I am not able to remove malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by dwoman2000, Jan 7, 2009.

  1. dwoman2000

    dwoman2000 Private E-2

    I am not able to remove the Malware which keeps hijacking my browser. When I do regular searches for things and click on the first few links instead of bringing me to the URL it redirects me to 216.133.243.28 and/or abcjump.com and then brings me to an ad site or browser search master or yelllowpages or stopzilla or virusremover. I tried going through the entire step by step in the read me and the cleaning tools and everytime I run malware bytes it comes up with the same infection Trojan.Agent and it says it is in the HKLM software down to the browser settings and there are 4 entries which it tells me are infected. I have tried to manually delete them without luck. I also visited my temp folder and there are a few files I cannot delete even while trying the delete tool in malware bytes they just come back up when I restart. Perflib.perfdata_d94.dat, Perflib_perfdata_fd0.dat and sqxwekp.dat Attached are 3 of the four logs requested. I have run atf.exe sdfix.exe also.

    PLEASE HELP!PLEASE HELP!
    PLEASE HELP!PLEASE HELP!
    PLEASE HELP!

    Thanks
    Dawn
     

    Attached Files:

    dwoman2000, Jan 7, 2009
    #1
  2. dwoman2000

    dwoman2000 Private E-2

    Here is the other log file
     

    Attached Files:

    dwoman2000, Jan 7, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your system is not that bad...let's start with this:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now use windows explorer to find and delete:
    c:\windows\system32\rpcc.exe.vir
    c:\windows\system32\d3dimi.dll

    Now use add/remove programs to uninstall:
    J2SE Runtime Environment 5.0 Update 11

    Now download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.

    If you use Firefox browser

    * Click Firefox at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    * Click Opera at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main ATF Cleaner menu to close the program.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file and tell me how things are running.
     
    TimW, Jan 10, 2009
    #3
  4. dwoman2000

    dwoman2000 Private E-2

    I wanted to thank you for replying to my thread. I posted this problem on another forum because I had not found help here and I think I am fixed now. The only thing is in your directions you said to fix certain items in the hijack this list and they would not ever be fixed they would keep coming back. I also could not delete the two files you said to delete. I needed to run a CFscript on combofix in order for them to delete. I think I am done now here is my combofix log and I ran mgtools log. Do you think it is fixed. Thank you for your time and consideration in getting my computer fixed. I really appreciate it.
     

    Attached Files:

    Last edited by a moderator: Jan 12, 2009
    dwoman2000, Jan 12, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes...your logs are clean. But in the future, please do not waste either our time or someone else on a different forum. You need to work on one or the other and stick with that forum.

    If you are not having any other malware issues, then:

     
    TimW, Jan 12, 2009
    #5
  6. dwoman2000

    dwoman2000 Private E-2

    Thank you this thread can be closed.
     
    dwoman2000, Jan 13, 2009
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are welcome.
     
    TimW, Jan 14, 2009
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds