Freeze after or Before Welcoming Sound

Discussion in 'Malware Help (A Specialist Will Reply)' started by Blinx, Jan 8, 2010.

  1. Blinx

    Blinx Private E-2

    Windows XP SP3
    2gig on RAM
    Pentium D
    Geforce 9600 GT

    When I turn on my computer I got welcomed by "malware defender" and the comp was running slow. I instantly knew I was infected so I went into safe mode and did avg scan and SUPERAtiSpyware. They both found some trojan and other stuff and got rid of them, but when I boot on normal now the computer freeze sometimes before or after I get the windows welcoming sound.

    I did the : READ & RUN ME FIRST but I couldn't get ComboFix and mbam(possibly because of safe mode, only thing that works without freezing).

    TY~
     

    Attached Files:

    Blinx, Jan 8, 2010
    #1
  2. Blinx

    Blinx Private E-2

    Here is my ComboFix log, I find out all I had to do was rename the downloading file from ComboFix.exe -TO-> Combo-Fix.exe and it launch just because of that.
     

    Attached Files:

    Blinx, Jan 8, 2010
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's do this first and then see if you can run things in normal mode:

    Please double-click the RootRepeal.exe previously downloaded.

    * Select File then Scan
    * On the Select Drives form select drive C by "ticking" the box for drive C and click OK
    * When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
    C:\WINDOWS\system32\H8SRTcfquuswmxr.dll
    C:\WINDOWS\system32\H8SRTnjwkyjpsag.dll
    C:\WINDOWS\system32\H8SRTntacdxylkj.dat
    C:\WINDOWS\system32\H8SRTpynkroykjs.dll
    C:\WINDOWS\Temp\H8SRT9fba.tmp
    C:\WINDOWS\Temp\H8SRTbd6a.tmp
    C:\WINDOWS\system32\drivers\H8SRTqunpsitpms.sys
    C:\Documents and Settings\Administrator\Local Settings\Temp\h8srtmainqt.dll
    C:\Documents and Settings\Aris\Local Settings\Temp\h8srtmainqt.dll
    C:\Documents and Settings\Ralph\Local Settings\Temp\H8SRT74fb.tmp
    C:\Documents and Settings\Ralph\Local Settings\Temp\h8srtmainqt.dll
    * After Wiping all files, immediately reboot your pc!

    After reboot, download/install/update and run the scanning tools you couldn't run!

    If they do, then please attach their logs and get me a new MGTools Log.zip by double clicking on the C:\MGtools\GetLogs.bat file.
     
    TimW, Jan 10, 2010
    #3
  4. Blinx

    Blinx Private E-2

    I'm able to boot on normal now I think it was after I deleted AVG free.
    I did the scanning tool I was missing(abam) and I did a full scan by mistake instead of a quick like the guide said. The full scan removed the ones below. And I attached the quick on the post as the guide subjected. I guess since I"m able to boot on normal again I just need to know if I'm clean.


    Files Infected:
    C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTcfquuswmxr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTnjwkyjpsag.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTpynkroykjs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTqunpsitpms.sys.vir (Malware.Packer) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AFE0517D-2B27-4B50-877D-4CB3055AD24F}\RP418\A0169943.sys (Malware.Packer) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AFE0517D-2B27-4B50-877D-4CB3055AD24F}\RP418\A0169944.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AFE0517D-2B27-4B50-877D-4CB3055AD24F}\RP418\A0169945.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AFE0517D-2B27-4B50-877D-4CB3055AD24F}\RP418\A0169946.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AFE0517D-2B27-4B50-877D-4CB3055AD24F}\RP418\A0170020.sys (Malware.Trace) -> Quarantined and deleted successfully.
     

    Attached Files:

    Blinx, Jan 10, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The results that you posted inline ( a no no) are only showing items in the Combo quarantine folder and in your system restore folders. None of these will be removed until I give you the final instructions. In the mean time, please attach the logs from running the scans that we ask of you:
    SAS
    ComboFix
    C:\MGLogs.zip
     
    TimW, Jan 12, 2010
    #5
  6. Blinx

    Blinx Private E-2

    all the scans are on the first post, combofix in second and mbam on 4th.
    or you want me to do them again?
     
    Blinx, Jan 12, 2010
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I want them attached, please. From after doing the RootRepeal fix.
     
    TimW, Jan 12, 2010
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds