Malware infection blocking install from Norton Corporate

Discussion in 'Malware Help (A Specialist Will Reply)' started by khronos12, Oct 21, 2009.

  1. khronos12

    khronos12 Private E-2

    I have run the tools requested from the malware removal instruction page all with the exception of SuperAntiSpyware as the system will not allow me to run it once it is installed.

    I also cannot install Norton corporate 10 on the laptop. The install begins and then it states it was interrupted and cannot complete. I checked to see if any older Norton products had maybe been installed at one time to no avail.

    I even tried to install AVG free edition but it states Norton is installed and when I go to uninstall, there is no record of Symantec/Norton in the add/remove programs list.

    Please help. I am attaching all logs I have as requested.

    One last note: I also tried to just back up my important files and reformat and reinstall Windows XP but upon installation, the install does not recognize the hard drive and just boots me out of install, so this is not a viable option.

    Thank you

    Franklin
     

    Attached Files:

    khronos12, Oct 21, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now let's use ComboFix to remove a bunch of malware files.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

Driver::
usibapbvfuycynvs
mpeornmxtylbvtkb
qpxtiqxnorxepyrb
prypeomauwtidivx
xegexnoixvpyadst
oufpxuspuxdmstiw
nqvornmxtbqowfdx
tfpyrcccpccwnidg
xtitnwmbvrncwxbv
fvcdipmtixgowort
icqpfvnlprppepmt
iuxnseepxuecykim
pfdxweexcbbdrivb
ienwhxdevpwmeudx
ornmbccchwmirxtf
irtfhwhxbvpetixj
itqsbfpurbrcoprx
iuyxccimivnntiqy
eciobcxtrxvksmqx
xuwqppepuqspjini
mtthoibcriuwipou
pbuyawvfqqmcopte
nqwbdmcqowpspwix
ivpdwqeexcxtirpi
sbpfulnqvrtqbwjx
lqbdiposqycbrxer
erchtsesecqtxnms
pymcqfgobycvkora
vrtqppetyloevpyx
vnyyqrcriwwoixvp
nmbfgqfulnqwmitj
pylnsviwucbrxqur
nmsipmpuxyrtcrbm
tcopcylqbwumnsmu
svmtnxrrxtftabdi
ientibfgoworvjki
horcjwtsprxynent
tcoxvfypetuwpjnb
stpegqfucbcxtbdi
ouoibcritiduxyor
vrvmpeseexccjxte
envxiobqhxbqhjpc
sdttbqpfuxxtapip
evxvniwwbduxnkax
ivpdwfjisentpbdd
oufpyycylnkicxjm
cynvradnnktiqhxb
xrrppwbdrtqitnvr
vkpmpuwivradnnos
cjibpfuctqbwwcbc
ecrnsvbtikpfvpcy
bvtksmirpqjixnsp
xtrxvkostpevxior
cxnnvrabwqqoibqd
xtabvputejnsvbqm
qpctfnlbexfyadno
xdnnkipmksviwwos
xtyeciqdnprxryki
orpvnfthxrieexym
fthtibpxccjwieer
hwevpywieemrqrxo
bapuctfhqfgewtpn

File::
c:\windows\system32\drivers\usibapbvfuycynvs.sys
c:\windows\system32\drivers\mpeornmxtylbvtkb.sys
c:\windows\system32\drivers\qpxtiqxnorxepyrb.sys
c:\windows\system32\drivers\prypeomauwtidivx.sys
c:\windows\system32\drivers\xegexnoixvpyadst.sys
c:\windows\system32\drivers\oufpxuspuxdmstiw.sys
c:\windows\system32\drivers\nqvornmxtbqowfdx.sys
c:\windows\system32\drivers\tfpyrcccpccwnidg.sys
c:\windows\system32\drivers\xtitnwmbvrncwxbv.sys
c:\windows\system32\drivers\fvcdipmtixgowort.sys
c:\windows\system32\drivers\icqpfvnlprppepmt.sys
c:\windows\system32\drivers\iuxnseepxuecykim.sys
c:\windows\system32\drivers\pfdxweexcbbdrivb.sys
c:\windows\system32\drivers\ienwhxdevpwmeudx.sys
c:\windows\system32\drivers\ornmbccchwmirxtf.sys
c:\windows\system32\drivers\irtfhwhxbvpetixj.sys
c:\windows\system32\drivers\itqsbfpurbrcoprx.sys
c:\windows\system32\drivers\iuyxccimivnntiqy.sys
c:\windows\system32\drivers\eciobcxtrxvksmqx.sys
c:\windows\system32\drivers\xuwqppepuqspjini.sys
c:\windows\system32\drivers\mtthoibcriuwipou.sys
c:\windows\system32\drivers\pbuyawvfqqmcopte.sys
c:\windows\system32\drivers\nqwbdmcqowpspwix.sys
c:\windows\system32\drivers\ivpdwqeexcxtirpi.sys
c:\windows\system32\drivers\sbpfulnqvrtqbwjx.sys
c:\windows\system32\drivers\lqbdiposqycbrxer.sys
c:\windows\system32\drivers\erchtsesecqtxnms.sys
c:\windows\system32\drivers\pymcqfgobycvkora.sys
c:\windows\system32\drivers\vrtqppetyloevpyx.sys
c:\windows\system32\drivers\vnyyqrcriwwoixvp.sys
c:\windows\system32\drivers\nmbfgqfulnqwmitj.sys
c:\windows\system32\drivers\pylnsviwucbrxqur.sys
c:\windows\system32\drivers\nmsipmpuxyrtcrbm.sys
c:\windows\system32\drivers\tcopcylqbwumnsmu.sys
c:\windows\system32\drivers\svmtnxrrxtftabdi.sys
c:\windows\system32\drivers\ientibfgoworvjki.sys
c:\windows\system32\drivers\horcjwtsprxynent.sys
c:\windows\system32\drivers\tcoxvfypetuwpjnb.sys
c:\windows\system32\drivers\stpegqfucbcxtbdi.sys
c:\windows\system32\drivers\ouoibcritiduxyor.sys
c:\windows\system32\drivers\vrvmpeseexccjxte.sys
c:\windows\system32\drivers\envxiobqhxbqhjpc.sys
c:\windows\system32\drivers\sdttbqpfuxxtapip.sys
c:\windows\system32\drivers\evxvniwwbduxnkax.sys
c:\windows\system32\drivers\ivpdwfjisentpbdd.sys
c:\windows\system32\drivers\oufpyycylnkicxjm.sys
c:\windows\system32\drivers\cynvradnnktiqhxb.sys
c:\windows\system32\drivers\xrrppwbdrtqitnvr.sys
c:\windows\system32\drivers\vkpmpuwivradnnos.sys
c:\windows\system32\drivers\cjibpfuctqbwwcbc.sys
c:\windows\Pmajurozececisuw.bin
c:\windows\Acarutuf.dat
c:\windows\system32\drivers\ecrnsvbtikpfvpcy.sys
c:\windows\system32\drivers\bvtksmirpqjixnsp.sys
c:\windows\system32\drivers\xtrxvkostpevxior.sys
c:\windows\system32\drivers\cxnnvrabwqqoibqd.sys
c:\windows\system32\drivers\xtabvputejnsvbqm.sys
c:\windows\system32\drivers\qpctfnlbexfyadno.sys
c:\windows\system32\drivers\xdnnkipmksviwwos.sys
c:\windows\system32\drivers\xtyeciqdnprxryki.sys
c:\windows\system32\drivers\orpvnfthxrieexym.sys
c:\windows\system32\drivers\fthtibpxccjwieer.sys
c:\windows\system32\drivers\hwevpywieemrqrxo.sys
c:\windows\system32\drivers\bapuctfhqfgewtpn.sys
C:\3004EA69
C:\vxptdeq.exe

Folder::
c:\program files\Common Files\Symantec Shared
c:\documents and settings\All Users\Application Data\Symantec
C:\3004EA69
c:\documents and settings\Administrator\Application Data\8099174784
c:\documents and settings\Administrator\Application Data\9259772747
C:\Documents and Settings\All Users\Application Data\14164064

FCopy::
C:\MGtools\temp\XPSP3\eventlog.dllmg | c:\windows\system32\eventlog.dll
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Oct 23, 2009
    #2
  3. khronos12

    khronos12 Private E-2

    Tim,

    Thank you so much. I have used Major geeks multiple times and have never had to post a thread to get help since the Malware Removal instructions typically take care of the problem, but this time was a much more difficult case.

    This worked flawlessly and I have since installed Norton Corporate on the machine and it is working very well.

    I am posting the logs you requested for review.

    Please if you see anything else that may be of concern, let me know and I will take care of it.

    Again, thank you so very much.
     

    Attached Files:

    khronos12, Oct 24, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looks good!! I will leave you to do a little clean up and then give you the final instructions.

    Use windows explorer to find and delete:
    C:\Documents and Settings\HP User\Application Data\AVG8

    Now use add/remove programs to uninstall:
    J2SE Runtime Environment 5.0 Update 6"
    Java(TM) 6 Update 10

    Open notepad and copy and paste the following text in the quote box into the window:
    Save this as fix.bat
    Choose to save as all files.
    Doubleclick fix.bat and let the program run.
    A small black dos window will flash, this is normal.

    Reboot and download and install:
    Java Runtime 6

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    TimW, Oct 26, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds