Outerinfo Help!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Drakken06, Sep 22, 2006.

  1. Drakken06

    Drakken06 Private E-2

    I've had outer info popups for the last 3 months and i'm so sick of them, i've tried everything within my personal knowledge so i'm asking for some professional help, i have my hijackthis log attached and i followed all steps prior to submitting...
     

    Attached Files:

  2. matt.chugg

    matt.chugg MajorGeek

    We need the following logs as per the procedure:
    • runkeys.txt - the log from GetRunKey.bat
    • newfiles.txt - the log from ShowNew.bat
    • CounterSpy - ONLY IF you were not able to run Windows Defender
    • Bitdefender - from step 6
    • Panda Scan - from step 6
    • HijackThis
     
  3. Drakken06

    Drakken06 Private E-2

    Ok! had trouble getting runkeys and newfiles on txt to upload, so converted them to word, hope thats no problem :eek:
     

    Attached Files:

  4. Drakken06

    Drakken06 Private E-2

    and bitdefender..
     

    Attached Files:

  5. matt.chugg

    matt.chugg MajorGeek

    You have far more serious issues than just popups. You are infected with one or more IRC zombie bots and could be unknowingly participating in Denial of Service attacks.

    You really should be running a software firewall with rule based program filtering such as zone alarm.

    Using p2p programs like Azureus is dangerous and almost certainly where you picked up the zombie bots

    The installed version of Java on this compter is out-dated.
    Install Java Runtime Environment (JRE) 5.0 Update 8 available from http://java.sun.com/javase/downloads/index.jsp.
    Uninstall all older versions of Java on your computer, before installing the latest version of Java.


    Start by downloading two tools we will need

    - Process Explorer

    - Pocket KillBox

    Extract them to their own folder somewhere that you will be able to locate them later.

    IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

    Do the above before continuing! Okay unplug your cable now.

    Make sure you have rebooted in Normal Mode (do not open any other processes)

    - Run Process Explorer

    In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

    Once you see this screen click on each instance of swjvpgh.dll once and then click the kill button. After you have killed all of the swjvpgh.dll under winlogon click ok. (If you do not find the dll, just continue on.)

    Next double click on explorer.exe and again click once on each instance of swjvpgh.dll and kill it. (If you do not find the dll, just continue on.)


    Repeat the same procedure for wucrtupd.dll

    Now just exit Process Explorer.

    Run HijackThis. Click the 'Do a system scan only' button.

    Click Config

    Click Misc Tools

    Click Open Process Manager

    Find the process C:\Documents and Settings\Cody\Application Data\?racle\tracert.exe and select it

    Click Kill Process Click yes to confirm.

    If you have an problems removing this process please make sure you let me know

    Click Back to return to the Main HJT scan results


    Place a checkmark in the box next to the following lines:

    Do you have any of the following installed? and are they working properly ? If you do not have them installed then also place a tick next to the relevant line.


    Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

    Now run Pocket Killbox:

    Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.


    If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

    Now boot into SAFE MODE

    Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)



    If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.



    REBOOT to Normal Mode.



    Post a fresh HijackThis log, and a full shownew log

    You have not uploaded the correct bitdefender log, that is just the summary, the real log should be an html file but save it as a txt file and upload it here.

    Please do not use word files for attachments again, they can contain viruses and as you can see you have plenty.
     
  6. Drakken06

    Drakken06 Private E-2

    ok first off i wanna say that i followed the steps exactly and at this point my comp isnt buggin out on me anymore! attached is the real bdscan, HJT, and shownew logs
     
  7. Drakken06

    Drakken06 Private E-2

    Nevermind, was trying to edit and ran over the time limit, anyways here are the attachments, i still cant get newfiles to upload as a txt so i zipped it seeing as zip is one of the acceptable file types, if you are unsure of it, dont open..
     

    Attached Files:

  8. matt.chugg

    matt.chugg MajorGeek

    I reccomend you uninstal the Logitec Desktop Manager, its not malware but you can see from the hjt log its not right.


    and have HJT fix all these lines

     
  9. matt.chugg

    matt.chugg MajorGeek

    I think you still have some other malware issue too but I will post a fix for those in a bit.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds