Desperate and Need Help

Discussion in 'Malware Help (A Specialist Will Reply)' started by pfred, Jan 25, 2006.

  1. pfred

    pfred Private E-2

    Hello,
    Desparate and requesting help. I have an infestation and nothing I do cleans my system. I followed all the outlined steps a couple of times and was successful in removing some vermin, adware, malware, viruses, etc., etc.. BUT they keep regenerating.
    I think I got infected with a Win Media file.

    Here's what is going on:
    1- The "default" web browser starts every 3-5 minutes and of course ad-ware comes pouring in, not as pop-ups but as full windows, also as non-windowed graphics. I've set IExplorer as the default and have Principle Anti-Virus blocking it. I'm using Opera to browse and post.
    2- A message I get from PAV is "the program is doing everything possible to hide its functionality".
    3- Every once and awhile it tries to run script files using rundll32.exe in an attempt to establish an internet connection.
    4- Invokes "type32.exe" and: "attempting to dial a phone". type32.exe is Microsoft's keyboard utility (?).
    5- It writes various batch files to disk in the "system32" sub-folder.

    The batch files I was able to trap:
    1- TMP.BAT
    Tmp1.com aa.exe
    if not exist aa.exe goto bbb:
    start aa.exe
    del tmp1.com
    del %0
    2- TMP1.BAT
    :aaa
    if not exist tmp1.com goto aaa:
    :bbb

    Whatever virus I have keeps re-generating itself and registers itself in:
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENT VERSION\WINLOGON\NOTIFY
    The program names used are:
    SideBySide
    AppManagement
    Unimodem
    Themes
    The DLL's created are randomly named:
    nmwrsit.dll
    s288...
    ... etc.
    They are impossible to delete, even using KillBox on boot up.
    I managed to trap one: aaaamon.dll

    Hope you can help. I did consider buying a new HD, but then which files can I copy over???

    Fred P.
     

    Attached Files:

    pfred, Jan 25, 2006
    #1
  2. pfred

    pfred Private E-2

    Thanks for the site, the info and for your reply.

    I've been downloading and running many many anti-spy programs. Nothing worked until I came upon Spy Sweeper. It did clean out the mess and my computer finally settled down.
    Then taking your advice I ran fix for Look2Me and it looks like it cleaned out all the traces of L2Me.

    I've uploaded the 2 files from the L2Me session and also the Spy Sweeper Session Log - if it should be of interest.

    Thanks again for all the help. The check is in the mail.

    Fred P.
     

    Attached Files:

    pfred, Jan 26, 2006
    #2
  3. pfred

    pfred Private E-2

    I did some house cleaning with "autoruns" from http://www.sysinternals.com.
    The HiJackThis log is attached. I hope this will be the end of it.

    All your help is very much appreciated.
    fred p.
     

    Attached Files:

    pfred, Jan 26, 2006
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds