Virus blocks ComboFix. Please Help

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by zildjian03, Jan 15, 2009.

  1. zildjian03

    zildjian03 Private E-2

    hello major geeks,

    my problem is that I'm being overrun by viruses. :(
    i can't update all my anti-virus softwares
    combofix is blocked and can't run
    also my firewall turned off by itself

    i've tried updating my anti-viruses at safe-mode ( with networking )
    and conducted scans during it.
    and i successfully run all 5 scans ( SAS, Malbyte, Spybot , ComboFix , HiJack )

    yet when i go to safe mode
    i'd tried to scan again with combofix
    yet it still can't run.. avg then pops up and tells me something about a virus

    also.. when i go to my yahoo messenger
    and when i type in a message.. there is no font appearing in the chat window

    please help me..

    in this post i've attached the logs i've ran during normal mode
    i'll be attaching my logs during safemode in my next post.

    thanks in advance
     

    Attached Files:

  2. zildjian03

    zildjian03 Private E-2

    and here are my logs i've ran during safe mode
    hope this could help..

    due to attachment restriction i couldn't attach my mbam log.
    tell me if you would be needing it so i could attach it to my next post




    thank you again


    please bear with me
    im not good at english

    gudluck and more power
     

    Attached Files:

  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there and welcome. We are currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Your patience during this time is appreciated.

    Thanks
    Kes
     
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    1) Please go to Add or Remove Programs and remove the following old Java:

    • Java(TM) 6 Update 10

    2) Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O20 - AppInit_DLLs: avgrsstx.dll qzjhxc.dll

    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix exit HJT.


    3) Now we need to use ComboFix to remove a bunch of malware files.

    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below code box into it
    (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
     
     
    KILLALL::
     
    File::
    c:\windows\Tasks\idwqpbdc.job
    C:\windows\system32\qzjhxc.dll
     
     
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"="avgrsstx.dll"
     
    
    
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe


      [​IMG]

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    4) Now reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6


    5) Now Run Ccleaner!

    6) Now goto this link Using MGTools and download the new version of MGtools.exe using the black bold print link in the first sentence. Overwrite your previous MGtools.exe file with this one.

    7) Run the new MGTools.exe and attach the MGlogs.zip that it generates as well as the log produced from running Combofix.

    8) Let me know how things are running now!
     
    Last edited by a moderator: Jan 17, 2009
  5. zildjian03

    zildjian03 Private E-2

    gud day sir Kes

    i've followed every step you've requested.
    and here are my logs.


    my yahoo messenger works properly now..
    thank you so much.


    yet still i can't update my avg and other anti-spyware programs

    thanks for your reply
     

    Attached Files:

  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    That'll be Lady Kes :)

    1) Does the below look familiar to you?


    2) Now we need to use ComboFix again.

    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below code box into it
    (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    
    KILLALL::
    
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc4c38a7-e014-11dd-aa95-00138f639daa}]
    
    
    
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe


      [​IMG]

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    3) Now I want you to run a search for auto.vbs on all drives and removable devices. Ensure that you delete these files!

    4) Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combofix.


    5) Make sure you answer my questions from steps 1 and 3

    Thanks
    kestrel13!
     
  7. zildjian03

    zildjian03 Private E-2

    sory lady kes :)
    i didnt noticed your avatar. my apologies

    anyway i've followed your instructions

    and i still cant update my anti-spywares nor go to any anti-spyware sites

    yet i still thank you for your patience.

    im not so sure about this entry :

    svchost.exe do look familiar?

    its like one of the processes in my task manager?

    im sorry im not so much with computers

    please bear with me..


    thank you
     

    Attached Files:

  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Don't forget you need to do this!
     
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Download Registry Search (see the link titled RegSearch Download Link )

    • Extract the files from Regsearch.zip into a folder.
    • Doubleclick regsearch.exe to start the program.
    • See the top 3 boxes under the Enter search strings (case independent) and click Ok... option, enter the below bold string (use copy and paste)

    • shljfk
    • Then click "OK".
    • Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well).
    • Attach this RegSearch.txt file.
     
  10. zildjian03

    zildjian03 Private E-2

    hello lady kes.

    sorry for the late reply..

    im too busy at school :cry

    anyway here is the log that you requested

    hope it will help


    thank you
     

    Attached Files:

  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Now we need to use ComboFix again
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner!

    Now goto this link Using MGtools and download the new version of MGtools.exe from the black bold print link in the first sentence. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds