HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by geekmatt, Aug 2, 2010.

  1. geekmatt

    geekmatt Private E-2

    I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

    I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

    I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

    I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

    I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
     

    Attached Files:

  2. geekmatt

    geekmatt Private E-2

    Here is the 5th log.
     

    Attached Files:

  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please go to Add/Remove programs and uninstall the following software:

    • Java(TM) 6 Update 19

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::
    
    File::
    C:\WINDOWS\e
    
    DirLook::
    c:\documents and settings\Matt\Application Data\Viebpi
    c:\documents and settings\Matt\Application Data\Hynoe
    c:\documents and settings\Matt\Application Data\Egip
    C:\Documents and Settings\Matt\Application Data\Qodese
    
    Folder::
    C:\WINDOWSD56B0E274A3E46C9B5C1D93D580C099C.TMP
    
    Registry::
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      [​IMG]

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Also delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day).


    Reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    Re-run Malware Bytes and attach the log regardless of whether it found anything or not.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this, also the mbam log.
     
  4. geekmatt

    geekmatt Private E-2

    I just noticed after running the Combo Fix the first time before I posted the logs that a lot of my .exe files have been shredded. Adobe isn't working anymore and some other software programs won't load at all.

    At this point, is reformating the best/only option?
     
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    What exe files have been deleted? The only deletions combofix made are listed in it's log.
     
  6. geekmatt

    geekmatt Private E-2

    Sorry, I mispoke. I'm not sure if it was .exe files but I noticed that Acrobat is not working. When I try to open a .pdf file it says there is a missing .dll
    Also, tried to run some other software programs but they won't launch.
     
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Then it would be great if you could complete my instructions from message # 3. :) Attach logs. Until then I cannot help you. :(
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds