Fontas.exe Pls Help!!!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by stlsig, Dec 20, 2004.

  1. stlsig

    stlsig Private E-2

    I have searched the net, downloaded hijackthis and even pocket killbox, however I can't get rid of this stupid file. Fontas.exe (with the reboot alternate). Would someone please help me, this is sucking the life out of my computer.
     
    stlsig, Dec 20, 2004
    #1
  2. stlsig

    stlsig Private E-2

    I have also followed the links above in the forum, downloaded all the programs, and cleaned everything else off the computer...
     
    stlsig, Dec 21, 2004
    #2
  3. PhilliePhan

    PhilliePhan Guest

    Hi Stlsig,

    Please take a look at this thread and see if it applies. Just a thought:
    READ ME: Virtumundo Problems/Resolution Threads

    Then, if you have exhausted the resources of the Cleanup Tutorial including the Online Scans, then please send us a HijackThis Log. Please be sure to follow the instructions below:

    Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!

    If you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

    Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

    Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

    I’ve been pretty busy with work lately, but somebody will try to take a look when they get a chance.

    Best luck :)
    PP
     
    PhilliePhan, Dec 21, 2004
    #3
  4. stlsig

    stlsig Private E-2

    Here is the rundown... I appreciate any help possible.
     

    Attached Files:

    stlsig, Dec 21, 2004
    #4
  5. PhilliePhan

    PhilliePhan Guest

    Hi Stlsig,

    As somebody who has seen a boatload of these, my initial diagnosis was correct. You have a StopGuard/Virtumundo Infection. Did you try Symantec's Removal Tool in the link I provided you? If not, you should do so.

    If it doesn't work, a generic fix like those in the link will have to be attempted.
    Right now (if they haven't already mutated) your HJT entries are:

    C:\WINDOWS\Driver Cache\fontas.exe

    O2 - BHO: CATLEvents Object - {13589181-4F0D-4553-B9F8-B4B72172C139} - C:\DOCUME~1\MEGAN~1.BES\LOCALS~1\Temp\satnof.dat

    O4 - HKLM\..\Run: [*abrrun] C:\WINDOWS\Web\abrrun.exe
    O4 - HKLM\..\Run: [*eularas] C:\WINDOWS\msagent\CHARS\eularas.exe
    O4 - HKLM\..\Run: [*dllnut] C:\WINDOWS\system\dllnut.exe
    O4 - HKLM\..\Run: [*fontas] C:\WINDOWS\Driver Cache\fontas.exe
    O4 - HKLM\..\RunOnce: [*fontas] C:\WINDOWS\Driver Cache\fontas.exe rerun

    Note the Satnof / Fontas.

    Please run the Symantec tool and then attach a fresh HJT Log. I have to crash, but somebody should be able to help you get rid of this baddie!

    Best luck :)
    PP
     
    PhilliePhan, Dec 21, 2004
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds