cleaned but not fixed

Discussion in 'Malware Help (A Specialist Will Reply)' started by Gee10, May 5, 2009.

  1. Gee10

    Gee10 Private E-2

    My mistake! I opened an exe that i scanned that Mcafee said was clean. Been a nightmare since then. I have run all the programs you suggested but not in order. SAS would not load and MB wouldn't load either. Combofix found some issues and fixed them. After that i was able to run SAS and MB.
    I have run all and have logs. My problem is that i cant get on the internet. I have a connection. I can get on WOW and run some updates, but IE wont work. Need your help fixing the mess I made of my computer. I manually updated all the cleaning programs so they should be current.
     

    Attached Files:

    Gee10, May 5, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It looks like the scans took care of most of it, so let's just do this:

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

File::
C:\Windows\system32\drivers\gxvxctaohfchtlfqwxjtqtsyyhepbqcqhxiki.sys

RegLockDel::
[HKEY_USERS\SYSTEM\ControlSet001\Services\gxvxcserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gxvxctaohfchtlfqwxjtqtsyyhepbqcqhxiki.sys"
"group"="file system"

[HKEY_USERS\SYSTEM\ControlSet002\Services\gxvxcserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gxvxctaohfchtlfqwxjtqtsyyhepbqcqhxiki.sys"
"group"="file system"

[HKEY_USERS\SYSTEM\ControlSet003\Services\gxvxcserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gxvxcfppeyeeyxgsndqmxbpmibbxmdmcbxala.sys"
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, May 8, 2009
    #2
  3. Gee10

    Gee10 Private E-2

    I had trouble shutting down mcafee. I couldn't get the sec center to open tried several things but wouldn't open. I think I was able to stop it with taskmgr. Not sure if it interfered, but didnt seem to.


    IE still not working, but network is working

    Here are the logs.
     

    Attached Files:

    Gee10, May 9, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

Driver::
gxvxctaohfchtlfqwxjtqtsyyhepbqcqhxiki

File::
C:\Windows\system32\drivers\gxvxctaohfchtlfqwxjtqtsyyhepbqcqhxiki.sys

Reglock::
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]002\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]003\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet002\Services\gxvxcserv.sys]
[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]002\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]003\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]002\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]003\AllUserSettings]
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, May 13, 2009
    #4
  5. Gee10

    Gee10 Private E-2

    If I haven't said thank you yet then thank you.

    I am not able to open mcafee but turned scanning off in taskmgr.

    combofix gave me a message about windows defender and malwareremovalbot still running. I turned off all windows defender protections and it still showed up as running. Please forgive my stupidity about Mal~bot. I read about it in a forum (not here)and thought that it would work. As I loaded it I realized that it was not good and worked at removing all traces of it. This was before this problem. I thought that I had removed all traces and hadn't seen any signs of it until this time. It didn't show up in combofix before.

    after running the last script my network and sharing center now shows that i have an internet connection instead of the red X but IE still won't work. I have tried to repair my IP address but there is no place i could find to do it on the network connection. That option is no longer there. Properties are still auto ip address
     

    Attached Files:

    Gee10, May 15, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You didnt allow the C:\MGtools\GetLogs.bat to run to completion. Your MGLogs are virturally empty. Please double click on it again and let it finish.
     
    TimW, May 17, 2009
    #6
  7. Gee10

    Gee10 Private E-2

    I ran it again and got the same. Had to run the .exe to get MGtools to run won't work from the .bat file.
     

    Attached Files:

    Gee10, May 17, 2009
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any problems in your logs. We do need to update your java:

    Please use add/remove programs to uninstall:
    Java(TM) SE Runtime Environment 6"

    Reboot and download and install:
    Java Runtime 6

    Tell what issues you still may have.
     
    TimW, May 17, 2009
    #8
  9. Gee10

    Gee10 Private E-2

    No luck with updated Java.

    I have tried wireless, wired and taking the laptop to another wireless at work and all the same. Other computers work.

    I can update some programs and drivers if they don't require IE to run. As I said, I can get on WOW just fine.

    Should I try to install IE8 to see if that will help? or Firefox?
     
    Gee10, May 17, 2009
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You should definitely download FireFox ...........
     
    TimW, May 17, 2009
    #10
  11. Gee10

    Gee10 Private E-2

    installed firefox no luck!

    still no web browser working
     
    Gee10, May 18, 2009
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\MGlogs.zip

    After clicking Fix, exit HJT.
     
    TimW, May 20, 2009
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds