gac_32\desktop.ini

Discussion in 'Malware Help (A Specialist Will Reply)' started by Mike Jones, Jul 19, 2012.

  1. Mike Jones

    Mike Jones Private E-2

    wassup? I encountered my first virus in a long time :-o and decided to request help from the best. I include all of the logs below. thanks!
     

    Attached Files:

    Mike Jones, Jul 19, 2012
    #1
  2. Mike Jones

    Mike Jones Private E-2

    I forgot to mention what exactly is happening (I dont mean to bump my thread up on purpose)

    It redirects anything i search up on google to various lame websites.
    Flash updater keeps popping up, as well as a fake anti virus program (the anti virus program stopped showing up once i ran all of the programs you recommended)
    My computer was running slowly and i believe svhost was taking 99% cpu while it wasnt on safe mode.
     
    Mike Jones, Jul 19, 2012
    #2
  3. thisisu

    thisisu Malware Consultant

    Welcome to MajorGeeks, Mike Jones :)

    http://img805.imageshack.us/img805/9659/rktigzy.gif Delete items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Once the scan is complete, go to the Registry tab and checkmark everything except the below item:
    • [HJ] HKLM\[...]\System : EnableLUA (0)
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[3].txt
    Attach RKreport[3].txt to your next message. (How to attach)

    __

    http://3.bp.blogspot.com/-tH5H1icUyOc/T1XP6r4puoI/AAAAAAAAAQE/jLwmqQECjCg/s1600/hitmanpro.gif - Rescan with HitmanPro

    This time if the below detections are found, choose the action I've listed below:
    • services.exe - Virus ==> Replace
    • flvplayer_setup.exe - Suspicious ==> Delete
    • enteryourpassplease.exe - Trojan ==> Delete
    • Desktop.ini - Malware ==> Delete
    Ignore any other detections and click the Next button.
    HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.

    __

    http://3.bp.blogspot.com/-tH5H1icUyOc/T1XP6r4puoI/AAAAAAAAAQE/jLwmqQECjCg/s1600/hitmanpro.gif Once you are back in Windows, run another scan with HitmanPro and then attach the latest hitmanpro.zip log. (How to attach)

    __

    Completely delete these two folders manually using Windows Explorer:

    • c:\windows\installer\{e96126ba-9578-bea9-a25e-a37810cb1d0b}
    • c:\users\mike_jones\appdata\local\{e96126ba-9578-bea9-a25e-a37810cb1d0b}
    • C:\Users\Mike_Jones\AppData\Local\Microsoft\Windows\msntlder.exe <== File

    Let me know if you were successful or not.
     
    thisisu, Jul 20, 2012
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds