MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 04-05-11, 10:17
Spinser Spinser is offline
Private E-2
 
Join Date: Apr 2011
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Default Huge computer problem (DHL e-mail virus)

First of all, sorry about my English. Second: This is my first post so if there are any problems with it I'm sorry.

Now this is my problem: Earlier today i received e-mail from DHL saying: your parcel has been sent, it will arrive... Then I opened attachment (I didn't know about all that problems about DHL mail viruses) and I unzipped, start icon and then AVG report Malware alert. AVG quarantine that and requires restarting computer. When computer restarted I normally log in, BUT when I try starting programs it say: "Application not found", or Open with screen pops out. Also I can't install any program or delete because: Control panel ("application not found") and any program I want to start (Open with) aren't working... That is the reason I can' t follow instructions from "READ & RUN ME FIRST".

I will appreciate any help.
Thank you in advance.
Reply With Quote
Sponsored links
  #2  
Old 04-05-11, 10:20
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,092
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: Huge computer problem (DHL e-mail virus)

Try this.

Please download RogueKiller.exe and save it to your desktop.
  • Now quit all running programs.
  • Double click RogueKiller.exe to run it.
  • When prompted, type 1 and hit Enter.
  • A RKreport.txt should appear on your desktop.
  • Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe .
  • Please post the contents of the RKreport.txt in your next Reply.

Now see if you can work your way through this. READ & RUN ME FIRST. Malware Removal Guide
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
Spinser (04-05-11)
  #3  
Old 04-05-11, 11:09
Spinser Spinser is offline
Private E-2
 
Join Date: Apr 2011
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: Huge computer problem (DHL e-mail virus)

Here is report


Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: stefan [Admin rights]
Mode: Scan -- Date : 04/05/2011 18:08:13

Bad processes: 0

Registry Entries: 8
[APPDT/TMP/DESKTOP] HKCU\[...]\Run : Octoshape Streaming Services ("C:\Documents and Settings\stefan\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun) -> FOUND
[APPDT/TMP/DESKTOP] HKUS\S-1-5-21-117609710-1454471165-725345543-1003[...]\Run : Octoshape Streaming Services ("C:\Documents and Settings\stefan\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Documents and Settings\stefan\Local Settings\Application Data\oqc.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Documents and Settings\stefan\Local Settings\Application Data\oqc.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...]exefile\shell\open\command : ("C:\Documents and Settings\stefan\Local Settings\Application Data\oqc.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...].exe\shell\open\command : ("C:\Documents and Settings\stefan\Local Settings\Application Data\oqc.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Documents and Settings\stefan\Local Settings\Application Data\oqc.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Documents and Settings\stefan\Local Settings\Application Data\oqc.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> FOUND

HOSTS File:
127.0.0.1 www.audio4fun.com


Finished : << RKreport[1].txt >>
RKreport[1].txt
Reply With Quote
  #4  
Old 04-05-11, 11:15
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,092
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: Huge computer problem (DHL e-mail virus)

OK, remember what I said about attaching items and not posting inline like you did. I gave you a link on how to do this.

Now continue to work your way through what you can of the R&R.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #5  
Old 04-05-11, 11:19
Spinser Spinser is offline
Private E-2
 
Join Date: Apr 2011
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: Huge computer problem (DHL e-mail virus)

Ok, thanks. I'll try to work my way trough and I'll post replay when i finish (probably tomorrow).
Reply With Quote
Sponsored links
  #6  
Old 04-07-11, 08:54
Spinser Spinser is offline
Private E-2
 
Join Date: Apr 2011
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Exclamation Re: Huge computer problem (DHL e-mail virus)

Ok guys. I tried again to follow READ & RUN but i can't get any application working. I can't get in control panel as well so i can't go to Add/Remove programs. When I try to start any kind of application (including CCleaner, or any other it just pop up "Open with" window. And this is 3rd day that my computer having virus and i now start feeling that he runs quite slowly. I hope you have some kind of advice.
Reply With Quote
  #7  
Old 04-07-11, 09:31
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,092
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: Huge computer problem (DHL e-mail virus)

Try and at least get Combofix and MGTools run in safe mode.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
Spinser (04-07-11)
  #8  
Old 04-07-11, 11:49
Spinser Spinser is offline
Private E-2
 
Join Date: Apr 2011
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Smile Re: Huge computer problem (DHL e-mail virus)

Hahaha this is great. I started MGtools and here is log from it. But then i tried to start ComboFix but he said that i must uninstall AVG. I did that with AVG remover and when it was competed suddenly everything comes back to normal. I didn't scanned with ComboFix. It can be possible that malware was hidden in quarantine folder of AVG and then it was destroyed in the process. I want to know what do you think about that and to say me am I safe now.
Attached Files
File Type: zip MGlogs.zip (136.7 KB, 3 views)
Reply With Quote
  #9  
Old 04-08-11, 19:07
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,092
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: Huge computer problem (DHL e-mail virus)

What is this file?
C:\Documents and Settings\stefan\check.bat

Ask Toolbar <--- Uninstall this.

Please go to virustotal and upload the following files for analysis, and let me know the results.
  • C:\windows\_WiseFW.ini
  • C:\Documents and Settings\stefan\check.bat

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.
  • Right-click OTM.exe And select " Run as administrator " to run it.
  • Paste the following code under the area. Do not include the word Code.

Code:
:files
C:\Documents and Settings\stefan\Local Settings\Application Data\823844su6067g748f301q48vje741lv7bwcg7wj
C:\Documents and Settings\All Users\Application Data\823844su6067g748f301q48vje741lv7bwcg7wj
C:\Documents and Settings\stefan\Templates\823844su6067g748f301q48vje741lv7bwcg7wj
C:\windows\ka.ini
C:\WINDOWS\system32\Access.dat

:Commands
[emptytemp]
[Reboot]
  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Push the large button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

You need to download Ccleaner if you have not already done so and run it to clear out temp files which have gathered.

Are you still having problems? If so then you will need to run Combofix and attach the log from doing so.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #10  
Old 04-09-11, 06:23
Spinser Spinser is offline
Private E-2
 
Join Date: Apr 2011
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: Huge computer problem (DHL e-mail virus)

I don't have any problems now. Thanks for your help. Can you just tell me how to close this thread?
Reply With Quote
Sponsored links
  #11  
Old 04-09-11, 06:51
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,092
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: Huge computer problem (DHL e-mail virus)

Attach the requested logs first.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
E-mail address contact list -- trojan virus problem! Please help.? somewhat_confused Malware Removal 3 05-22-10 14:01
Huge files on my computer tmontgo Software 2 12-15-08 12:41
Huge Problem, Huge Story :( Maroon5Chik27 Software 1 02-11-07 16:17
Huge Virus probs SirDidymus24 Malware Removal 1 12-15-06 01:45
Huge Problem... pepsipaul Hardware 2 03-12-05 19:26


All times are GMT -5. The time now is 20:50.


MajorGeeks.Com Home Page
| Admin Tools | All In One | Anti-Spyware | Anti-Virus | Appearance | Backup | Benchmarking | BIOS | Browsers | Covert Ops |
Data Recovery | Diagnostics | Drive Cleaners | Drive Utilities | Drivers | Driver Tools Ergonomics | Firewalls | Games | Game Tweaks | Graphics | Input Devices | Internet Tools | Macintosh | Mail Utilities | Memory | Messaging | Monitoring | Microsoft | Multimedia | Networking | Office Tools | Process Management | Processor | Registry | Security | System Info | Toys | Video | Miscellaneous
|
Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger