Malware removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by westerley, Dec 1, 2009.

  1. westerley

    westerley Private E-2

    After running all of the preliminary items everything seemed ok. i wanted to enable superantispyware so i would have the anti spyware running. superantispyware had a notification of an update(should have all been updated earlier) so i updated and was prompted to restarted the computer which i did. there was an internet explorer popup trying to go to res://ieframe.dll/navcancl.htm at startup. i stopped it and also google chrome was changed to not being my default browser. So most of the problems are gone just want to make sure its all clean and stop this popup. thanks for all your help.
     

    Attached Files:

    Last edited: Dec 1, 2009
    westerley, Dec 1, 2009
    #1
  2. westerley

    westerley Private E-2

    MGlog post
     

    Attached Files:

    westerley, Dec 1, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You have some temps to remove. And I would like to know if you know what these pertain to:
    Code:
    C:\WINDOWS\Downloaded Program Files\"
sdcweb~1.dll  Oct  1 2009      439296  "SdcWebSecurity.dll"
sdcweb~1.inf  Oct  1 2009         195  "SdcWebSecurity.inf
    Or this:
    C:\WINDOWS\system32\subalozo

    I believe they should all be removed, but if you can right click the files and check their properties...let me know.

    Use windows explorer to find and delete:
    C:\Documents and Settings\wes\Local Settings\Temp\7ZS1F42
    C:\Documents and Settings\wes\Local Settings\Temp\7ZS2797
    C:\Documents and Settings\wes\Local Settings\Temp\7ZS3EDF
    C:\Documents and Settings\wes\Local Settings\Temp\7ZS40EA
    C:\Documents and Settings\wes\Local Settings\Temp\DIO3.tmp
    C:\Documents and Settings\wes\Local Settings\Temp\e4j74C.tmp_dir14061
    C:\Documents and Settings\wes\Local Settings\Temp\nsfD.tmp
    C:\Documents and Settings\wes\Local Settings\Temp\NSO77.TMP
    C:\Documents and Settings\wes\Local Settings\Temp\NSW6E.TMP
    C:\Documents and Settings\wes\Local Settings\Temp\Rar$EX00.953
    C:\Documents and Settings\wes\Local Settings\Temp\sts5.tmp

    Tell me what issues you are having.
     
    TimW, Dec 3, 2009
    #3
  4. westerley

    westerley Private E-2

    I removed the sdcwebsecurity items. they were from stamps.com which i no longer use. I have no idea about the C:\WINDOWS\system32\subalozo. the properties on subalozo shows
    Type:file
    description: subalozo
    size:10.9 kb
    created:monday july 20 2009
    modified: today dec 10 (shows this every day)
    accessed:today dec 10 (shows this every day)
    attributes: hidden
    summary tab shows nothing

    I deleted C:\Documents and Settings\wes\Local Settings\Temp\DIO3.tmp
    none of the other temp files were there but i think i ran ccleaner in between the time i posted and received your reply.

    the only problem i am having now is a popup that says something like: this can only be accessed using dell mobile broadband connection. always happens once at startup sometimes twice and then randomly while computer is on. i use a dell mobile broadband card to access the internet. i will restart and post the exact error words.

    i also do not have internet explorer installed, because it seemed to be allowing lots of my problems and was getting redirected to other sites i uninstalled it. should i reinstall and if problems exist go form there?
    thanks for your help.
     
    westerley, Dec 10, 2009
    #4
  5. westerley

    westerley Private E-2

    ok the error is from VZAcces and says this connection can only be used with dell mobile broadband card utility. error 907. I'm not sure if there is some malware or something trying to access the internet but this problem occured when i had the trouble with malware taking over my desktop background and such.
     
    westerley, Dec 10, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's do this:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

FCopy::
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys | C:\WINDOWS\system32\dllcache\atapi.sys
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, Dec 13, 2009
    #6
  7. westerley

    westerley Private E-2

    ok.. sorry for the slow reply i was out of town and finishing finals. attached are the logs you have asked for. i will restart after this post and see if i am still getting the vz error.
    I have run into a new problem, in that my laptop has no sound. The media buttons on the laptop usually beep when i press them even when the sounds are muted and they do not, and i can get no sound from my speakers. they were working fine 2 days ago and i have made no changes. i can get sound if i plug into the headphone output, but nothing on the laptop speakers. i looked up the problem and tried an updated driver but still nothing. i also tried disabling and enabling the button sounds in the bios but nothing changed. not sure how this happened any help is appreciated.
     

    Attached Files:

    westerley, Dec 21, 2009
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Can you tell me what this is:
    C:\sp34200.exe

    I want you to go to this file:
    C:\WINDOWS\system32\subalozo right click on it and rename it to:
    C:\WINDOWS\system32\subalozo.old

    I have no idea as to what has happened to your sound. It is possible that it is just coincidental. You may need to post in the hardware forum for this issue. When you go to device manager...are there any x's or ! or ? by any of the devices?
     
    TimW, Dec 23, 2009
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds