MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #41  
Old 04-30-12, 16:08
rockyjo rockyjo is offline
Private First Class
 
Join Date: Apr 2012
Posts: 45
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Redirects->Trojans->0Access->No Internet

For both Panda and CFix, in order to re-run, is it correct to click on the downloaded exec file on the desktop just like the first time (when it unloads its files onto your system), or is there some file you should click on in c: that starts the program(s)?

RJ
Reply With Quote
Sponsored links
  #42  
Old 04-30-12, 16:47
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: Redirects->Trojans->0Access->No Internet

Quote:
Originally Posted by rockyjo View Post
For both Panda and CFix, in order to re-run, is it correct to click on the downloaded exec file on the desktop just like the first time (when it unloads its files onto your system)
Yes this is correct.
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #43  
Old 04-30-12, 17:35
rockyjo rockyjo is offline
Private First Class
 
Join Date: Apr 2012
Posts: 45
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Redirects->Trojans->0Access->No Internet

thisu,

Panda ZAcess Tool said "detected and requested some bad files" and now I'm trying to find the log file. Will upload when found or if you see this quickly, where do I find the log file?

RJ
Reply With Quote
  #44  
Old 04-30-12, 17:42
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: Redirects->Trojans->0Access->No Internet

The log file will be on the same location the tool was run from.

So if you ran the tool from your desktop, the log will also be on your desktop.
Its name is yorkyt.exe.log
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #45  
Old 04-30-12, 17:50
rockyjo rockyjo is offline
Private First Class
 
Join Date: Apr 2012
Posts: 45
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Redirects->Trojans->0Access->No Internet

Thanks. Looks like it appended it to the first run...
RJ
Attached Files
File Type: log yorkyt.exe.log (258.7 KB, 8 views)
Reply With Quote
Sponsored links
  #46  
Old 04-30-12, 19:14
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: Redirects->Trojans->0Access->No Internet

Yes but it's clean
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #47  
Old 04-30-12, 19:17
rockyjo rockyjo is offline
Private First Class
 
Join Date: Apr 2012
Posts: 45
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Redirects->Trojans->0Access->No Internet

Hi thisisu,

So what are all those dsalfkjg;dslkhgkashd that it lists? How do I fix those?

RJ
Reply With Quote
  #48  
Old 04-30-12, 19:19
rockyjo rockyjo is offline
Private First Class
 
Join Date: Apr 2012
Posts: 45
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Redirects->Trojans->0Access->No Internet

And what is the problem that caused CFix to freeze like when it was infected, prior to when we got a log from CFix?

RJ
Reply With Quote
  #49  
Old 04-30-12, 20:36
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: Redirects->Trojans->0Access->No Internet

Quote:
Originally Posted by rockyjo View Post
And what is the problem that caused CFix to freeze like when it was infected, prior to when we got a log from CFix?

RJ
I don't know but you were never able to run ComboFix. I think it may have something to do with the low amount of resources your PC has.
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #50  
Old 04-30-12, 20:37
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: Redirects->Trojans->0Access->No Internet

Quote:
Originally Posted by rockyjo View Post
Hi thisisu,

So what are all those dsalfkjg;dslkhgkashd that it lists? How do I fix those?

RJ
Are you referring to this?

Code:
2012-04-15 18:54:32: Listing processes...
2012-04-15 18:54:32:    :[System Process]:0
2012-04-15 18:54:32:    :System:4
2012-04-15 18:54:32:    :smss.exe:480
2012-04-15 18:54:32:    :csrss.exe:540
2012-04-15 18:54:32:    :winlogon.exe:568
2012-04-15 18:54:32:    :services.exe:616
2012-04-15 18:54:32:    :lsass.exe:632
2012-04-15 18:54:32:    :svchost.exe:796
2012-04-15 18:54:32:    :svchost.exe:892
2012-04-15 18:54:32:    :svchost.exe:976
2012-04-15 18:54:32:    :svchost.exe:1132
2012-04-15 18:54:32:    :svchost.exe:1248
2012-04-15 18:54:32:    :spoolsv.exe:1388
2012-04-15 18:54:32:    :svchost.exe:1488
2012-04-15 18:54:32:    :CTSVCCDA.EXE:1528
2012-04-15 18:54:32:    :mbamservice.exe:1568
2012-04-15 18:54:32:    :nvsvc32.exe:1624
2012-04-15 18:54:32:    :wdfmgr.exe:1668
2012-04-15 18:54:32:    :wuauclt.exe:1828
2012-04-15 18:54:32:    :alg.exe:2020
2012-04-15 18:54:32:    :wscntfy.exe:1060
2012-04-15 18:54:32:    :explorer.exe:1292
2012-04-15 18:54:32:    :wmiprvse.exe:1744
2012-04-15 18:54:32:    :yorkyt.exe:1620
These are processes. None of them are bad.

What actual malware related problems are you having with your PC?
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
Sponsored links
  #51  
Old 04-30-12, 23:13
rockyjo rockyjo is offline
Private First Class
 
Join Date: Apr 2012
Posts: 45
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Redirects->Trojans->0Access->No Internet

thisisu,

Sorry, I thought CFix ran once, but just got to 0Access message and then froze.

No, I was referring to Panda saying it detected some bad files, and upon cursory read of log file, noticed quite a few of following (which I thought might be the bad files referenced): some examples from log...

2012-04-30 16:29:41: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wmipcima.dll WMIPCIMA.DLL
2012-04-30 16:29:41: ... Failed to identify driver D8555A09D5862497F4156E9E4CCC808B, using metod 2...
2012-04-30 16:29:41: Looking at \Device\HarddiskVolume1\WINDOWS\Temp\yt\run.bat
2012-04-30 16:29:41: ... Failed to identify driver 2CD77B980B2CC3D655589A2E315AAB57, using metod 2...
2012-04-30 16:29:41: Looking at \Device\HarddiskVolume1\WINDOWS\Temp\yt\nemesiscmd.exe
2012-04-30 16:29:41: ... Failed to identify driver 459A04CCA068CAB8799C2F84068C222D, using metod 2...
2012-04-30 16:29:42: Looking at \Device\HarddiskVolume1\WINDOWS\Temp\yt\PRSBLib.dll
2012-04-30 16:29:42: ... Failed to identify driver B3C157A66ECDBCD3570E2DA139225589, using metod 2...

RJ
Reply With Quote
  #52  
Old 04-30-12, 23:21
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: Redirects->Trojans->0Access->No Internet

Quote:
Originally Posted by rockyjo View Post
some examples from log...
Nope, none of these are bad Most are related to yorkyt.exe

Are you having any malware problems at this point?
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #53  
Old 04-30-12, 23:57
rockyjo rockyjo is offline
Private First Class
 
Join Date: Apr 2012
Posts: 45
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Redirects->Trojans->0Access->No Internet

Then, nope, not that I'm aware of , so must be time to clean up/wrap up...
RJ
Reply With Quote
  #54  
Old 04-30-12, 23:59
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: Redirects->Trojans->0Access->No Internet

Glad to hear it

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /uninstall
      • Notes: The space between the combofix" and the /uninstall, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
  4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  7. Go to add/remove programs and uninstall HijackThis if it present
  8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
    related to MGtools and some other items from our cleaning procedures.
  9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures pointed to by step 7 of the READ ME
      for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  10. After doing the above, you should work through the below link:
Be safe
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trojans found, Firefox not working, google redirects dbs1 Malware Removal 41 11-02-10 16:38
Redirects & 2 Trojans that nothing will remove. mattie1230 Malware Removal 6 10-12-10 13:16
Internet redirects BCPInc Malware Removal 9 07-17-10 11:27
Backdoor Trojans, brower redirects, advertisement popups, etc :( jthm Malware Removal 8 08-01-09 01:49
Trojans, Vundos & Redirects - OH MY! insan_art Malware Removal 13 10-30-08 10:39


All times are GMT -5. The time now is 18:26.


MajorGeeks.Com Home Page
| Admin Tools | All In One | Anti-Spyware | Anti-Virus | Appearance | Backup | Benchmarking | BIOS | Browsers | Covert Ops |
Data Recovery | Diagnostics | Drive Cleaners | Drive Utilities | Drivers | Driver Tools Ergonomics | Firewalls | Games | Game Tweaks | Graphics | Input Devices | Internet Tools | Macintosh | Mail Utilities | Memory | Messaging | Monitoring | Microsoft | Multimedia | Networking | Office Tools | Process Management | Processor | Registry | Security | System Info | Toys | Video | Miscellaneous
|
Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger