bad virus infection! help!

Discussion in 'Malware Help (A Specialist Will Reply)' started by phonetools, Aug 13, 2009.

  1. phonetools

    phonetools Private E-2

    Hey everyone
    yesterday my PC got infected really badly with malware while browsing the web. it slowed down a whole lot then crashed. when i rebooted my desktop background had been changed to a blue screen saying my computer was infected with spyware.

    the symptoms of my infection are as follows. the computer takes a lot longer than it used to in loading my desktop on startup. everything runs a lot slower now.

    the first time after it crashed there were a few weird things in my msconfig startup, i deselected them. the only thing that's suspicious now is something called "winupdate" which i didn't have before and which i disabled from starting up. after googling winupdate appears to be a trojan.

    every so often a 'command prompt' box will go across my screen and then dissapear (probably every time i reboot the computer, it happens after awhile). and now every so often the computer will crash, either by freezing up completely or restarting suddenly for no reason. it seems to do this randomly.

    the virus seems to not be letting me do a system restore (the 'next' button wont work. it also won't let me run combofix (the loading bar appears, and when it should be loaded nothing happens). i am sure this is because of the viruses, i have been able to run combofix in the past on this computer.

    I have also gotten this popup a few times: "message from webpage'--- klikk her for $ GRATIS i blackjack sjetonger" with an option of clicking OK or cancel. hmmmm

    i have followed your malware removal guide. attached are all of the logs (except for combofix which i coudln't run). i attached two malwarebytes logs, one of them is the one i did right when i got infected, another one is the one i did when following the malware removal guide. i am also attaching my hijackthis log in case that helps.

    any help would be GREATLY appreciated!!! right now my computer is bareley usuable :(
    thanks so much!!!
     

    Attached Files:

    phonetools, Aug 13, 2009
    #1
  2. phonetools

    phonetools Private E-2

    last log
     

    Attached Files:

    phonetools, Aug 13, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    If you are using MSconfig to control startups, you need to stop doing this as instructed in step 4 of the READ & RUN ME. Put your PC into normal startup mode now before continuing.

    We don't ask for HijackThis logs and specifically state not to post them. We do however need the log from MGtools before we can really provide a complete fix. I will however get you started and then ask you to run it again to get a new log to post.


    Download HostsXpertand then follow the below steps.
    • Unzip HostsXpert.zip
    • It will create a folder named HostsXpert in whatever folder you extract it to.
    • Run HostsXpert.exe by double clicking on it.
    • Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
    • Click Restore Microsoft's Hosts File and then click OK.
    • Click the X to exit the program
    Please double-click the RootRepeal.exe previously downloaded.
    • Select File then Scan
    • On the Select Drives form select drive C by "ticking" the box for drive C and click OK
    • When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.

      • C:\WINDOWS\system32\SKYNEThxdoevtq.dat
        C:\WINDOWS\system32\SKYNETjgqxtoip.dll
        C:\WINDOWS\system32\SKYNETotqgblho.dat
        C:\WINDOWS\system32\SKYNETotxjbfro.dll
        C:\WINDOWS\TEMP\tmp243.tmp.54925017.tmp
        C:\WINDOWS\system32\drivers\SKYNETirqlmewh.sys
    • After Wiping all files, immediately reboot your pc!

    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now try to run ComboFix per the cleaning instructions.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\avenger.txt
    • the log ComboFix if it ran
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Aug 15, 2009
    chaslang, Aug 15, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds