Blue screen,warning spyware detected

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by jim633, Aug 11, 2008.

  1. jim633

    jim633 Private E-2

    Hi all,I am new here,and I seen some other threads about the same problem.I don't know anything about computers,so I didn't want to try anything on my own,I thought I would ask here to see if it is something I could get some help with.I will wait untill I hear back from someone before trying anything.
     
    Last edited: Aug 11, 2008
    jim633, Aug 11, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


    If something does not run, write down the info to explain to us later but keep on going.

    Do not assume that because one step does not work that they all will not.

    READ & RUN ME FIRST. Malware Removal Guide


    Note:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

    Starting your computer in Safe mode

    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    TimW, Aug 11, 2008
    #2
  3. jim633

    jim633 Private E-2

    Hi Tim,Thanks for trying to help me out,I don't know enough about these computers to even do some of the stuff that you were asking me to do.Downloading anything takes hours to do.I went to the add and remove part and there is not much in there.The only thing that was on the list is AntiviXP08,and I tried to remove it but it is still there.I give up though,thanks for tryin man. Jamie
     
    jim633, Aug 11, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Perhaps you could download the scans to a different computer and transfer them to the infected machine?

    ComboFix should download fast and after renaming it...just double click the icon on the desktop....
     
    TimW, Aug 11, 2008
    #4
  5. jim633

    jim633 Private E-2

    Ok I will give that a try.Thanks Jamie
     
    jim633, Aug 11, 2008
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let me know what happens....:)
     
    TimW, Aug 12, 2008
    #6
  7. jim633

    jim633 Private E-2

    Hi Tim,well I finally got it downloaded to this PC.But you have to buy it.It took about 4 hours to load it,then another hour and a half to install.This thing is doing all kinds of wierd stuff.If I try to close one program it closes everything,runs slower than it ever has.I tried to unistall antiviXP08 and it wont let me do it.Is there anything I can go buy that will take care of it,or just take it to the computer shop and spend another couple hundred $ to fix it.Just got it back a couple weeks ago,it had a blue screen with black beetles crawling all over eating the screen.It has Mcaffee virus that we pay for,its all updated.
     
    jim633, Aug 12, 2008
    #7
  8. jim633

    jim633 Private E-2

    Is there some thing I can go and buy that will take care of this,or just take it to a computer shop.This has even been real hard to get here to post this.
     
    jim633, Aug 12, 2008
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    There is absolutely nothing in the Read and Run First instructions that require you to buy anything......nothing!

    Are you following those instructions? Can you get someone to download those programs (ComboFix, SAS, MWB's, MGTools) and put them on a cd or thumb drive and transfer them to the infected machine? Can you do so in safe mode?

    Getting those logs from the scans is the only way I can help you.
     
    TimW, Aug 12, 2008
    #9
  10. jim633

    jim633 Private E-2

    Tim,I got one of those logswill try to get the others as soon as I can.I think this one is the combofix one.After scanning it got rid of the box in the middle of the screen that had the warning in it,but the main screen is still blue.
     

    Attached Files:

    Last edited by a moderator: Aug 14, 2008
    jim633, Aug 13, 2008
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    HOW TO: Attach Items To Your Post

    Use windows explorer to find and delete:
    C:\WINDOWS\SYSTEM32\D6.tmp
    C:\WINDOWS\SYSTEM32\D5.tmp
    C:\WINDOWS\SYSTEM32\CB.tmp
    C:\WINDOWS\SYSTEM32\16.tmp
    C:\WINDOWS\SYSTEM32\BA.tmp
    C:\WINDOWS\SYSTEM32\B9.tmp
    C:\WINDOWS\SYSTEM32\B8.tmp
    C:\WINDOWS\SYSTEM32\AF.tmp
    C:\345543.bat
    C:\818646.bat

    Attach the rest of the logs when you are ready.
     
    TimW, Aug 14, 2008
    #11
  12. jim633

    jim633 Private E-2

    Hi Tim,I just deleted what you had listed.I will try to get the others today. Thank you for the help so far. Jamie
     
    jim633, Aug 14, 2008
    #12
  13. jim633

    jim633 Private E-2

    Timm,I went back to my brothers house and down loaded I think the right ones.Here is one of them.


    Malwarebytes' Anti-Malware 1.24
    Database version: 1012
    Windows 5.1.2600 Service Pack 2

    11:49:44 AM 8/14/2008
    mbam-log-8-14-2008 (11-49-14).txt

    Scan type: Full Scan (A:\|C:\|D:\|)
    Objects scanned: 65379
    Time elapsed: 26 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 6
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 3
    Files Infected: 17

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcvsrj0ecdc (Rogue.Multiple) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcvsrj0ecdc (Rogue.Multiple) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_CLASSES_ROOT\atfxqogp.bnmt (Trojan.FakeAlert) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> No action taken.

    Files Infected:
    C:\QooBox\Quarantine\C\WINDOWS\etkq.exe.vir (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0032495.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{5B2DD20E-9F7A-4277-87B2-AB948A542BDA}\RP90\A0033334.scr (Trojan.Agent) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080708073833203.log (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080708110026046.log (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080708191531781.log (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080708191821093.log (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080708202921718.log (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080708203900703.log (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080708212521609.log (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080708224248625.log (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080709072357156.log (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080709074440015.log (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080710070708500.log (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080710071006484.log (Rogue.Multiple) -> No action taken.
    C:\WINDOWS\SYSTEM32\clkcnt.txt (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\test\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
     
    jim633, Aug 14, 2008
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to read the link I gave you on How to Attach items to your post!!

    Also, you ran MWB's, but you didn't have it fix what it found!! Please run it again and do so.
     
    TimW, Aug 14, 2008
    #14
  15. jim633

    jim633 Private E-2

    I hope I sent this the right way this time.I am so confused rigt now.What else do I need to send you.I also cannot get the MGtools to run.And the sybot search and destroy downloaded but on this computer it says super anti spyware.I just don't know
     

    Attached Files:

    jim633, Aug 14, 2008
    #15
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What error message or problems are you having with running MGTools?

    You can check the message against these instructions:
    Using MGtools
     
    TimW, Aug 14, 2008
    #16
  17. jim633

    jim633 Private E-2

    I downloaded it onto a cd,and when I tried to run it on this machine it says,Failed to ensure dir exists:\MGTools
     
    jim633, Aug 14, 2008
    #17
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    MGtools.exe must be copied into the root folder of the hard disk where Windows is installed. Then you run it from this location to. This is normally C:\MGtools.exe This was explained in the Using MGtools procedure. You cannot run it from a CD.

    Where is the log from SUPERAntiSpyware? You are running the steps in the READ & RUN ME in the wrong order. Why was ComboFix run before all the other scans? Order is important.
     
    chaslang, Aug 14, 2008
    #18
  19. jim633

    jim633 Private E-2

    Thanks alot guys,the warning sign and blue screen is gone now.Wallpaper and screen saver working properly.Thank you soooo much for the advice.Dont know how you guys do this all day long.I drive truck for a living,and drive from Connecticut to Los Angles once a week,and doing this was ALOT harder on me than driving,more tiring than driving.My hat is off to ya.
     
    jim633, Aug 15, 2008
    #19
  20. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I would still like to see the log from running the MGTools.exe ---> it will be here:
    C:\MGLogs.zip so I can make sure all of it was removed. :)
     
    TimW, Aug 15, 2008
    #20
  21. jim633

    jim633 Private E-2

    Hi Tim,here is the log.
     

    Attached Files:

    jim633, Aug 15, 2008
    #21
  22. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sweet.......one thing to remove:
    C:\WINDOWS\SYSTEM32\cxnfrwfh.ini

    And you need to download and install:
    Java Runtime 6

    If you are not having any other malware problems, it is time to do our final steps:
     
    TimW, Aug 15, 2008
    #22
  23. jim633

    jim633 Private E-2

    So everything looked ok huh?I am in the process of doing the last steps now.Thanks a million buddy. Jim
     
    jim633, Aug 15, 2008
    #23
  24. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did you remove that file? ...Let me know, And you are most welcome. :)
     
    TimW, Aug 15, 2008
    #24
  25. jim633

    jim633 Private E-2

    Yes I deleted that file.When I clicked on the Java Runtime 6,It takes me to another page,but then which one to click on to download.There are numerous places.I am sorry but this is all greek to me..
     
    jim633, Aug 15, 2008
    #25
  26. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Aug 16, 2008
    #26

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds