Help with possible wareout infection please

Discussion in 'Malware Help (A Specialist Will Reply)' started by minus273, Jan 21, 2008.

  1. minus273

    minus273 Private E-2

    I have downloaded and ran the Fixwareout application and followed the instructions. Below is the output file. The issue I had was that I could not access windows updates. All help gratefully accepted - Thanks

    Username "user" - 21/01/2008 21:06:15 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="kdwdf.exe"

    Successfully flushed the DNS Resolver Cache.


    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
    "CloneCDTray"="\"F:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
    "AnyDVD"="F:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
    "SlipStream"="\"C:\\Program Files\\SlipStream Web Accelerator\\slipcore.exe\""
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
    "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
    "SsAAD.exe"="C:\\PROGRA~1\\Sony\\SonicStage\\SsAAD.exe"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\""
    "!AVG Anti-Spyware"="\"F:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe"
    "NBKeyScan"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~
     
    minus273, Jan 21, 2008
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi


    Can you now get to Windows Update?

    What made you think it was a Wareout infection? you may have other infections or causes of not going to Windows Updates,

    1. Is that tweaking software or internet speedup tools, can mess/corrupt some files or due to speedup tools/download managers/popup blockers/firewalls etc not allow Windows Update to function properly, this tool may help in some of these instances Dial-A-Fix as it repairs the corrupted files.

    2. IT may well be malware but as malware tends to come in multiple infections these days, wareout may not be it, so to fully assist you if malware please follow the below

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide

    So logs that you will get to attach are:

    MGlogs.zip (which has 5 logs inside it, including Hijackthis, just attach the whole Zip )
    AVG log. ( Which is the report scan txt file )
    Combofix logs.

    http://img117.imageshack.us/img117/829/60272555mm4.jpg



    After these are attached our malware experts will review these to see if your OK, if not they will issue you some further removal instructions, plus a guide on how to attach the logs HOW TO: Attach Items To Your Post
     
    DavidGP, Jan 22, 2008
    #2
  3. minus273

    minus273 Private E-2

    Sorry for delay - Yes i can now access windows updates. I was working through the Microsoft site and there i was told they thought i had a wareout infection and that i should post the question here.

    Aslo, Windows Defender has popped up with seven changes whilst Comborun was executing. is this normal? I have not yet permitted or denied the changes!!

    Thanks in advance
     

    Attached Files:

    Last edited by a moderator: Jan 28, 2008
    minus273, Jan 27, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please uninstall HJT as it will be properly installed when you do the following:

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    TimW, Jan 28, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds