I need help!!! Trojan, virus ? im desperate!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Heapsy, Sep 6, 2009.

  1. Heapsy

    Heapsy Private E-2

    I need help!! The problems start with that any page, file will scroll down and cannot control that , even now when im typing and i cant go back to fix what i was writing because it will not go back it will come to the end of what im typing, Also when i start the computer it "screams" with a load beeping sound for minutes, Kaspersky found a "high risk keylogger" but couldn't delete it. I did a search with another spyware and they found zlob downloader, the internet as well stopped working and the search for the wireless connection was off and i couldn't change it when i did it came back to off, the computer freeze, Update i couldn't do Internet Explorer couldnt connect to the internet.
    I try to use anti spy software , they found some Trojan , virus , but it didnt help, at one point one of them fixed the problem and every thing was fine but i was not sure its goon and i did use the ComboFix but it didn't reboot and i didn't know that i need to reboot , and nothing was working and i was afraid , and didn't know that i shouldn't do the system restore, that the Trojan can come back and that what happened it came back , and seen then nothing i did helped , im trying for a month now, I did combofix , SmitfraudFix , and tried software's, (im in NZ away from my home, in a far a way from geting help to the compute, my husband is working Cryfish and we can't leave now there is no were we can get help so i try my self but im so tried now and i hope you can help, i did fix the IE, update, and connection ) , i did every thing was told by the forum and im attaching it , i did search with Malwarebytes before i saw your web and it fond something , but i have problem with that when i want to delete something weird happened it say that : "Windows cannot access the specified device, path, or file. You may not have the appropriate premissions to access the item" so i did delete it manually, its say the same when i try to open log., Sorry im writing so much , and thank you !!!!!! (RootRepeal.exe it didn't worked i think i have windows 32 , its vista)
     

    Attached Files:

    Heapsy, Sep 6, 2009
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there and welcome to the forums. :)

    We are currently reviewing your logs and will get back to you with a set of instructions as soon as we can.

    Thanks for your patience during this time.
    Kes13!
     
    Kestrel13!, Sep 10, 2009
    #2
  3. Heapsy

    Heapsy Private E-2

    Thank you, i have more problems now , i was updating my phone and i lost the my languages so , i was goole about and download , JAF and now it say that i have "win32.togan!IK and it cant delete it , i try my self but i couldn't find it , I guss problems come in flood. Thank so much for your support .
     
    Heapsy, Sep 10, 2009
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    1. Can you tell me what this is please?

    2. Please go to Add/Remove Programs and uninstall the following old version of Java:

    • Java(TM) 6 Update 15

    3. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking Fix exit HJT.

    4. Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::

Driver::
is-998CRdrv
is-ROPVKdrv
0086281247103088mcinstcleanup
RavCCenter
RavTask
MYSIKZ
QDCBAC
UMF
YSFEFUC
Remote Packet Capture Protocol v.0 (experimental)
Symantec Lic NetConnect service (CLTNetCnService)

DirLook::
c:\users\Heapsy\AppData\Local\temp(2466)
C:\temp_phw

File::
c:\windows\system32\drivers\89483779.sys
c:\windows\system32\drivers\76561105.sys
c:\windows\sued.dat
C:\Program Files\WinPcap\rpcapd.exe 
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

Folder::
c:\users\Heapsy\AppData\Roaming\AVG8
c:\program files\Alwil Software
c:\programdata\Rising
c:\program files\ThreatFire
c:\programdata\Norton
c:\program files\Common Files\Symantec Shared
c:\programdata\Symantec
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      [​IMG]

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    5. Now reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    Ensure MGTools.exe is being run from your C:\ Drive and not your desktop before we do the below:

    6. Run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combofix.

    7. Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
    Kestrel13!, Sep 14, 2009
    #4
  5. Heapsy

    Heapsy Private E-2

    :) Hey Kestrel!!

    Thank you so much!! you answer me in the last minute i couldn't use the computer any more it was stuck and windows explorer didn't work , i did everything you said ,but because i couldn't do any thing at regular boot , i boot it to safe mode and the file you told me to copy i had to use anther computer and i attached it with usb , i don't know if i did right about disable the antivirus because the computer didn't respond so much any way i hope it ok, so after all what i did the computer is much better then the condition before i did what you told me and i can use it in regular mode ( i hope so , i didn't used it yet so much) but i still have all the problem's i had before : that any page, file will scroll down and cannot control that ,Also when i start the computer it "screams" with a load beeping sound for minutes,the computer freeze, and now also the not coming saying that windows explorer stopped working .

    MGTools.exe was seams stuck i know i need to let it finish but i think it is because my computer is stuck , so i stoped it and if its not ok tell me ill do it again

    Again im thankful for your help
    Blessing
    Hila

    (Do you know if live rescue CD linux are good ???)

    (I don't know what is "is-SL40.exe)
     

    Attached Files:

    Heapsy, Sep 15, 2009
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi :)

    1. Is your copy of Spyware Doctor 6.0 a free trial which is useless, or is it a paid for version? If it's a trial then please use Add/Remove Programs to uninstall it.

    2. Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::

File::
c:\windows\is-SJL4O.exe

Folder::
c:\program files\Norman
c:\programdata\Norman 


Registry::
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      [​IMG]



    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    3. Now let's see if we can this time get some complete logs from running MGTools.exe. There's been an update to the software anyway so follow the below instructions and continue on:

    4. Go to this link Using MGTools and download the new version of MGtools.exe using the black bold print link in the first sentence. Overwrite your previous MGtools.exe file with this one.

    5. Now run the new MGTools.exe and attach the C:\mglogs.zip that it generates into your next reply here as well as the C:\combofix.txt from running CF.
     
    Kestrel13!, Sep 19, 2009
    #6
  7. Heapsy

    Heapsy Private E-2

    Hi,
    I had problem using the computer, a window come up and say that windows explorer has stopped to work , i did reaper to computer from safe mode, and it did help a lot but i do use safe mode in all the process you direct me ( i hope its ok ), but still i have this problem with windows explorer, At the beginning i couldn't use combofix so i try to delete them my self (but didnt find some of them) , Any way i succeed to eventually to use combofix .

    Thank you
    Hila:)
     

    Attached Files:

    Heapsy, Sep 21, 2009
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Then try starting it by using task manager.-

    (File > New Task > type in explorer.exe)

    You may have to work out the problems that remain in the software forum, but we will just do the below before finishing off.

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    
KILLALL::

DirLook::
C:\Users\Heapsy\Desktop\Virus Removal Tool1
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      [​IMG]

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Attach the log from running combofix into your next reply here.

    Thanks
    Kes13!
     
    Kestrel13!, Sep 28, 2009
    #8
  9. Heapsy

    Heapsy Private E-2

    Hi,
    Thank you !!
    The :" C:\Users\Heapsy\Desktop\Virus Removal Tool1" it is from Kaspersky , ans i download it aftter the problems start . So is it not good ?

    What do i need to do now ? to go to "work out the problems that remain in the software forum" ??

    :)
     
    Heapsy, Sep 28, 2009
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    yes it's fine :)

    Please do continue to work out problems that remain in the software forum.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, Sep 29, 2009
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds