Hitting a wall with a trojan.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by r0ckalittl3, Dec 2, 2009.

  1. r0ckalittl3

    r0ckalittl3 Private E-2

    Okay, so I've tried everything that you guys suggested. I do regular maintenance to my computer and have tried to uninstall all but one anti-virus program, but I can't get anywhere past my start menu on Windows to open the add/remove programs. Also, I can't open the actual files to the programs to uninstall them. As far as cleaning now and doing logs, I can't because nothing from the desktop or past the start menu will run. The only thing I can pull up is firefox and it takes 2-3 hours to do that. I have to repeatedly right-click and refresh everything until it finally opens. I've tried that with other things, but it only whites out the entire box until it doesn't respond and I have to close it with Task Manager. And even Task Manager freezes up. Nothing runs slow in Firefox though and I can open pages and tabs left and right. Avira said that I have TR/Crypt.Zpack.Gen after I left Firefox running overnight. When I got up, and all of this began, I had 48 firefox windows open with ads from stuff like Dish Network and the like. The only thing different I have done in the past week is play Yahtzee on Pogo, so I'm not sure where this is all coming from.

    I also can't download anything new because there is an error with everything I've tried. I'm just getting really frustrated because it is going so slow and just being retarded and I can't do anything with it. Thinking of doing a system restore, but I've never done it before and don't know how it will affect my computer.

    Also, tried to start in safe mode, but it wouldn't. Ugggh.

    Help, pleeeeeeeeease! :cry
     
    r0ckalittl3, Dec 2, 2009
    #1
  2. r0ckalittl3

    r0ckalittl3 Private E-2

    After an hour of it loading, I finally got this. I know it's garbled with junk that should be taken care of easily, but I can't get to anything to do maintenance right now.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:40:29 PM, on 12/2/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal


    Edit by chaslang: Inline HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.
     
    Last edited by a moderator: Dec 5, 2009
    r0ckalittl3, Dec 2, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Your PC is going slow because you have THREE antivirus programs installed. Avira, AVG, and McAfee. You should begin by uninstalling ALL of them to clear up the issues caused by doing this. See if you can bring up Add/Remove programs by clicking Start, Run and entering appwiz.cpl in the run box and clicking ok.

    If you cannot do the above, how are you running HijackThis. If you can run it, you should be able to run other programs. appwiz.cpl is a program too similar to HiackThis.exe but appwiz.cpl is in the C:\Windows\system32 folder and can be double clicked on to run it.

    Then do the below to get started but note we cannot clean your PC based only on a HijackThis log since it provides very little information. Also note, you must note post any logs inline like you did with HijackThis. They will be deleted. Read the sticky threads. All logs must be attachments.


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jambia.com/syndication/cl...yword==singles
    R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
    O2 - BHO: {7c8da465-9f16-5f7b-4314-495a85cd1ee0} - {0ee1dc58-a594-4134-b7f5-61f9564ad8c7} - C:\WINDOWS\system32\aaznsf.dll (file missing)
    O2 - BHO: (no name) - {D96A1DA7-6834-4A21-AC6C-2C5A9C72D6FA} - C:\WINDOWS\system32\mlJyvuts.dll (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\tbu55\morpheustoolbar.dll (file missing)
    O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
    O4 - HKCU\..\Run: [ttool] C:\WINDOWS\essledv.exe
    O4 - HKUS\S-1-5-20\..\Run: [fuwunuzopi] Rundll32.exe "C:\WINDOWS\system32\fohizapi.dll",s (User 'NETWORK SERVICE')
    O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\tbu55\morpheustoolbar.dll (file missing)
    O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\tbu55\morpheustoolbar.dll (file missing)
    O20 - AppInit_DLLs: ssflbt.dll C:\WINDOWS\system32\buretapo.dll C:\WINDOWS\system32\zahipowo.dll c:\windows\system32\dofiboyo.dll c:\windows\ aaznsf.dll ,C:\WINDOWS\system32\zefugabe.dll

    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now reboot and see if you can run our READ & RUN ME FIRST cleaning procedure.
     
    chaslang, Dec 5, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds