Jump to content

Antimalware Doctor Blocking IE


Recommended Posts

Hi there!

My laptop (Windows Vista) was recently infected with Antimalware Doctor; after manually deleting any files which were obviously related to the virus (I followed the steps here: http://www.2-viruses.com/remove-antimalware-doctor) and numerous Malware Bytes scans I appear to have stopped the pop ups. Unfortunately although my internet connection (via router) is strong IE will not load, MSN Messenger however is signing in and running as normal. Either the virus is still present, I have deleted something vitally important (eek!) or both!

Each run of Malware Bytes picks up a Rootkit.Agent oxykfj.sys, it's removed after the scan but always reappears after reboot.

Any help is much appreciated, thank you for your time.

NOTE: GMER is taking a ridiculous amount of time to scan, I shall attach the results as soon as it completes.

***

Malwarebytes' Anti-Malware 1.43

Database version: 3458

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18928

21/06/2010 20:28:35

mbam-log-2010-06-21 (20-28-35).txt

Scan type: Full Scan (C:\|S:\|)

Objects scanned: 240641

Time elapsed: 1 hour(s), 5 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\drivers\oxykfj.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

***

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 21:15 on 21/06/2010 (User)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

Unable to read oxykfj.sys

-=E.O.F=-

***

DDS (Ver_10-03-17.01) - NTFSx86

Run by User at 21:16:25.21 on 21/06/2010

Internet Explorer: 8.0.6001.18928

Microsoft

Attach.zip

Link to post
Share on other sites

Hello collybird

Welcome to Malwarebytes.

=====================

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

IE is working once more!!

For some reason I seem to be having trouble C&P my results, I've attached ComboFix.txt along with DSS.txt in case I encounter the same problem again.

Thanks you so much for your help so far Kahdah!

Here's the ComboFix results you requested.

ComboFix 10-06-22.02 - User 22/06/2010 20:52:11.1.2 - x86

Microsoft

ComboFix.txt

DDS.txt

Link to post
Share on other sites

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.
For you this is referencing Limewire please remove this program before continuing.

===============================================

1. Open notepad and copy/paste the text in the codebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=54879

Collect::
c:\users\User\AppData\Local\Vwakapog.dat
c:\users\User\AppData\Local\Xceqilom.bin
C:\Windows\System32\drivers\oxykfj.sys
c:\windows\system32\smss32.exe

Driver::
oxykfj

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:51073
uInternet Settings,ProxyOverride = <local>
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\oxykfj]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=-

Save this as CFScript.txt

Drag CFScript.txt into ComboFix.exe

2. Save the above as CFScript.txt

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

4. During this run Combofix will collect and automatically upload some sample files.

You will see it say Combofix needs to upload some samples.

If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

  • Combofix.txt

===========

Note::

If Combofix fails to upload anything please do the following:

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.