Jump to content

Recommended Posts

Hello, B)

Problem -->

This is concerning a Malware that goes with the name ''Contextual Tool Yourprofitclub''

This malware has hijacked my internet browsers namely Mozilla Firefox and Internet Explorers ...

ADs Popping up on Mozilla Webpages and ADs in the form of internet explorer windows popping up as well ... :angry: :angry:

Besides this any other internet using softwares getting affected includes only utorrent ...

System Securities -->

Well I have Malwarebytes Anti-malware and i also have ESET Smart Security 4[Not that useful when it comes to malwares] on my system ...

Malwarebytes is successfully blocking attacks and notifying me about them [includes outgoing and incoming attacks] ...

The IP Addresses are always random and different each time ....

Also there is an uninstall option for a software in my add/remove programs list ...

And i have tried thrice so far to uninstall it from there ... Each time it asks me for a code input and then it says uninstalling but the name comes back again in the list.... :angry:

The Reason behind seeking help :mellow: :mellow: is that malwarebytes is able to block the attacks and also detect the malware and is working perfect in blocking everything [found it to be the best i have used so far against malwares ;) ]

But NOT ABLE TO REMOVE OR ERADICATE THE MALWARE FROM MY SYSTEM

Now I am attaching all the logs following all the steps given ...

1.Following DDS.txt Log in this post below

2.Attach.txt log and Ark.txt Zipped and attached

3.Latest Malwarebytes Log Attached as well.

Nd the Threats are very frequent and it is getting very annoying and worrying for me as well

!! I SEEK SOME PROFESSIONAL HELP !!

and hope someone from your specialised team here would be kind enough to help me out concerning this malware problem

Eagerly Awaiting A Reply .. :)

DDS.txt LOG

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Varun at 15:53:03.45 on Mon 03/21/2011

Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24

Microsoft

Attach.zip

mbam-log-2011-03-21 (16-18-47).txt

Link to post
Share on other sites

Hello shadow_07! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

is that malwarebytes is able to block the attacks and also detect the malware and is working perfect in blocking everything [found it to be the best i have used so far against malwares

About that, you need PRO version which is paid. Let me know if you need more information.

Before we go, please post all of your log files.

Link to post
Share on other sites

Hey Borislav, Nice to hear from you and thanks for helping me out here ...

I would like to inform you that i do have pro version and maybe i was not so good in choosing my words ...

More precisely Malware bytes is not able to delete the detected malware files and therefore puts it to quarantine...

Link to post
Share on other sites

Alright ! Now I am posting a few log files .. Kindly go through them borislav ...

the problem that i do face is that each scan i have done over the past few weeks Malwarebytes has detected the same malware files again and again in each scan ...

now i select to remove the files after each scan and it asks me for a reboot and i do that as well ...

but again in the next scan i do the same files pop up again ...

so maybe the files are getting downloaded again somehow ... i am just not able to figure out ..

Just Go through the logs below and u may find the problem ...

[ALSO CHECK THE DATE AND TIME ... THE LOGS ARE OF DIFFERENT DATES AND TIMES ...THOUGH IN EACH LOG THERE IS SOME REPETITIVE FILES]

I AM POSTING 5 DIFFERENT LOG FILES EACH OF DIFFERENT DATE AND TIME [THE DATE AND TIME IS IN BOLD]

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6099

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19019

3/19/2011 12:50:10 AM

mbam-log-2011-03-19 (00-50-10).txt

Scan type: Quick scan

Objects scanned: 166786

Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 16

Registry Values Infected: 12

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\A9YA3MI1CF (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\KCSCPW1HKH (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67691344-7e5a-bfef-374a-effcc10597ff} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{67691344-7e5a-bfef-374a-effcc10597ff} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{67691344-7E5A-BFEF-374A-EFFCC10597FF} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68d17790-71b6-958a-5f39-d30fd80e0ef7} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{68d17790-71b6-958a-5f39-d30fd80e0ef7} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{68D17790-71B6-958A-5F39-D30FD80E0EF7} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Value: Ulrn -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Value: guid -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\A9YA3MI1CF (Trojan.FakeAlert) -> Value: A9YA3MI1CF -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Value: Update -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Value: UpdateNew -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Value: uid -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Value: i -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Value: BuildW -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Value: mms -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Value: udso -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Value: mso -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Value: FirstInstallFlag -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Vpucua.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\irc.txt (Malware.Trace) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6100

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19019

3/19/2011 1:14:49 AM

mbam-log-2011-03-19 (01-14-49).txt

Scan type: Quick scan

Objects scanned: 167739

Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 8

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\System32\vtlhnbebxqwor.dll (Trojan.Agent) -> Delete on reboot.

c:\WINDOWS\System32\c209e1ba.dll (Adware.AdRotator) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lxldstvuxygwv (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68d17790-71b6-958a-5f39-d30fd80e0ef7} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{68d17790-71b6-958a-5f39-d30fd80e0ef7} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{68D17790-71B6-958A-5F39-D30FD80E0EF7} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rrqrsdcnfug (Trojan.Agent) -> Value: rrqrsdcnfug -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Varun\AppData\Local\Temp\domadmin.exe (Adware.BHO) -> Quarantined and deleted successfully.

c:\Users\Varun\AppData\Local\Temp\lssass.exe (Adware.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\System32\vtlhnbebxqwor.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\System32\c209e1ba.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6116

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19019

3/21/2011 4:18:47 PM

mbam-log-2011-03-21 (16-18-47).txt

Scan type: Quick scan

Objects scanned: 166056

Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 8

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\System32\vtlhnbebxqwor.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lxldstvuxygwv (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67691344-7e5a-bfef-374a-effcc10597ff} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{67691344-7e5a-bfef-374a-effcc10597ff} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{67691344-7E5A-BFEF-374A-EFFCC10597FF} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rrqrsdcnfug (Trojan.Agent) -> Value: rrqrsdcnfug -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\System32\vtlhnbebxqwor.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6126

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19019

3/22/2011 8:25:36 AM

mbam-log-2011-03-22 (08-25-36).txt

Scan type: Quick scan

Objects scanned: 166172

Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\B

rowser Helper Objects\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F}

(Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F}

(Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Setting

s\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) ->

Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{

3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) -> Quarantined

and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\B

rowser Helper Objects\{67691344-7e5a-bfef-374a-effcc10597ff}

(Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{67691344-7e5a-bfef-374a-effcc10597ff}

(Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{

67691344-7E5A-BFEF-374A-EFFCC10597FF} (Adware.AdRotator) -> Quarantined

and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rrqrsd

cnfug (Trojan.Agent) -> Value: rrqrsdcnfug -> Quarantined and deleted

successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Varun\AppData\Local\Temp\domadmin.exe (Adware.BHO) ->

Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6133

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19019

3/23/2011 12:43:00 AM

mbam-log-2011-03-23 (00-43-00).txt

Scan type: Quick scan

Objects scanned: 166824

Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68d17790-71b6-958a-5f39-d30fd80e0ef7} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{68d17790-71b6-958a-5f39-d30fd80e0ef7} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{68D17790-71B6-958A-5F39-D30FD80E0EF7} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rrqrsdcnfug (Trojan.Agent) -> Value: rrqrsdcnfug -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

http://forums.malwarebytes.org/index.php?showtopic=78513

Collect::[8]
c:\windows\system32\3964ebc6.exe
c:\windows\system32\authuitu.dll

Fcopy::
c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll | c:\windows\System32\shsvcs.dll

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Hey Borislav,

Well thanks for the help so far .. Really appreciate it :)

Now with regards to the malware problem which included firefox ads and internet explorer windows popping up ....

well the ads and the windows are still trying to pop up and malwarebytes is blocking them successfully as usual

and concerning the scans

and i am still getting infections reported in scans that i do on a daily basis which i remove each time

well here is a recent one for you to go through ...

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6188

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19019

3/28/2011 5:37:15 PM

mbam-log-2011-03-28 (17-37-15).txt

Scan type: Quick scan

Objects scanned: 172275

Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FA92C0F-87C3-0CA5-CA24-BFB23D24238F} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68d17790-71b6-958a-5f39-d30fd80e0ef7} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{68d17790-71b6-958a-5f39-d30fd80e0ef7} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{68D17790-71B6-958A-5F39-D30FD80E0EF7} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rrqrsdcnfug (Trojan.Agent) -> Value: rrqrsdcnfug -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

However there is a reduction but the problem is not completely eradicated from my operating system :(

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

Fcopy::
c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll | c:\windows\System32\shsvcs.dll

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Hey Borislav, Well What can i say ...

--> no more ads on mozilla :)

--> no more pop-ups of internet explorer :)

--> no malware detected in scans of malwarebytes since the past 3 days :)

--> no more problems since the past 3-4 days :)

Thanks a lot Borislav,

Made A big Difference working with you ....

You have been helpful in a big way ...

Now what is the further procedure let me know for precaution and/or prevention ...

Honestly Cant thank you enough ...

Would've been lost myself if i was to be alone on this ...

But with you being there it changed everything ....

Really Appreciate it ...

You've been professional and landed a big difference against this malware...

P.S.-->

Really sorry ... cant display my affection in any way besides this thanks ...

------> Thanks ;)

Link to post
Share on other sites

Thanks for the kind words! :)

Last steps:

Step 1

Go to Start => Run... and copy & paste next command in the field:

ComboFix /uninstall

Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

Note: Make sure there's a space between ComboFix and /uninstall

Step 2

Please manually delete DDS and GMER.

Step 3

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.