This problem seems unfixable!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ScottyG_314, Apr 2, 2009.

  1. ScottyG_314

    ScottyG_314 Private E-2

    i went through the malware removal thread and am sad to report that whatever virus/worm i have, it wouldn't let me install SUPERAntispyware, ComboFix, MGTools, or Malware-Bytes! I started having problems when I started getting these annoying symantec pop-ups that say "scanning message 1 of 1" and they take over my whole screen whenever my computer is online. HiJackThis log has told me there are processes running i'd like to close, but i can't access my task manager. I've run ad-aware a few times, and my spybot s&d became corrupted from whatever i have. I can't open a command prompt window either. When im in safe mode, i can go to websites, but i can't access websites such as bitdefender's or other sites that would help me. It's as if this virus/worm knows im trying to get rid of it.

    Here's my hijackthis log: Any help would be greatly apprecitated!

    Logfile of Trend Micro HijackThis v2.0.2
     
    Last edited by a moderator: Apr 5, 2009
    ScottyG_314, Apr 2, 2009
    #1
  2. ScottyG_314

    ScottyG_314 Private E-2

    Help me please!

    I have gone through the Malware Removal thread and wasn't able to install any of the tools (ComboFix etc) to my infected computer. I get these annoying symantec pop-ups that say "scanning message 1 of 1" and they take over my whole screen whenever my computer is online. HiJackThis log has told me there are processes running i'd like to close, but i can't access my task manager. I've run ad-aware a few times, and my spybot s&d became corrupted from whatever i have. I can't open a command prompt window either. When im in safe mode, i can go to websites, but i can't access websites such as bitdefenders or other sites that would help me. It's as if this virus/worm knows im trying to get rid of it.

    Any help would be appreciated!
     
    ScottyG_314, Apr 2, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's start with this:

    Open notepad and copy and paste the following text in the quote box into the window:
    Save this as fix.bat
    Choose to save as all files.
    Doubleclick fix.bat and let the program run.
    A small black dos window will flash, this is normal.

    Now run HJT, do a system scan only and check the following items:
    O4 - HKLM\..\Run: [hPNS45aY] C:\WINDOWS\rxDcd.exe
    O4 - HKLM\..\Run: [wlffg] C:\WINDOWS\jtwhpydbq.exe
    O4 - HKLM\..\Run: [vsmj3Fl] vb5hits.exe
    O4 - HKLM\..\Run: [6cdb8a6d] rundll32.exe "C:\WINDOWS\system32\jxucfnrr.dll",b
    O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\SCOTTY~1\LOCALS~1\Temp\winlognn.exe
    O4 - HKCU\..\Run: [coyntrol.exe] C:\WINDOWS\System32\coyntrol.exe
    O4 - HKCU\..\Run: [eB5tRPJsU] uticodec32.exe
    O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\SCOTTY~1\LOCALS~1\Temp\winlognn.exe
    O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
    O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\SCOTTY~1\LOCALS~1\Temp\csrssc.exe
    O4 - HKUS\S-1-5-18\..\Run: [nidle] "C:\Documents and Settings\Scotty G\Application Data\nidle\nidle.exe" 61A847B5BBF728103B9D3B466188719AB689201522886B092CBD44BD8689220221DD3257 (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Scotty G\reader_s.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [nidle] "C:\Documents and Settings\Scotty G\Application Data\nidle\nidle.exe" 61A847B5BBF728103B9D3B466188719AB689201522886B092CBD44BD8689220221DD3257 (User 'Default user')
    O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
    O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
    O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe

    After clicking fix, just exit HJT.

    Now use windows explorer to find and delete:
    C:\WINDOWS\system32\afisicx.exe
    C:\WINDOWS\system32\sopidkc.exe
    C:\WINDOWS\System32\reader_s.exe
    C:\WINDOWS\system32\tdctxte.exe
    C:\WINDOWS\rxDcd.exe
    C:\WINDOWS\jtwhpydbq.exe
    C:\WINDOWS\system32\jxucfnrr.dll
    C:\DOCUME~1\SCOTTY~1\LOCALS~1\Temp\winlognn.exe
    C:\DOCUME~1\SCOTTY~1\LOCALS~1\Temp\csrssc.exe
    C:\Documents and Settings\Scotty G\Application Data\nidle
    C:\Documents and Settings\Scotty G\reader_s.exe

    Now see if you can run any of the tools. I need the logs from:
    SAS
    MBAM
    ComboFix
    C:\MGLogs.zip
     
    TimW, Apr 5, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds