Jump to content

Recommended Posts

Hello , I have these two very strange startups, to say the least:

Yes HKCU:Run Ukedadodexadapeq rundll32.exe "C:\WINDOWS\dupbcuib.dll",Startup

Yes HKLM:Run Fyoniducen rundll32.exe "C:\WINDOWS\agutefacosaqo.dll",Startup

Tried googling to no avail. I think I am infected by some Koobface gizmo or such...

I have to manually run explorer on starup and I have a bunch of weird dll's that aren't listed in the starup running to.

Have followed procedures as stated here:http://forums.malwarebytes.org/index.php?showtopic=9573

couldn't run dds.scr ; had this error message:''windows cannot access the specified device..bla bla. you may not have the appropriate...blabla..''

attaching the MBAM and GMER logs.

Thnx for your help,

ark.zip

Link to post
Share on other sites

Hello Jumau

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please try Gmer once more the log you attached was zero kb in size meaning it was empty.

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKLM..\Run: [Fyoniducen] C:\WINDOWS\agutefacosaqo.DLL (Padus Incorporated)
    O4 - HKCU..\Run: [Ukedadodexadapeq] C:\WINDOWS\dupbcuib.DLL ()
    [2010-08-03 04:04:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ecidequbefova.dll
    [2010-08-02 14:13:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ugadiyur.dll
    [2010-08-02 12:11:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\obelesoqaxala.dll
    [2010-08-02 03:49:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axigobabamisa.dll
    [2010-08-01 16:50:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\enecoqaje.dll
    [2010-08-01 16:31:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\unolejac.dll
    [2010-08-01 02:05:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\onehediq.dll
    [2010-08-01 00:03:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\idewerecomexeko.dll
    [2010-07-31 22:01:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oqulajun.dll
    [2010-07-31 19:59:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipusoxebuxeyaki.dll
    [2010-07-31 17:57:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ivemikumipobe.dll
    [2010-07-31 15:55:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agexevoyohovoj.dll
    [2010-07-31 13:53:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awoxuwibi.dll
    [2010-07-31 11:51:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\onofowasila.dll
    [2010-07-31 09:49:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\efazemizufaze.dll
    [2010-07-31 05:43:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iqireweha.dll
    [2010-07-31 03:41:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\etidifem.dll
    [2010-07-29 06:35:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipubixud.dll
    [2010-07-29 04:33:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ekesarevegubelix.dll
    [2010-07-27 11:38:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ehudiyubaderoteg.dll
    [2010-07-27 09:36:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uvamobun.dll
    [2010-07-27 07:34:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eliqohuwude.dll
    [2010-07-27 05:32:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\adejumafu.dll
    [2010-07-27 03:31:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\etohibew.dll
    [2010-07-27 01:28:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ixogayuxoxot.dll
    [2010-07-26 23:27:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ezubonerav.dll
    [2010-07-26 21:25:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejusuyaxukowomaq.dll
    [2010-07-26 19:22:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\esakuyepeb.dll
    [2010-07-26 17:21:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abesabej.dll
    [2010-07-26 16:18:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igaducenafi.dll
    [2010-07-26 14:15:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ezaxujesa.dll
    [2010-07-26 12:13:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ivevocog.dll
    [2010-07-26 10:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ereqivuxe.dll
    [2010-07-26 08:09:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ucanudowubu.dll
    [2010-07-26 06:07:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atapevaf.dll
    [2010-07-26 04:05:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izovapupikepeqe.dll
    [2010-07-26 02:04:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inibixax.dll
    [2010-07-26 00:02:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imeyorukemomop.dll
    [2010-07-25 22:00:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\egomixefenoy.dll
    [2010-07-25 19:58:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acutaxuhijuciv.dll
    [2010-07-25 17:56:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\upufadujuge.dll
    [2010-07-25 15:54:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akazovec.dll
    [2010-07-25 15:16:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukeferabatid.dll
    [2010-07-25 13:14:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyavojam.dll
    [2010-07-25 11:12:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ilokekibehavaqeg.dll
    [2010-07-25 09:10:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ezorurulipizul.dll
    [2010-07-25 07:08:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atayaparohijepu.dll
    [2010-07-25 05:06:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\emaqidefayoqe.dll
    [2010-07-25 03:05:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\esideduvakadevi.dll
    [2010-07-25 01:02:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eyuxuvedidaki.dll
    [2010-07-22 13:08:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eqilozug.dll
    [2010-07-22 11:06:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\amexusoyaqo.dll
    [2010-07-22 09:04:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\efupozanijudu.dll
    [2010-07-22 07:03:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awozazowemu.dll
    [2010-07-22 05:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\unahefozujec.dll
    [2010-07-21 14:34:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ayuvezuyocadi.dll
    [2010-07-21 12:32:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ulokilug.dll
    [2010-07-21 10:30:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\anewisurasewi.dll
    [2010-07-21 08:28:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uqicowoziq.dll
    [2010-07-17 07:46:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewerucat.dll
    [2010-07-16 13:12:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ijayalog.dll
    [2010-07-16 11:10:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\egumipusovo.dll
    [2010-07-16 09:08:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ikiqivux.dll
    [2010-07-10 15:59:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ivixazivaz.dll
    [2010-07-10 13:57:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\anulesoqa.dll
    [2010-07-10 11:58:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epafugahopi.dll
    [2010-07-09 15:59:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\elovixipabusaxu.dll
    [2010-07-09 13:57:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\amowukatiyuwa.dll
    [2010-07-09 04:04:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awixezibeceri.dll
    [2010-11-22 10:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bitrix Security

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

================================Online scan=================================

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.
I see many keygens on the machine this is dangerous as any one of them could have malware in it plus it is illegal to crack software.

Please remove whatever others that you may have or any p2p software such as Utorrent etc....

================

Let me know of any remaining issues and open OTL once more and click on Run scan.

Post the new log that opens.

Link to post
Share on other sites
Hmm ok please go to start > run then type in sfc /scannow then hit ok.

Let it look for file corruption it may ask you to put in your operating system disk do so if you have it.

Reboot then et me know after that.

Fixed ...Big Thanks ....you guys are pros....

Link to post
Share on other sites

Great you are welcome -_-

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.