Jump to content

C:\WINDOWS\system32\uacinit.dll


Recommended Posts

I'm bit bad by this same trojan. Keeps redirecting google, yahoo, ask searches.

Won't let you run anti spyware. I was able to download the MWB set up file, but nothing would happen when I tried to run it. Then I tricked it by renaming mbam-setup.exe to notmbam-setup.exe and the install finally ran.

After it was finally installed, it wouldn't run, again had to rename EXE to notmbam.exe so that I could get it to run.

Ran it a few times, here is the first log ( I believe before I was able to update to latest ver):

Malwarebytes' Anti-Malware 1.34

Database version: 1749

Windows 5.1.2600 Service Pack 3

3/10/2009 6:12:57 PM

mbam-log-2009-03-10 (18-12-57).txt

Scan type: Full Scan (C:\|)

Objects scanned: 191887

Time elapsed: 51 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Adware Away (Rogue.AdwareAway) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\Adware Away\bho2.dat (Rogue.AdwareAway) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

I believe the first time I rebooted I went to safe mode w/ networking and when nothing seemed to happen I did a regular reboot.

in any event it didn't seem to delete the bad boy- uacinit.dll

Rescanned a couple of more times and I believe I updated to latest ver and then the bad boy wasn't found anymore and I thought we got it, but... problem persists.

Forget about searches being redirected, if you just type a website in the IE address bar such as McAfee or Symantec, you get the IE error-"Internet Explorer cannot display the webpage". These web sites are not accessible through firefox either. Miraculously I was able to get through to this website.

"AdvancedSetup" - Is there a different maybe simpler procedure than mentioned above? I'm still waiting to see if this finally got rid of the problem.

Link to post
Share on other sites

  • Root Admin

That is a very old version of the database for MBAM. Please update it and scan again.

Current defs are 1835

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

You can get a stand alone database update from here: http://www.gt500.org/malwarebytes/database.jsp

Link to post
Share on other sites

The scan found the UACINIT.dll and said it would remove it on reboot.

I rebooted OK. When I log onto my PC it starts loading software, well one of these is googledesktopupdate.exe which pops up in a black window. This has not been loading since I got the trojan and I have been getting an error. I tried to close this window and also moved my mouse around and the PC totally locked up for several minutes at which point I just powered it off.

I powerd up again let it reboot, logged in and didn't move the mouse around at all. The googledesktopupdate.exe window popopped up and seemed to load OK although it took a while. And.... the problem seems to be gone!

Google search results screen now looks normal again, before the results page was a larger font and slightly different format. And I can go directly to the linked sites!!!

I did another quick scan and here is the log:

Malwarebytes' Anti-Malware 1.34

Database version: 1836

Windows 5.1.2600 Service Pack 3

3/11/2009 11:51:07 AM

mbam-log-2009-03-11 (11-51-07).txt

Scan type: Quick Scan

Objects scanned: 76562

Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I also renamed notmbam.exe back to mbam.exe and it loads fine.- Thanks for your help.

Link to post
Share on other sites

  • Root Admin

Great glad to hear it. You should update your Anti-Virus and do a Full System scan now.

Let me know if it finds anything.

Would also recommend running this scan tool and post back the log.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.