Has it gone?

Discussion in 'Malware Help (A Specialist Will Reply)' started by Duck_Pond, Jun 14, 2009.

  1. Duck_Pond

    Duck_Pond Private E-2

    Hi,

    On Friday a cliffhanger episode of Smallville (sad, I know) induced me to forget all the wise words of not downloading anything weird on to my pc, and I'm afraid I said Yes to a codec for a WMV file, which is where all my problems started.

    Win Defender and Eset immediately flagged viruses and things haven't been right since.

    Initially, I scanned with Eset and it found some Trojans (Kryptik and PKH) but in my haste to remove, and not engaging my brain (again!!), when trying to download Malwarebytes, I was redirected to, and downloaded something called MalwareRemovalBot.

    I was told by that I had 348 infections, but the register option at last rung an alarm bell in my stupid head, and I uninstalled it.

    Cutting to the chase...

    • CCleaner doesn't find anything
    • SAS gives me blue screen of death - won't install and won't run.
    • Malwarebytes scanned initially and found 19 items, then cleared them (I hoped that would be that) but Google links were still wrong when clicking.
    • Now Malwarebytes says there's nothing found
    • ComboFix found the same named DLL as was reported initially by Eset, which is promising... I have attached the log
    • No idea what MGTools found - zip file also attached.

    I had to rename Malware and ComboFix to get them to run. The name of one of the DLLs was:

    MSIVX (then loads of random letters) - Combofix found 3 instances of it - 2 DLLs and a SYS file.

    I'd be immensely appreciative if someone could browse these logs and let me know if the pc is sorted now, or if I need to have a few more jabs for the infection. I know I need a massive kick up the rear for being so thick in the first instance.
     

    Attached Files:

    Duck_Pond, Jun 14, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please download and run:
    RootRepeal

    Save the log and attach it to your next reply.
     
    TimW, Jun 17, 2009
    #2
  3. Duck_Pond

    Duck_Pond Private E-2

    Hello - that fails to run giving an exception error, well, 2 actually.
     
    Duck_Pond, Jun 18, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Not had those errors come up before. Did you try running it in safe mode.

    Lets also run this:
    GMER's MBR.exe

    • Double click on the MBR.exe file to run it.
    • A log will be produced & saved to the desktop, called MBR.log.
    • Attach this log to your next message.


    Now delete the current mbr.log file and then run the below instructions.
    Click Start > Run and copy & paste the following text in the code box into the Run box and then click OK. You must copy and paste or type in this exactly. The quotes must be exactly as shown and there is a space before the -f
    Code:
    
     "%userprofile%\desktop\mbr.exe" -f
    Now double click on the mbr.exe file and attach the new mbr.log
     
    TimW, Jun 18, 2009
    #4
  5. Duck_Pond

    Duck_Pond Private E-2

    Just tried again in Safe Mode, but still didn't work. Here's the log from the first run of that MBR prog. Should I run it again now, before you've looked at the log?
     

    Attached Files:

    • mbr.log
      File size:
      195 bytes
      Views:
      5
    Duck_Pond, Jun 18, 2009
    #5
  6. Duck_Pond

    Duck_Pond Private E-2

    I've run that cmd line, but this forum won't let me upload the file - says I've already uploaded it to the thread! Even renaming it makes no difference.
     
    Duck_Pond, Jun 18, 2009
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please re-run Combo and also get me a new MGLogs.zip by C:\MGtools\GetLogs.bat file.
     
    TimW, Jun 18, 2009
    #7
  8. Duck_Pond

    Duck_Pond Private E-2

    Evening! See attached.
     

    Attached Files:

    Duck_Pond, Jun 18, 2009
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Combo is still reporting MalwareRemovalBot so please do a windows search for it and remove anything it finds. Let me know how that went and what issues you still have.
     
    TimW, Jun 20, 2009
    #9
  10. Duck_Pond

    Duck_Pond Private E-2

    Performed a few searches for "malware", "mal", "removal" and "bot" but nothing came up, and there's nothing in the menus or remove progs section either. Maybe this is hidden in the regs?

    I did find some stuff in Qoobox which I assume is linked to ComboFix, and deleted all that as it had a quarantine section containing what looked like the original virus.

    The only glitch I've seen on Vista recently is the Gadget bar sometimes fails to draw the clock, which is probably just trying to ask me why I use it when there's a clock in the bottom bar!

    Do I need to uninstall any of these scanning progs you've suggested?

    Oh, and thanks for your time - very much appreciated. :cool
     
    Duck_Pond, Jun 22, 2009
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Jun 24, 2009
    #11
  12. Duck_Pond

    Duck_Pond Private E-2

    Hi Tim,

    Done all that without a hitch. So all that's left for me to say is "thanks very much".

    :cool
     
    Duck_Pond, Jun 25, 2009
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome....safe surfing. :)
     
    TimW, Jun 27, 2009
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds