Malware Doctor/Vista Home Security - Please Help?

Welcome to MajorGeeks!

Please download TDSSKiller.exe and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
• If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).
  • If you do not see the file extension, please refer to: How to view hidden, system files & folders!
• Click the Start Scan button.
• Allow the application to run if prompted by Windows or any security programs you have installed
• Do not use the computer during the scan
• It will start the scan and run rather quickly and will notify you of whether anything is found or not.
• Follow the instructions to delete/quarantine if asks you what to do when if finds something.
• Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

Also attach the requested

• RRlog.txt (from RootRepeal)
• MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.

 

Good!

Now I'll review your logs and post any additional instructions. *It's about my bedtime, so look for a reply tomorrow morning.

dr.m

 

Hello, erosarriving

Why don't I see any security protection applications installed?

*Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Users\selma\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.

Question: What do you know about this?
C:\Windows\Mrymed.exe

Step 1:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Step 2:
Please download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe and select Run as administrator to run it.
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe

:Files
C:\Users\selma\tuumeuh.exe
C:\Users\selma\AppData\Local\Temp\Mpy.exe
C:\Users\selma\AppData\Local\Temp\Mqb.exe
C:\Users\selma\AppData\Roaming\WildTangent

:Commands
[purity]
[createrestorepoint]
[EmptyTemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

Step 3:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

Step 4:
Now install the latest Sun Java Runtime Environment

Step 5:
Please run this and attach the results.

Using ESET's Online Scanner

Step 6:
Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach these files to your next reply:

• the new C:\MGlogs.zip
• ESETscan.txt
• C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

 

No, it is completely unknown. Please add the below to the instructions that I have given you:

*Please go to VirusTotal.com and upload the following file for analysis.
C:\Windows\Mrymed.exe

Then post the URL link to the file scan report along with the other logs I requested.

dr.m

 

Very peculiar!

 

*IMPORTANT: Please attach the logs that I've requested so I can determine whether any remaining problems are malware related.

• the new C:\MGlogs.zip
• ESETscan.txt
• C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log

The duo core processor and the available RAM should run Comodo Antivirus without lagging, I, however, use the "layered approach" with Avira + Comodo Firewall only, and SpywareBlaster. Avast! Free Edition 6.0.1000 is also low on system resource usage. It's your choice but protection software needs to be installed, pronto, to prevent re-infection.