PC was making crunching sounds! Did the "read me", still infected...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Skekiman, Apr 11, 2009.

  1. Skekiman

    Skekiman Private E-2

    Well McAfee didn't detect anything but I knew something was up... TODAY I followed a web link that was suppose to link another site but I landed on a weird page that looked like a directory and my firewall asked if AcroRd32 could access the internet, I thought sure why not, then things went weird. All of a sudden out of nowhere "~.exe" wanted access which I denied and blocked and deleted and then "guvodudi.exe" came out of nowhere and wanted access too which got denied, guvodudi.exe was mysteriously set as hidden in my WINDOWS/SYSTEM32/ and Google did not list anything.

    My computer started crunching like crazy and my cpu was at 100% non stop, pop ups from firefox started appearing with ads and crap... Boy oh boy... Found this site, did the READ ME and the crunching stopped, I checked again with SAS and still said infected with less stuff but apparently it doesn't go away, same with Malwarebytes...

    McAfee is so lame... I feel ashamed to have depended on it... It still doesn't detect anything, I'm so glad you guys exist!!
     

    Attached Files:

    Skekiman, Apr 11, 2009
    #1
  2. Skekiman

    Skekiman Private E-2

    Okay so this is not a bump...

    I redid SAS which spotted leftover problems, rebooted again and long and behold after another SAS run, no reported problems! Did malwarebyte's and no problems!

    This was a vundo type malware and a rogue.component

    Does this mean I'm in the clear? I will do the un-restore & restore bit and will await for further instructions.
     
    Skekiman, Apr 12, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Since you have run SAS and MBAM until they come up clean, I would just like you to run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file so that I can double check it. :)
     
    TimW, Apr 14, 2009
    #3
  4. Skekiman

    Skekiman Private E-2

    Here it is! :major

    You guys (and gals?) rock!
     

    Attached Files:

    Skekiman, Apr 16, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sweet...your logs are clean. I would only suggest that you remove your old Java:
    J2SE Runtime Environment 5.0 Update 10"
    "DisplayName"="J2SE Runtime Environment 5.0 Update 6"
    "DisplayName"="Java(TM) 6 Update 2"
    "DisplayName"="Java(TM) 6 Update 3"
    "DisplayName"="Java(TM) 6 Update 4"
    "DisplayName"="Java(TM) 6 Update 5"
    "DisplayName"="Java(TM) 6 Update 7"
    "DisplayName"="Java(TM) SE Runtime Environment 6 Update 1

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Apr 19, 2009
    #5
  6. Skekiman

    Skekiman Private E-2

    All done and feeling good!
     
    Skekiman, Apr 20, 2009
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know....safe surfing. :)
     
    TimW, Apr 22, 2009
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds