Automatic loaderadv799.exe download

Discussion in 'Malware Help (A Specialist Will Reply)' started by Hanfresco, Dec 12, 2009.

  1. Hanfresco

    Hanfresco Private E-2

    Hello everyone,

    There appears to be several things wrong with my system.
    1. There is a thing called a starsearchbar that I can't remove (this appears in hijackthis.log Search Bar), though it seems to only affect IE. I use Firefox, but it still makes me uncomfortable to have something I can't remove on my PC.
    2. Google/Yahoo search bars are hijacked and frequently redirects me to random ads, such as "Google Hiring People who work from Home". This occurs for both Firefox and IE.
    3. Every few minutes my NOD32 anti-virus software catches something trying to download loaderadv799.exe from http://bchokies.com/loaderadv799.exe to my computer.

    I do not know whether they are all related. #1 Started happening maybe a few weeks to a month ago. #2 started happening this past week. #3 started happening yesterday.

    I ran Microsoft's malicious removal tool and it detected win32/vundo.py but I wasn't able to locate it on my system...

    I then went through "READ & RUN ME FIRST" but the problem persists. Below are the logs.

    Some notes:
    No rrlog. My computer would freeze when I try to run it. I've made sure everything (windows, browsers, NOD32) is off.
    In LogSAS.txt, there is Trojan.Agent/Gen-HackPatch warnings from PRO ENGINEERING WILDFIRE 4.0. I don't think they're the problem since they've been around for maybe a year or two.
    MGlogs.zip might be incomplete. The program seems to get stuck when it tries to zip hijackthis.log

    Thank you in advance!
     

    Attached Files:

    Hanfresco, Dec 12, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No it is definitely a problem. You may have been infected for a year or two. Also read this: Warning about Porn, Keygens, Cracks, and other Illegal SoftwareIf you PCs health and your security are important to you, then stop downloading and using cracks. Even your NOD32 Antivirus is a cracked/illegal version and must be removed along with all the other illegal software if you wish to continue getting support.


    I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing.




    Now goto TDSSKiller and Download TDSSKiller.zip to your Desktop
    • Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
    • Click Start > Run and copy/paste the following bold command into Run box and hit Enter.
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

    • Follow the instructions to type in "delete" when it asks you what to do when if finds something.
    • When done, a log file should be created on your C: drive called "TDSSKiller.txt" please attach this log to your next reply.
    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\TEMP
    C:\Documents and Settings\Sean Walsh\Local Settings\Temp

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • the log from TDSSkiller
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Dec 14, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds