Help needed: files attached

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ParrotSquawk, Aug 29, 2006.

  1. ParrotSquawk

    ParrotSquawk Private E-2

    Thanks for all the help on "READ & RUN ME FIRST"

    Having done all that was asked, I have attached the files requested with this post:
    CounterSpy.txt
    Activescan.txt
    hijackthis.log

    Next post:
    bdscan.txt
     

    Attached Files:

  2. ParrotSquawk

    ParrotSquawk Private E-2

    Re: Help needed: files attached (2 of 2)

    Attached:

    bdscan.txt
     

    Attached Files:

  3. ParrotSquawk

    ParrotSquawk Private E-2

    Since I can't edit my posts, I guess I have to add another one.

    Here are the 2 missing files.
     

    Attached Files:

  4. matt.chugg

    matt.chugg MajorGeek

    What HAVE you been installing ?

    Can you explain any of the following ? Which ones appear in Add/Remove Programs

    Please attach the vundofix log in the root of c: for me to see.
     
  5. ParrotSquawk

    ParrotSquawk Private E-2

    Since I dont know where that list is from, I will only leave ones that I don't recognize:

    "DisplayName"="CCScore"
    "DisplayName"="ESSBrwr"
    "DisplayName"="ESSCDBK"
    "DisplayName"="ESScore"
    "DisplayName"="ESSgui"
    "DisplayName"="ESShelp"
    "DisplayName"="ESSini"
    "DisplayName"="ESSPCD"
    "DisplayName"="ESSPDock"
    "DisplayName"="ESSSONIC"
    "DisplayName"="ESSTOOLS"
    "DisplayName"="essvatgt"
    "DisplayName"="essvcpt"
    "DisplayName"="HLPPDOCK"
    "DisplayName"="kgcbase"
    "DisplayName"="KSU"
    "DisplayName"="Notifier"
    "DisplayName"="OfotoXMI"
    "DisplayName"="OTtBP"
    "DisplayName"="OTtBPSDK"
    "DisplayName"="SFR"
    "DisplayName"="SHASTA"
    "DisplayName"="SKIN0001"
    "DisplayName"="SKINXSDK"
    "DisplayName"="staticcr"
    "DisplayName"="Sudoku"
    "DisplayName"="Sudoku"
    "DisplayName"="TI1620/1520"
    "DisplayName"="VPRINTOL"
    "DisplayName"="WIRELESS"

    I have attached vfixundo.txt
     

    Attached Files:

  6. matt.chugg

    matt.chugg MajorGeek

    DO any of the above that you don't recognise appear in add/remove programs ?

    Please download the zip file attached to this post and extract both files to a folder where you will be able to find them

    Run the .bat file (NOT the executable) and attach the log it will create in the root of c: This will give me a list of processes and what modules are loaded into each process so I can see what your remaining vundo infection is hooked into.
     
  7. ParrotSquawk

    ParrotSquawk Private E-2

    There was no file attached to your post.
     
  8. matt.chugg

    matt.chugg MajorGeek

    Oops. Sorry.

    Try now.
     

    Attached Files:

  9. ParrotSquawk

    ParrotSquawk Private E-2

    gethookeddlls.txt attched
     

    Attached Files:

  10. matt.chugg

    matt.chugg MajorGeek

    Goto Add/Remove Programs in control panel and uninstall the following:

    The installed version of Java on this compter is out-dated.
    Install Java Runtime Environment (JRE) 5.0 Update 8 available from http://java.sun.com/javase/downloads/index.jsp.
    Uninstall all older versions of Java on your computer, before installing the latest version of Java.


    Download

    - Pocket KillBox

    Extract to its own folder somewhere that you will be able to locate later.

    IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

    Do the above before continuing! Okay unplug your cable now.

    Make sure you have rebooted in Normal Mode (do not open any other processes)



    Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

    Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

    Now run Pocket Killbox:

    Choose Tools -> Delete Temp Files and click the RED X.

    Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.


    If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

    Now boot into SAFE MODE

    Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)


    If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.



    REBOOT to Normal Mode.

    Post a fresh HijackThis log, a new shownew log, and a new runkeys log. and rerun your AV scans.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds