I guess my computer is highly-infected... what shall I do? PLEASE HELP

Discussion in 'Malware Help (A Specialist Will Reply)' started by serenade_me_jazz2, Apr 19, 2010.

  1. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    I'm really really being over problematic right now.



    1) I can't access to the registry. I tried using codes, it worked well at first but one day, task manager and regedit both can't be opened.

    2) I can't access the internet using Google Chrome as my browser.
    Same thing happens with Internet explorer and Opera.


    3) I can't even run the installation of my yahoo messenger for example... clicking the file and deciding to RUN the installation... the hour glass appears for a split second and then nothing happens.


    4) I also noticed that there is a title "spirojet" in the internet explorer window whenever I try to open it but I still can't access to the internet.


    5) Well my computer also is starting to lag.Watching videos will make it more obvious. Super lag.

    I am just using mozilla right now.

    I followed everything in the READ AND RUN ME FIRST thread.


    1) I still have 1GB of ram available

    2) I already uninstalled AVG and just let SPYWARE doctor be my anti-virus

    3) No Viewpoint something something installed in our computer.
    Updated my Sun Java version
    emptied the quarantine type folders for antivirus and antispyware applications.
    emptied my recycle bin
    ran Ccleaner

    4) My computer is a 32-bit version of Windows
    viewing hidden folders>> can't find the folder options :( :(
    MSconfig is in Normal Startup mode


    5) I uninstalled useless softwares via ADD OR REMOVE PROGRAMS


    6) Cleaning procedure

    Malwarebytes keeps on not responding. When I click Remove there it goes it doesn't respond anymore I tried tried and tried reboot, shut down, scanned again... and it keeps on unresponding. :( Maybe because of too much pop-ups saying "Registry editing has been disabled by your administrator"

    Btw after running ComboFix I can now gain access to my task manager and Registry, so I decided to reboot for a while because Malwarebytes malfunctioned. But after rebooting I AGAIN CANNOT OPEN MY TASK MANAGER AND REGISTRY. Tried to reboot again, but useless. :(

    I want to reformat our computer now but I read from the internet that it's useless because malwares can spread in the "network" << which I just don't understand.

    I'll be posting the mbam log once it works properly again. And I don't know why my RRlog occupies 436KB ?? it's the reason why I can't attach it here. So what I did was...
    I pasted it in this site:
    http://tinypaste.com/03c30

    that's exactly how my RRlog is.

    I am just too helpless. Please!! Please!!!! I really really want these problems to be solved. My family knows nothing about computers so they can't help me and my good-for-nothing brother makes the situation worse. He's still watching and downloading porn. I already warned him about what will happen if he'll continue and he told me that he'll stop if it can help our computer.

    PLEASE PLEASE HELP!!

    I don't have that much knowledge in fixing problems in computers. PLEASE!!! :( :(
     

    Attached Files:

    serenade_me_jazz2, Apr 19, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's start with this:
    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::
NetSvc::
mnezr

File::
c:\windows\system32\liyhspjw.dll

Folder::
C:\Program Files\blinkx Remote Toolbar

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnezr]
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Apr 19, 2010
    #2
  3. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    here are the logs:
    ( see attachments below)


    if last time after using ComboFix both of Task Manager and Registry worked well this time it didn't. :(
    when I ran MgTools...a window popped-up endlessly saying "Registry editing has been disabled by your administrator"


    by the way I can now use Google Chrome as my browser.. but opera and IE won't work.. in IE there is still "--=spiR0jet=--" title above the window..

    >>>updated:
    a while ago... Chome worked but now... IT WON'T AGAIN... :(
     

    Attached Files:

    Last edited: Apr 20, 2010
    serenade_me_jazz2, Apr 20, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Then lets try this:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Re-run ComboFix.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Apr 20, 2010
    #4
  5. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    I ran C:\MGtools\analyse.exe and did everything you told me.
    about the fixME.reg, no success message. It didn't worked for me. After double clicking it the usual window popped-up saying "Registry editing has been disabled by your administrator"

    I'm still facing the same problems..
    ...still can't access to the registry and to my task manager
    ...all browsers except mozilla won't work
    ...can't run the installation in my yahoo messenger
    ...the "--=spiR0jet=--" title is still in my IE..


    well actually... after finding this forums somehow it helped our computer... it still lags... but not that much now... :D and it still made me happy :D

    here are my attachments...
    thank you soo much Tim for trying to hep me here....
    I hope you can still help me with my problems though...
     

    Attached Files:

    serenade_me_jazz2, Apr 21, 2010
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall the below software:
    Ask Toolbar

    If it does not uninstall or cannot be found, just continue on.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 21, 2010
    #6
  7. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    unistalled ASK TOOLBAR by using Revo Uninstaller

    downloaded Avenger and did everything Chaslang told me..

    about the Fixme.reg... I think it didn't worked for me. After clicking... the usual "registry editing has been disabled by your administrator" popped-up..

    Ran Ccleaner the way you told me..

    Ran C:\MGtools\GetLogs.bat but endless window with "Registry editing has been disabled by your administrator" keeps on popping..

    I'm still stucked with these problems...
    ...still can't access to the registry and to my task manager
    ...all browsers except mozilla won't work
    ...can't run the installation in my yahoo messenger
    ...the "--=spiR0jet=--" title is still in my IE..

    :( oh God... *sigh*
     

    Attached Files:

    serenade_me_jazz2, Apr 21, 2010
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please log onto the enfectana account. Tell me if you can do a registry fix>

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Tell me if that works.
     
    TimW, Apr 21, 2010
    #8
  9. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    I logged on to the enfectana account

    and I placed the fixme.reg to the desktop...
    a window popped up saying

    Registry editor
    Are you sure you want to add the information in C:\DocumentsandSettings\enfectana_2\desktop\fixme.reg to the registry?


    I clicked Yes
    then a window popped up saying

    Registry editor
    Cannot import Reg
    error accessing the registry

    >> I think this means it still doesn't work for me??
     
    serenade_me_jazz2, Apr 22, 2010
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall Sandboxie and then reboot. After reboot, please run the below.

    First download and save the current version of combofix.exe to your Desktop. (overwrite the previous copy).

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer --=spiR0jET=--
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    After clicking Fix, exit HJT.


    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )




    Now attach the below log:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Apr 23, 2010
    chaslang, Apr 23, 2010
    #10
  11. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    uninstalled sandboxie...

    downloaded ComboFix

    Ran C:\MGtools\analyse.exe and did everything you told me..



    I CAN NOW GAIN ACCESS TO MY REGISTRY AND TASK MANAGER!!!
    :D
    I'm soo happy!!
    :D

    I'm gonna reboot later and see if it's really permanent or not..
    about the browsers...
    I still can't use them...
    the spirojet title above in my Internet explorer is GONE...
    I'm just having a scan using Malwarebytes Anti-Malware..

    but... what I'm being problematic right now is that... maybe... this is just like what happened when I first tried ComboFix.. I'm afraid that after I'll reboot... I can't gain access to any of those again.. :(

    ________________________________________________________


    okay edited...
    a brown out came...
    which mean our computer turned off all of a sudden...
    the results were good before our computer turned off...
    but now... back to what my problems are...

    I cannot gain access to my registry and to my task manager...
    all browsers except Mozilla Firefox won't work..
    the internet explorer window has again a title : --=spiR0jet=-- above

    here are my logs...
    is this really a serious case?
    Oh God...
    btw... I don't know what's really wrong... but I already uninstalled AVG Anti-Virus... it can't be found using Add or remove programs because I already uninstalled it using revo uninstaller...

    :( please continue helping me...
     

    Attached Files:

    Last edited: Apr 24, 2010
    serenade_me_jazz2, Apr 24, 2010
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You will need to do the fix again. I am assuming that by brown out you meant that you lost electricity and the computer shut down.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::
Driver::
mnezr
avg8wd
AvgLdx86
AvgTdiX
mnezr
TfFsMon
TfSysMon
TfNetMon
YahooAUService

File::
C:\cleanup.bat
C:\backup.reg
C:\cleanup.exe

Registry:
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnezr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTool"=-
"DisableRegistryTools"=-
"DisableTaskMgr"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableRegistryTool"=-
"DisableRegistryTools"=-

[HKEY_USERS\S-1-5-21-1715567821-682003330-57861351-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=-

[HKEY_USERS\S-1-5-21-1715567821-682003330-57861351-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=-

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connection Settings]
"Connwiz Admin Lock"=-
[HKEY_USERS\S-1-5-21-1715567821-682003330-57861351-1003\Software\Microsoft\Internet Explorer\Main]
"Window Title"=""
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, Apr 24, 2010
    #12
  13. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    I did everything...
    and my registry is back!! including my task manager...
    but the problems with browsers are still there..
    the title --=spiR0jet=-- is gone!!
    :D

    I am sooo happy.. but I'm gonna reboot later after the mbam finishes scanning...
    and I'll post the results after rebooting...

    I'm just afraid that it'll come back after I reboot... I wish not....

    thanks Tim and Chaslang!! :D

    and here are my attachments :D
     

    Attached Files:

    serenade_me_jazz2, Apr 25, 2010
    #13
  14. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    ... I wanna edit it.. but I can't find the edit button so I'll just post another reply...

    okay... after rebooting... here's what happened...
    the problems are still there..
    Registry editing has been disabled by your administrator...
    all problems appeared again.. :(
     
    serenade_me_jazz2, Apr 25, 2010
    #14
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Without new logs I am taking a stab in the dark.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTool"=dword:00000000
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Go here http://www.eset.eu/online-scanner to run an online scannner from ESET.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    * Log from Eset
    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, Apr 25, 2010
    #15
  16. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    I did everything...
    but then I encountered problem using ESET Online Scanner
    it worked fine at my third try
    It even detected 28 infections...
    almost all were trojans...
    but a brown-out came
    (lost of electricity which caused immediate shut down in the computer)
    I did everything again...
    but ESET now won't work...
    it stays like this:

    http://i43.tinypic.com/de06wy.jpg

    I waited and waited for hours.... but it didn't worked..
    I uninstalled and re-downloaded...
    but it still stays like that...
    no improvement...

    I rebooted... and uninstalled... downloaded...waited... still it won't work..

    btw... as usual... after running ComboFix... everything's fine now.. I just don't know if it will stay like this after rebooting...I am just running Malwarebytes anti-malware quick scan... after it.. I'll be using rebooting and editing the computer...

    here are my attachments...
    I only have the logs from ComboFix and MGlogs.zip
     
    serenade_me_jazz2, Apr 28, 2010
    #16
  17. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    okay...
    my problems returned. Task Manger can't be accessed. Same with Registry. ESET Online Scanner still won't continue. Malwarebytes keeps on not responding.
    The ESET Scanner (when it was the only FIRST time it worked) found 28 infections in my computer. Well most of them were trojans. Malwarebytes found 10 infections but it won't respond. The last time I ran SuperAntiSpyware it found no infection (which I can't even believe).

    I even experienced a problem with Firefox. I can't surf the internet without using the "History". It can even connect with Skype or Camfrog but using browsers make it difficult for me. Opening a new tab and typed Forums.majorgeeks.com, nothing happened just pure blank white screen. I tried with Youtube and Facebook... in a new tab... but nothing happened. I can only use it with the help of HISTORY. That's why I am also having trouble in replying to this thread.

    One question?
    Why can't I attach files?
    I can't attach files. I mean, all I do is to click the MANAGE ATTACHMENTS but nothing happens. The last time I attached files, it will open in a new window right? but now... nothing seems to happen. :(

    since I cannot attach a file now... I still tried to do what Tim said.
    I still can't use ESET Online Scanner as what I explained from my previous post, so here are my:


    ComboFix log: http://tinypaste.com/e75fb

    MGlog: http://rapidshare.com/files/381190517/MGlogs.zip.html

    please continue to help me.
     
    serenade_me_jazz2, Apr 28, 2010
    #17
  18. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    These "brown outs" seem to be a continual thing. I am thinking that this has corrupted your system with it shutting down when you are trying to use it. Can you post what MBAM found but, as you say, couldn't handle it?

    Let's see if you can do another online scan HERE.
     
    TimW, Apr 28, 2010
    #18
  19. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    I am sorry but firefox doesn't respond when I click start scan...
    here's the proof:

    bdonline_cr.jpg

    I've been trying this for 22 times but it won't work I don't know why..

    about mbam... here's what happens...
    after scanning I clicked show results and clicked remove but then ...
    what happens on mbam is like this..

    mbresult_cr.jpg

    it won't respond :(
     
    Last edited by a moderator: Apr 29, 2010
    serenade_me_jazz2, Apr 29, 2010
    #19
  20. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please expand the "item" column in the MBAM log and copy all the info into notepad and attach it to your next reply.
     
    TimW, Apr 30, 2010
    #20
  21. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    here it is...
    but as usual... after clicking remove when it quarantines mbam doesn't respond..

    btw... I don't know why... but mozilla doesn't open a new window. Maybe that's the reason why I can't attach files.

    here is it...
    http://i42.tinypic.com/sayzig.jpg
     
    serenade_me_jazz2, May 1, 2010
    #21
  22. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    We can but try again:

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

File::
C:\windows\system32\NowStarter.ocx
Folder::
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTool"=-
"DisableRegistryTools"=-
"DisableTaskMgr"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableRegistryTool"=-
"DisableRegistryTools"=-

[HKEY_USERS\S-1-5-21-1715567821-682003330-57861351-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=-

[HKEY_USERS\S-1-5-21-1715567821-682003330-57861351-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWrIGHTS\RUNDLL32POLICY\f3ScrCtr.dll]
[-HKEY_CLASSES_ROOT\CLSID\{072039ab-2117-4ed5-a85f-9b9eb903e021}]
[-HKEY_CLASSES_ROOT\Typelib\0409743c-e5e3-4bdd-9ec7-eff622530282}]
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now uninstall MBAM, run CCleaner and then re-download it and after doing an update, try running the deep scan. Let me know how that goes.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, May 2, 2010
    #22
  23. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    Hello Tim

    Thank you for the reply, sorry it took me a while I've been really busy these days.

    Here are my attachments:

    Combofix log : http://tinypaste.com/9e6e29
    Mglog.zip : http://rapidshare.com/files/384436403/MGlogs.zip.html

    as usual I still can't open NEW WINDOW in mozilla so I can't also attach files,..

    I did everything about Mbam I took the full scan and it found 43 infections in our computer but it didn't responded after Removing.

    I can now also gain access to the registry and to the Task Manager. I still don't know if it'll continue like this after rebooting.

    I'll be trying to edit this later after I reboot.
     
    serenade_me_jazz2, May 7, 2010
    #23
  24. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    Hello!

    I cannot find the EDIT button in my previous post so I just posted one reply.
    So this is it, after rebooting, the problems occurred again.
    All of them :(
    btw our pc starts to lag again. :(
     
    serenade_me_jazz2, May 7, 2010
    #24
  25. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Most disturbing. I am at a loss as to what may be causing this. Let's try it again, but first I want you to create this disc:
    BitDefender Rescue Disk-with-auto-update. After you create it, put it in the drive but do not run it!!

    Now:

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

File::
C:\cleanup.bat
C:\backup.reg
c:\documents and settings\User\Application Data\settings.dat
Folder::
C:\WINDOWS\system32\ALIEDIT
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTool"=dword:00000000
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000


[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connection Settings]
"Connwiz Admin Lock"=dword:00000000
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    When your computer reboots, it should boot to the disc. Allow it to update and run. Tell me what happens.

    Once it is done, reboot to normal mode and run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, May 7, 2010
    #25
  26. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    Hello Tim

    Thank you so much for your reply.
    I did everything you told me including the bit defender thing.
    Well our pc works fine now, I don't know later after I reboot.
    here are my attachments:

    ComboFix: http://tinypaste.com/0d11fe
    Mglog: http://rapidshare.com/files/385150803/MGlogs.zip.html

    I really am very sorry because mozilla still won't open windows which means I still can't attach files.
     
    serenade_me_jazz2, May 8, 2010
    #26
  27. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I don't understand how as nothing that was in my fixes were done. The logs are just as they have been with the items not removed and the registry settings wrong. Tell me what is happening still. As for Firefox, perhaps you should follow THESE INSTRUCTIONS to remove it and then re-install it.
     
    TimW, May 9, 2010
    #27
  28. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    serenade_me_jazz2, May 9, 2010
    #28
  29. serenade_me_jazz2

    serenade_me_jazz2 Private E-2

    Hello Tim I would like to ask you about this one

    if I will uninstall firefox, it means I can't use any browsers now.
    Which also means I cannot use any browser to download firefox again?
    How should I download and re-install firefox if I can't use any browser aside from firefox (which I should be uninstalling right now)
    Is it possible to download again first , then uninstall firefox, then re-install it?
    Do you think it will work?
    This has been my worry ever since I started thinking of re-installing firefox


    I just want you to see how poor our browsers are now.
    chrome: http://i43.tinypic.com/k41tt.jpg
    opera: http://i41.tinypic.com/5zn04g.jpg
    ie : http://i43.tinypic.com/1zzjltu.jpg >> the spirojet thing is in Ie
    I've given-up these browsers for the working mozilla.
     
    serenade_me_jazz2, May 9, 2010
    #29
  30. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, you should download the installation file first. Then uninstall.

    But you did not answer my question regarding running the BitDefender rescue disc. Did you boot to it and let it run? What happened?

    Have you tried any of the alternative scans HERE?
     
    TimW, May 10, 2010
    #30

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds