Error after booting

Discussion in 'Malware Help (A Specialist Will Reply)' started by treis, Jan 25, 2007.

  1. treis

    treis Private E-2

    I found a couple of suspicious files in my computer and deleted them, now I'm getting an error every time I boot my system.

    I followed your guide and did all the scans/fixes you suggest.

    I think the buggers causing my error are

    O4 - HKLM\..\Run: [amokenccakenurb] C:\Documents and Settings\All Users\Application Data\Senddoesamokenc\datableh.exe
    O4 - HKCU\..\Run: [Bore Build] C:\DOCUME~1\Tiago\APPLIC~1\EQSPAM~1\fork creative pure.exe

    I stumble upon them and removed the files before turning to your site and suggestions and probably left something behind..

    If you can help me getting this thing fixed I'll appreciate that. Thank you.
     
    treis, Jan 25, 2007
    #1
  2. treis

    treis Private E-2

    attachments
     

    Attached Files:

    treis, Jan 25, 2007
    #2
  3. treis

    treis Private E-2

    attachments
     

    Attached Files:

    treis, Jan 25, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    What you had is known as a LOP infection? Since you deleted the files and folders you just need to remove the startup entries from the registry.


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [amokenccakenurb] C:\Documents and Settings\All Users\Application Data\Senddoesamokenc\datableh.exe
    O4 - HKCU\..\Run: [Bore Build] C:\DOCUME~1\Tiago\APPLIC~1\EQSPAM~1\fork creative pure.exe

    After clicking Fix, exit HJT.
    Now reboot in normal mode

    Now Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Mozilla Thunderbird (1.5.0.9)
    Make sure you reboot after uninstalling the above!

    Then install the current version of FireFox from: Mozilla Firefox

    Now attach the below new logs and tell me how the above steps went.
    1. ShowNew
    2. HJT


    Make sure you tell me how things are working now!
     
    chaslang, Jan 25, 2007
    #4
  5. treis

    treis Private E-2

    I eliminated the registry entries but I still have the same pop up window. It says that some application failed to load its settings.
     

    Attached Files:

    treis, Jan 26, 2007
    #5
  6. treis

    treis Private E-2

    Just for the sake of it here it is the pop up window. It only started to show after I deleted the files.
     

    Attached Files:

    treis, Jan 26, 2007
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are clean!

    It's unlikely that this is a malware problem! Seems like you may have possibly deleted something you need at some point.
    I would bet it is due to this process trying to load:
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

    You can have HJT fix the above line to stop the popup, but do you need the above software to load. Is it something for your cell phone.


    If the above is not the problem then try the below to see if we can locate the root cause.
    • Click Start
    • Click Run
    • Type msconfig and click OK
    • Now select the Startup tab
    • On the bottom right click the Disable All button.
    • Now reboot!
    • Do you still get the popup message? If not, repeat the above but this time enable ONE application at a time from the Startup tab to run and each time reboot afterwards until you locate the source of the error message.
    • Note: each time you reboot, you will receive a popup from the System Confguration Utility indicating you are in Select Startup mode. Just click OK to ignore it and continue with the procedure.
    Tell me if you are able to determine which startup process is causing the popup.
     
    chaslang, Jan 27, 2007
    #7
  8. treis

    treis Private E-2

    That was indeed the problem, I uninstalled the program and I got rid of the problem.

    Thanks for the help.
     
    treis, Jan 31, 2007
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Jan 31, 2007
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds