Help

Discussion in 'Malware Help (A Specialist Will Reply)' started by LOOKING4HELP, Mar 15, 2008.

  1. LOOKING4HELP

    LOOKING4HELP Private E-2

    Im pulling my hair out !
     

    Attached Files:

    LOOKING4HELP, Mar 15, 2008
    #1
  2. __RiP_ChAiN_

    __RiP_ChAiN_ Private First Class

    Hello LOOKING4HELP,

    Welcome to Major Geeks!

    You should also have a Combofix log, and a SAS log.

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    __RiP_ChAiN_, Mar 15, 2008
    #2
  3. LOOKING4HELP

    LOOKING4HELP Private E-2

    Sorry first time at this
     

    Attached Files:

    LOOKING4HELP, Mar 15, 2008
    #3
  4. __RiP_ChAiN_

    __RiP_ChAiN_ Private First Class

    Hello LOOKING4HELP :)

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    KillAll::
Driver::
Bix47
Cka77
Gxd35
Mfw41
Mym71
Vvs63

File::
C:\Windows\system32\lanmandrv.sys
C:\WINDOWS\system32\drivers\250ljc.exe
C:\WINDOWS\system32\drivers\93ljc.exe
C:\WINDOWS\system32\drivers\390ljc.exe
C:\WINDOWS\system32\drivers\515ljc.exe
C:\WINDOWS\system32\drivers\312ljc.exe
C:\WINDOWS\system32\Drivers\Bix47.sys
C:\WINDOWS\system32\Drivers\Cka77.sys
C:\WINDOWS\system32\Drivers\Gxd35.sys
C:\WINDOWS\system32\Drivers\Mym71.sys
C:\WINDOWS\system32\Drivers\Vvs63.sys
C:\WINDOWS\system32\Drivers\Mfw41.sys
C:\Windows\system32\WLCtrl32.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

DirLook::
C:\WINDOWS\system32\save$$updater
C:\WINDOWS\system32\drivers\UMDF
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Save the above as CFScript.txt

    4. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

    7. Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below logs:

    • C:\ComboFix.txt
    • C:\MGlogs.zip
     
    __RiP_ChAiN_, Mar 17, 2008
    #4
  5. LOOKING4HELP

    LOOKING4HELP Private E-2

    It seem to go alright
     

    Attached Files:

    LOOKING4HELP, Mar 22, 2008
    #5
  6. __RiP_ChAiN_

    __RiP_ChAiN_ Private First Class

    Hello LOOKING4HELP :)

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Acan" option is selected.
      • Then click on the Scan button.
    • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
     
    __RiP_ChAiN_, Mar 23, 2008
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds