Dio Cleaner or Ransomware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by blaqout, Jan 20, 2008.

  1. blaqout

    blaqout Private E-2

    I've followed all the steps listed on the site here in the forums. From everything else i've found about dio cleaner, it appears to be ransomware, and other sites say only way to get rid of it is to pay for the product, or format your hard drive and start over. there has to be a better way as i'm sure someone on here can help me. i'd rather not reformat if i can get away from doing it. running out of options and patience at this point, so any further help would be greatly appreciated. looking forward to seeing what all help i do get. thanks in advance.
     

    Attached Files:

    blaqout, Jan 20, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please attach the other two logs that were requested in the READ & RUN ME.

    1. C:\ComboFix.txt
    2. AVG Antispyware
    You have many many more issues than DioCleaner. Whoever is using this PC to access questionable websites and download questionable items using P2P, torrents, or direct downloads, needs to rethink what they are doing.

    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    Java(TM) 6 Update 2
    Java(TM) SE Runtime Environment 6 Update 1

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll (file missing)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKCU\..\Run: [SecureCleaner] C:\Program Files\SecureCleaner\SecureCleaner.exe
    After clicking Fix, exit HJT.

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
    double click it and allow it to merge with the registry.
    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Check the 'Input script manually' box.
    • Click on the magnifying glass icon.
    • Copy everything in the Quote box below, and paste it in the box that opens:
    • Now click the 'Done' button.
    • Click on the traffic light icon and OK the prompt.
    • You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\Joey\Local Settings\Temp

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

    Make sure you tell me how things are working now!
     
    chaslang, Jan 21, 2008
    #2
  3. blaqout

    blaqout Private E-2

    Included the combofix.txt as requested before i done all the fixes you recommended. for some odd reason, avg antispy didn't produce a log i could post as well. however, i think my oldest son messed with it before i had a chance to copy it and he won't admit it. hopefully the pc will run lots better now. also, i been running zonealarm internet security, and i must admit, it didn't find any trojans or spyware like avg anti virus and antispy did. should i ditch it and stick with avg or get something else. just wondering your opinion. i do appreciate the help
     

    Attached Files:

    blaqout, Jan 26, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have ZoneAlarm Security Suite installed then you are violating a cardinal rule in the READ & RUN ME. You must only use one antivirus program. You now have both ZoneAlarm and AVG 7.5 installed and one of them must go immediately (yes right now). If you uninstall ZoneAlarm, you will need to add back in another firewall and antispyware blocker. Personally I don't like any Internet Security Suite applications.



    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [agjgiwmf] C:\eqvqhoba.bat
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

    After clicking Fix, exit HJT.

    Run avenger.exe by double-clicking on it.
    • Check the 'Input script manually' box.
    • Click on the magnifying glass icon.
    • Copy everything in the Quote box below, and paste it in the box that opens:
    • Now click the 'Done' button.
    • Click on the traffic light icon and OK the prompt.
    • You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt
    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

    Make sure you tell me how things are working now!
     
    chaslang, Jan 27, 2008
    #4
  5. blaqout

    blaqout Private E-2

    Forgot to mention i uninstalled zonealarm before i ever installed avg. i got a firewall in my wireless router setup, plus i been using windows firewall. kept avg antivirus free edition and avg antispyware. i like them both. seems any internet security takes up way too much system resources even with 1.5 gigs of ram. will do the scans once again as directed in your latest post and then will repost with the results.
     
    blaqout, Jan 27, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Note according to your last logs which showed ZoneAlarm Security Suite installed.

    It does not matter if you have a hardware firewall. You still need a software firewall and the one in Windows does not provide adequate protection. See step 3 of this link: How to Protect yourself from malware!

    You have to remember that AVG Antispyware will only provide you with protection during the trial period. After that it will only be an after the fact scanner unless you purchase it.
     
    chaslang, Jan 27, 2008
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds