ran TDSSkiller and now the internet doesnt work on my PC - Please Help !!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Synthetic123, Dec 1, 2012.

  1. Synthetic123

    Synthetic123 Private E-2

    This is the first time i have EVER registered on anykind of forum and this will be my first post so please bare with me if i make any rookie mistakes because this is all brand new to me. [Thank You]

    I was having the Google Redirect problem on my Windows Xp PC and when i googled how to fix it and there was overwhelming support for TDSSKiller so i downloaded the program and ran it. The scan found 2 serious issues and suggested Cure for one and Quarantine for the other which i accepted. The computer Rebooted with no problem then when i went to use the Internet it says its connected and working properly but no longer worked.

    I tried restarting the Modem and Router, repairing the connection, called comcast and they pinged the modem and said there was nothing wrong with it, switching cables around, reinstalling drivers and anything else i could think of but nothing works. My Laptop which im currently on and my dads computer are all connected to the same internet connection and are both working fine, but my PC is the only one that isnt.

    PLEASE HELP ME if you believe you can or have any suggestions, im open to anything that might work. I would very much prefer to fix the problem if possible then have to format because i have almost 1200 songs, games, pictures and over 10 years worth of stuff which i really dont wanna loose. [thank you very much]
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please follow the instructions for MGtools in the below link. Obviously you will have to download using another PC and then copy to your problem PC using a flash drive...etc. Note: disable any protection software before copying and running MGtools as they frquently get in the way of running it properly.

    Using MGtools

    The copy the MGlogs.zip file back to flash drive and upload via the PC you are using to post here.

    Sounds like you have a ZeroAccess infection which was only partially cleaned up.
     
  3. Synthetic123

    Synthetic123 Private E-2

    Thank you very much for taking the time to read my post. i also apologize for not quickly running the program you recomended and posting the log i have just been very busy and have not had a chance to get around to doing it. But i do have the time today and later im going to download the program, transfer it to my PC, run it and post the log on here like you asked.

    thank you and i really hope i didnt miss out on the chance for further help because my window of opportunity has closed. Hope to here back from you soon.
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As soon as you attach the requested log, we can plan the next course of action.
     
  5. Synthetic123

    Synthetic123 Private E-2

    ok cool, i did everything like you said and as far as i can tell the scan ran fine and there were no error messages or problems. this is the log that was in my C:\ folder like the instructions said but if it is the wrong one or i did something wrong just let me know and i will run the program again no problem.

    P.S. --

    I also wasnt sure if you wanted me to extract the zip file then upload it or not so i just uploaded the non-extracted file. If that is a problem just let me know and i will extract the zip file then re-upload it.

    thank you for your time and help
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is very incomplete which means something did not work properly. However before we worry about that, let me work up a starting attempt at a fix. After the fix, we will collect a new log. Hangon while I work up the fix. ;)
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Look in Add/Remove Programs to see if any of the below are found. If they are then uninstall them.
    bProtector
    Bearshare
    InstallBrain
    Updater Service
    DataManager
    DioCleaner
    Viewpoint Manager
    WinUpdates
    Zango
    Java(TM) 6 Update 4


    Please download OTM by Old Timer and save it to your Desktop.
    • Right-click OTM.exe and select Run as administrator to run it.
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
    explorer.exe
     
    :Files
    C:\Documents and Settings\All Users\Application Data\bProtector\bProtect.exe 
    C:\Documents and Settings\All Users\Application Data\bProtector
    C:\Program Files\BearShare\BearShare.exe
    C:\Program Files\BearShare
    C:\Program Files\SEARCH~1\Datamngr\DATAMN~1.EXE
    C:\Program Files\SEARCH~1\
    C:\Program Files\DioCleaner\DioCleaner.exe
    C:\Program Files\DioCleaner
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Viewpoint
    C:\Program Files\winupdates\winupdates.exe
    C:\Program Files\winupdates
    C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
    C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
    C:\Documents and Settings\All Users\Application Data\IBUpdaterService
    C:\Documents and Settings\Richard\\Local Settings\Application Data\eejqbp\mxfusftav.exe
    C:\Documents and Settings\Richard\\Local Settings\Application Data\eejqbp
    C:\Documents and Settings\Scottie ( Internet )\Local Settings\Temporary Internet Files\Content.IE5\ONYP5LKV\895bd[1].exe
    C:\windows\esecunoj.dll
    C:\WINDOWS\mrofinu72.exe
    C:\WINDOWS\system32\ddcaywx.dll
    C:\WINDOWS\system32\protector.dll
     
    :Reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
    "Ppiwawodafu"=-
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcaywx]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BearShare]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DioCleaner]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dyukxivx]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Updater]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ppiwawodafu]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\runner1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ViewMgr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TCASUTIEXE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winupdates]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZangoOE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZangoSA]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}]
    :Commands
    [purity]
    [EmptyTemp]
    [start explorer]
    
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now install the current version of Sun Java from: Sun Java Runtime Environment

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  8. Synthetic123

    Synthetic123 Private E-2

    Ok so here it goes...

    1. I Looked in my Add/Remove Programs and all that was there from your list was "Updater Service", "Viewpoint Manager" and "Java(TM) 6 Update 4" so i removed those. I see the "bProtector" one in my Task Manager but it was not in the Add/Remove Programs List. I also tried to click on Remove Windows Compenents to see if any from the list were in there but everytime i clicked on it it said it experienced a problem and needed to close and asked me if i wanted to send an error report.

    2. Next I downloaded and Transfered OTM and followed your instructions with the code and moved it. I then downloaded and installed Sun Java Runtime Environment and lastly i went to the GetsLogs.bat file and double-clicked it.

    3. When i was finished with all the steps and instructions i also installed and ran Malwarebytes because i just got the Google Redirect problem on my laptop and when i used that program it fixed the problem and i didnt loose my internet so i figured id tried it. i did and it removed like 260 problems.

    4. I did everything like you said and still no internet. Even after i did everything you said + the Malwarebytes it still doesnt work.

    Here are the logs you asked for though:
     

    Attached Files:

  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay the last fix did not work properly and also MGtools is still not running completely. This is probably due to the fact the bprotect.exe is still running. Let's try the below.



    Now download and save a copy of combofix.exe and save it directly onto your Desktop folder.
    • Then double click on it to run it. Do not disturb it by clicking in the window that opens or it may stall.
    • After it finishes, it may reboot your PC. Attach the C:\combofix.txt log that it creates.
    • If after running Combofix you discover none of your programs will open up because you receive the following error:
      • Illegal operation attempted on a registry key that has been marked for deletion
    • Then you will need to reboot your computer which will normally fix this problem.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds