program Here where you can also request assistance if you have some concerns about the programs findings.

    ***Note***

    The licensed version provides real time protection and other automatic features otherwise not available.

    Comodo's BOClean utility is another very good "Free" malware cleaner that runs in the background to help prevent malware intrusions.

    Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...third download link at the bottom of that page)..

    Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

    Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

    So how did I get infected in the first place?

    Regards, and Happy Surfing!

  17. Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

  18. So after doing all this, it doesn't fix anything - it just makes a report? It sounds like maybe the easiest thing to do is reformat the hard drive after all. I appreciate the help but how certain is it that after I do this, and post a report, than you can fix it?

    There is nothing certain except that your system is not performing the way you should expect...please post the requested log so we can continue with the analysis. Thanks!

  19. Open notepad and copy/paste the text in the quotebox below into it (including the url):

    http://www.malwarebytes.org/forums/index.p...amp;#entry40862

    Collect::

    c:\windows\system32\zugikuhi.exe

    c:\windows\system32\turajufo.exe

    c:\windows\system32\gozomose.exe

    c:\windows\system32\juzuzoji.exe

    c:\windows\system32\ledagoho.exe

    c:\windows\system32\sezogibe.exe

    c:\windows\system32\ziyowimi.exe

    c:\windows\system32\verelojo.exe

    c:\windows\system32\lajimeta.exe

    c:\windows\system32\zilivihi.dll

    c:\windows\system32\dimawazo.exe

    c:\windows\system32\mebibosa.exe

    c:\windows\system32\rayofoso.exe

    c:\windows\system32\sokizuvi.exe

    c:\windows\system32\tonigili.exe

    c:\windows\system32\vagunete.exe

    Save this as CFScript.txt. Change "Save as type" to All Files and save it to your Desktop.

    Next, please drag the CFScript.txt into the ComboFix.exe icon on your Desktop. Combofix will scan again automatically.

    When finished, it will produce a log for you. Post that log in your next reply.

    Note:

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix captures those files to submit for analysis.

    Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested files.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.