Jump to content

32 infections found please help


Recommended Posts

  • Staff

Hows that possible. It can't be too large.

I wonder what you have zipped though... If you rightclick the zipped folder rnfidpc, and select properties. What does it say for filesize?

I know the file itself should be between 18 and 20kb, zipped should be less, so I don't understand why you're getting that error. (unless you zipped something totally different)

Link to post
Share on other sites

  • Replies 59
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Strange you can't attach it there. Can you please try again? Make sure you select the rnfidpc.zip

Let me know.

If still no go and bleeping computers won't open for you (another upload link), then you'll have to mail it to me, but I'll give you my mailaddress afterwards. First try it again.

Btw, did you have any screenshots posted here previously or other files uploaded here? Because that may explain it as well.

Link to post
Share on other sites

  • Staff

Thank you! :)

Detection for this one will be added in next update. :)

To remove it..

* Open hijackthis, click 'config' (bottom right)

Choose the tab 'misc Tools' on top.

Choose 'delete a file on reboot'

In the field, copy and paste next:

C:\Windows\rnfidpc.cgj

Click open.

Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok

Your system should reboot now.

Then, after reboot,

Open notepad and copy and paste next present in the quotebox below in it:

(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"8484:TCP"=-

"53:TCP"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable"=dword:00000000

"ProxyOverride"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"="wdmaud.drv"

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Then let me know how things are now. To test if the infection is gone, visit my blog (the url I posted earlier) and let me know if you can visit it.

BTW, also delete the rnfidpc.zip folder

Link to post
Share on other sites

you are a genius. tool bar back as well.

no problem getting into your blog.

do you think i am totally clean now. should i delete all the programmes i downloaded to get rid of it ?

and could you tell me what protection should i have please

thank you thank you thank you thank you thank you thank you thank you thank you

Link to post
Share on other sites

  • Staff

Hi,

Glad to hear. :)

Yes, you can delete the tools we have been using.

Now you'll also be able to update MBAM again (so please try :) )

Your AVG Antivirus is enough though. Just make sure it's always up to date.

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

  • Staff
just one thing ,do you know where i got it from ? just to make sure i dont get it again !
In most cases it's being installed via legitimate websites. In this case, the sites were compromised/hacked and a malicious script was inserted. You could also read the details in my blogpost (+comments).

I've noticed already that most of these compromised sites were hosted by IX Webhosting: http://miekiemoes.blogspot.com/2009/01/ix-...g-reliable.html

What you can do against it - use firefox with the noscript extension. :)

By the way, the other malware you were dealing with was most probably via facebook - a variant of this one: http://vil.nai.com/vil/content/v_148955.htm (Koobface Family)

Link to post
Share on other sites

  • Staff

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.