It all started with Ukash!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by leelee77, Jul 6, 2012.

  1. leelee77

    leelee77 Private E-2

    Hello all.

    Many thanks in advance for all the help. The site has already been a great learning curve.

    As the title says...this problem started with Ukash...but now the next part of this saga is chatzum

    Any way I followed this thread to remove ukash virus.. which I may have got via redtube

    (Computer Locked / Ukash)
    http://forums.majorgeeks.com/showthread.php?p=1749985

    It seems that I picked up this chatzum "virus" via downloading possibly the MBRC program off a dodgy site (school boy error)

    I have followed the vista malware removal thread and now will post my logs.
    I will not post the malwarebytes log as under logs there seems to be 15 entrys....does it list them in date order?

    Also I think hitman pro quarantined a malware it picked up. Sorry about that.

    On a side note whilst looking for the MGlogs zip file ...in the same location OS(C:) was a chatzum.exe file.

    Thanks again for the help...have a good weekend!

    Liam
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Just a false detection of OldTimer's MoveIt program which is why we say don't fix anything until we tell you to. ;)

    Looks like a search toolbar you downloaded with a Torrent. I see the below toolbar
    Code:
    C:\Program Files\
    CHATZU~1       4 Jul 2012              "ChatZum Toolbar"

    Please attach the below MBAM logs:
    Code:
    "C:\Users\lee lee\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
    4 Jul 2012  2162  "mbam-log-2012-07-04 (21-13-24).txt"
    4 Jul 2012  2512  "mbam-log-2012-07-04 (21-17-09).txt"
    4 Jul 2012  5874  "mbam-log-2012-07-04 (18-49-53).txt"
    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.



    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...xMisxLUYxME0xMlIrMQ"&"prod=90"&"ver=10.0.1424

    After clicking Fix, exit HJT.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    See the download links under this icon [​IMG]
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now after reboot run the below Windows Repair to fix your firewall. This can take a long time to run. Just walk away and let if run. Don't do anything else while it is running.

    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Repair Windows Firewall
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Proxy Settings
      • Repair Windows Updates
      • Set Windows Services To Default Startup
    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished.

    After this last reboot, run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Download OTL to your desktop.

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Double-click OTL.exe to start the program.

    • Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code

    Code:
    :processes
    :killallprocesses
    :files
    C:\Users\lee lee\AppData\Roaming\Microsoft\Windows\Templates\107hy5tll5
    C:\Users\lee lee\AppData\Roaming\Microsoft\Windows\Templates\ux28k8k70xg6ehd13ev2e
    C:\Program Files\ChatZum Toolbar
    C:\chatzum.exe
    :commands
    [PURITY]
    [EMPTYTEMP]
    [RESETHOSTS]
    [REBOOT]
    
    
    • Then click the Run Fix button at the top.
    • Click the OK button.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:

    • C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
  4. leelee77

    leelee77 Private E-2

    Thanks for the replys and help

    I have so far followed the instructions from TimW and attach the requested log.



    Do I need to follow chasland's advice also at this stage?

    Keep up the good work


    Liam
     

    Attached Files:

  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    To be on the safe side, also run the fix provided by Chaslang. I don't know how we cross posted together. But do his as well. Attach the requested logs.;)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds