Malware from hell. Help please!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Gnostiko, Sep 27, 2011.

  1. Gnostiko

    Gnostiko Private E-2

    From what I've detected, using googlefu and the plethora of free anti-spyware/virus/blah available, the problem is the nasty and notorious Trojan.win32.Jorik.fraud.un (v). Out the blue I got a series of windows error messages popping up saying they couldn't load system items I'd never heard of before. Cue involuntary restart and voila: cannot load up in safe mode, start menu is empty, icons are missing from desktop and quicklaunch menu.

    The various, free, anti programs I found on the net either could not detect the problem, or detected it but could not remove it.

    I decided to give combofix a blast and that almost sorted things - some of my desktop items returned, and while my desktop background wasn't restored I could actually apply one (previous attempts failed due to My Pictures inexplicably being empty), pc no longer randomly restarts, and I no longer see the error messages that preceded the restart.
    Despite this progress, I wouldn't say my PC is 'fixed' - my start menu is still empty, ditto for the quick launch menu, and it feels like combofix has pulled off more of a stopgap measure than a full fix.

    Any help would be appreciated

    I would attach the combofix log, but for some reason the combofix folder only seems to be holding two items at the mo.
     
    Gnostiko, Sep 27, 2011
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    That's because it's not in a folder, the log resides @ C:\combofix.txt.

    What operating system are you using?

    Please download and save the below to your Desktop or anywhere else you can find it ( if the Desktop is not showing )

    http://download.bleepingcomputer.com/grinler/unhide.exe

    Now run it. Did that help?

    You really ought to follow these instructions here too.

    READ & RUN ME FIRST. Malware Removal Guide
     
    Kestrel13!, Sep 27, 2011
    #2
  3. Gnostiko

    Gnostiko Private E-2

    Thanks for the speedy response. Unfortunately, Unhide hasn't anything. I can report as an update though that other (non administrator) accounts on my PC appear to be back to normal, but not the main, administrator account.

    Attached combofix log from yesterday:
     

    Attached Files:

    Last edited by a moderator: Sep 28, 2011
    Gnostiko, Sep 28, 2011
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Actually, you did not attach it, you posted it "inline" which we like to stay away from. Please see the below:

    HOW TO: Attach Items To Your Post

    Now attach the rest of the requested logs from the Read and Run Me First. :)
     
    Kestrel13!, Sep 28, 2011
    #4
  5. Gnostiko

    Gnostiko Private E-2

    What else can I attach from the guide you posted? Pretty much everything on there I'd already done independently before coming here.

    Also, I can't seem to run the unhide file you posted any more. I could, a few days ago, now I keep gettnig an invalid directory error message.
     
    Gnostiko, Oct 3, 2011
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Everything that you neglected to attach.

    In that case then let me see logs from running:

    • SUPERantispyware
    • Malware Bytes
    • Rootrepeal (if not on 64 bit)
    • MGTools

    Then that will be ALL of the logs from the procedures. ;)
     
    Kestrel13!, Oct 3, 2011
    #6
  7. Gnostiko

    Gnostiko Private E-2

    Bizarre; having re-downloaded those programs to get the logs attached, I've found I can't access any of them - I'm getting the same 'invalid directory' error message I found with Unhide today.
     
    Gnostiko, Oct 3, 2011
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there. Try running this, and then see if you can get tools to run.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click and choose Run as Administrator

    You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    1. Rkill.exe
    2. Rkill.com
    3. Rkill.scr
    4. Rkill.pif
    Once you've gotten one of them to run then try to immediately run the following.

    Now download and Run exeHelper
    • Please download exeHelper to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file named log.txt will be created in the directory where you ran exeHelper.com
    • Attach the log.txt file to your next message.
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
     
    Kestrel13!, Oct 4, 2011
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds