It all just keeps coming back

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Windrof, Jan 9, 2005.

  1. Windrof

    Windrof Private E-2

    Greetings everyone I need some help.

    First off... I have followed all the proceedures listed on the READ ME thread that is asked and I STILL AM HAVING ISSUES.

    I have Ad-Aware SE and with the VX add.

    I have HiJackThis v1.99 and have followed the steps on that thread as well.

    Here is the problem:

    I run Ad-Aware everytime I log on, and even in safe mode. It finds beween 8 and 60 items. Mostly Malware and DataMiners. Then once I fix those I rescan and it comes up clean. However, I am still getting pop-ups, I have EnhanceMySearch, and when I log off and log back in... and re-run Ad-Aware I still have 8-60 items that show up and the same problem persists.

    Can anyone help and point me in the right direction? It is a major annoyance. THANKS TO EVERYONE IN ADVANCE!!
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
  3. Windrof

    Windrof Private E-2

    Thanks for the quick reply...

    Here is my log
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You said you ran ALL the steps in the READ ME but you did not. You have at a minimum skipped the online scanners. Why? Did you skip anything else?
     
  5. Windrof

    Windrof Private E-2

    What do you mean? Skipped the Online steps?? I'm sorry I'm confused?
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
    C:\WINDOWS\system32\dskc16gt.exe
    C:\WINDOWS\system32\fcorier.exe

    After killing all the above processes, click "Back". Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
    O2 - BHO: SDWin32 Class - {4B623A6F-4C8C-4ADF-ABEF-52D2C34F5F01} - C:\WINDOWS\System32\kkysv.dll
    O2 - BHO: SDWin32 Class - {75D1199C-C49D-4073-B723-086588A959C9} - C:\WINDOWS\System32\vzqyd.dll
    O4 - HKLM\..\Run: [kkysvc] C:\WINDOWS\System32\kkysvc.exe
    O4 - HKLM\..\Run: [vzqydc] C:\WINDOWS\System32\vzqydc.exe
    O4 - HKCU\..\Run: [M0tERWY9S] fcorier.exe
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\pkcbrryv.exe


    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\system32\dskc16gt.exe
    C:\WINDOWS\system32\fcorier.exe
    C:\WINDOWS\BTGrab.dll
    C:\WINDOWS\System32\kkysv.dll
    OC:\WINDOWS\System32\vzqyd.dll
    C:\WINDOWS\System32\kkysvc.exe
    C:\WINDOWS\System32\vzqydc.exe
    C:\Program Files\Internet Explorer\pkcbrryv.exe

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I did not say online steps! I said on line scans!

    Scanning And Cleaning Steps: (note steps 1 thru 4 are NOT optional!)

    1:
    Virus And Trojan Scanning (do not skip these two scans or you will be asked to run them before continuing)
    a) Win9x (Windows 95, 98, 98SE) users boot normal mode.
    b) And Windows XP, 2000, NT, ME, users boot in "safe mode with networking support" (and remain in there). See how to boot in safe mode below.
    NOTE: If using a non-IE browser, you can use Trend Micro's online scan with Java located HERE

    How to boot in safe mode: To boot into safe mode, restart your computer and tap the f8 key (after first black and white screen, but before the Windows splash screen) until you get to a black and white screen asking you what to do. With Windows XP, 2000, NT, ME: Use your arrow keys and select "safe mode with networking support".

    Booting in safe mode is important because best results are achieved since safe mode disables most drivers and running programs.
    If you have a problem for any reason trying to run these scans in safe mode, do them in normal boot mode but make sure you tell us that in any subsequent message you may need to post about your problem,
     
  8. Windrof

    Windrof Private E-2

    I'm sorry

    I did the on line scans and it said I was safe for everything except Virus Protection Update Check
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No you did not run the Trend Micro and Symantec online scans! They would show in your HJT log if you did.

    Run the cleanup steps I gave you!
     
  10. Windrof

    Windrof Private E-2

    It seems as though the pop ups are gone...

    A side note... I lost the "XP" look to the tast bar and the start menu.

    Here is the updated log.
     

    Attached Files:

  11. Windrof

    Windrof Private E-2

    Nevermind... fixed the XP look is back.. Sorry

    By the way THANKS FOR ALL THE HELP!
     
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome! Your log is clean now.

    You should check this link out: How to Protect yourself from malware!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds