Malware on dial-up...

Welcome to Majorgeeks!

Before we even get started I have to warn you of something that could be very dangerous too you financially. In my next message I will tell you what your next steps should be to properly start cleaning your PC.

 

We have a complete cleaning process that is required to be run before looking at HijackThis logs.

The reason for this is that most people are under the very mistaken misconception that HijackThis is a scanning/removal tool. It is not! HijackThis is simply a tool that is used to identify browser hijackers and in some cases it will show entries for some malware that is for instance running at startup. All it does is list a few of the thousands of registry keys that exist, and it makes no inferences to whether anything being shown is good or bad. That decision is left a person with significant Windows and malware cleaning experience.

HijackThis does not come close to showing all malware that could be hiding on a PC. Anyone who has an infected computer and is relying on HijackThis without the benefit of running other scans such as Spybot, Windows Defender, BitDefender & Panda, CCleaner, etc. are more than likely still infected. In most cases, where there is one virus/trojan there are more. The goal of this forum is to remove all malware, and this cannot be done properly by just seeing a HijackThis log.

However, since you have a couple serious issues, I want to get you started on a couple important fixes right away. You will have to run the full process at some point so we can be sure to get all your malware problems removed.


First please get HijackThis installed properly. You have it installed here:

C:\Documents and Settings\Chris Shedd\Desktop\HijackThis.exe

It MUST be installed and RENAMED as shown below. This is very important!!!

C:\Program Files\HJT\analyse.exe

Please do this now before continuing.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Immediately attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.






Some programs hide themselves by making their files invisible in normal Windows settings. Run the steps in the below link (has steps for ALL Win OS's) to make them easier to find.

How to view hidden, system files & folders!​

Not doing this would allow file extensions commonly used by trojans and spyware to be hidden, for example a file ending in .exe or dll making manually finding it, if needed, difficult to impossible.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\niifxcnb.dll",setvm
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [b1c88e98.exe] C:\Documents and Settings\Chris Shedd\Local Settings\Application Data\b1c88e98.exe
O4 - HKCU\..\Run: [Fsinszb] C:\WINDOWS\System32\ykqv.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [Xbjakfbc] C:\WINDOWS\SYSTEM32\?dobe\??ool32.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\Chris Shedd\Local Settings\Application Data\b1c88e98.exe
C:\WINDOWS\System32\niifxcnb.dll
C:\WINDOWS\System32\ykqv.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe <--- delete all files in this folder that begin with ibm000. There may be multiple .EXE files and some .DLL files.

Now Empty your Recycle Bin.

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Now tell me how the above steps went.

At this point our next step will be for you to run our standard cleaning process so we can find any other malware that may be hiding on your PC. So below you will find these next steps!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

That's because ComboFix got them. Look at the log!

Now you need to continue on and complete the rest of the steps I gave you and attach all 6 logs.

 

Great! Remember it will take two messages to attach the 6 logs since you can only attach a max of 3 files in a single message.