fretog dai, the keylogger that killed system restore

Discussion in 'Malware Help (A Specialist Will Reply)' started by webartogo, Jul 18, 2009.

  1. webartogo

    webartogo Private E-2

    HELP!! I have a half fried computer!

    CA Yahoo anti-spy found FRETHOG DAI and cleaned it.
    That triggered a meltdown of my XP.
    System restore was stopped, and will not run, not even in safe mode, IE6 and Firefox3 no longer load, Comcast's McAffee was disabled.
    That alone was bad enough, but it wiped out everything connected to the internet, DNS, TCPIP, IP ADDRESS, EVERTHING!
    It won't let me install anything to restore or clean, of fix anything.
    I can play games, read PDF's, watch a dvd,
    Did I mention that it loads slower than grass growing in a drought?
    The repair console doesn't work.
    It's a Dell 4700 dimension.
    I've never seen a case this bad.
    I've saved all my documents to a flash drive. I just want to re-install XP but I don't have my disk anymore.
    Is this thing still on my hard drive? Or did it just damage things?
    Can't find any info on this keylogger FRETHOG DAI
    Please help.
     
    Last edited: Jul 18, 2009
    webartogo, Jul 18, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    First an important notice!


    Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
    • If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
    READ & RUN ME FIRST. Malware Removal Guide
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.

    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:



    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    chaslang, Jul 20, 2009
    #2
  3. webartogo

    webartogo Private E-2

    Thank you so much for all the help, it's amazing that superantispy found the 2 files that were killing my computer.
    I still have a couple of logs to send you.
    These are the first 4 of the logs that I got during the cleaning.
    So far, so good. Cleaned up most of the computer problems.
    The only thing left is my internet connections are still screwed. Both the dial up and lan to the dsl.
    ATT reports that they can see the connections are live but they can't ping me. I can ping them but that is about all.
    Without the connection to ATT I can't redo my Motorola DSL modem.
    Will it matter if I change to a high speed cable modem?
     

    Attached Files:

    Last edited by a moderator: Jul 30, 2009
    webartogo, Jul 30, 2009
    #3
  4. webartogo

    webartogo Private E-2

    Here is the last log file.

    Again, I thank you for saving my life and my files. I was ready to do a complete XP restore and now I don't have to lose all my programs. Most of them I bought online and don't have a disk to them.
    Thanks a million.

    Cherah
     

    Attached Files:

    webartogo, Jul 30, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to attach the logs from SUPERAntiSpyware, Malwarebytes and ComboFix. Also you need to attach the requested log from MGtools.
     
    chaslang, Jul 30, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds