Issues even after performing xp clean up proceedures

Discussion in 'Malware Help (A Specialist Will Reply)' started by tomthumb, May 14, 2009.

  1. tomthumb

    tomthumb Private E-2

    I have, I think, located a malicious file on my hard drive that, upon windows start up seems to immediately direct me to an advertisement/news page on Microsoft IE. I have performed the recommended windows clean up using the downloaded applications with no effect.

    I think the malicious file is called 'seekapp139.exe' however I am unable to delete it as it is 'protected'.

    I provide attachments of the suggested logs hopefully for someone in the know to have a scan through and see if they spot anything suspicious and can possibly tell me how to get rid of the 'seekapp139.exe' which, I believe, is what is causing problems.

    Also if you can spot other apps/software that may be slowing my machine down that can be removed, please let me know.

    Thank you for your time.
     

    Attached Files:

    tomthumb, May 14, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are right about the problem. The other problem you have is this:
    Total Physical Memory 256.00 MB
    Available Physical Memory 43.56 MB

    You need much more RAM.

    Now:
    Please use add/remove programs to uninstall:
    Java 2 Runtime Environment, SE v1.4.2_04

    Now let's use ComboFix to remove a bunch of malware files.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

Driver::
seekapp139

File::
C:\Program Files\Mozilla Firefox\extensions\{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}\chrome\seekapp.jar
C:\Program Files\Mozilla Firefox\searchplugins\seekapp139.xml
C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp139.exe

Folder::
C:\Program Files\SeekappSrch
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, May 16, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds