Malware / Trojan won't stay deleted

Discussion in 'Malware Help (A Specialist Will Reply)' started by UserMG, Apr 8, 2009.

  1. UserMG

    UserMG Private E-2

    I believe I am infected with malware/trojan that keeps reappearing even after being cleaned by Malwarebytes' Anti-Malware.

    In my registry there is a "rundll32" entry with the name "Rvevetaco" that when cleaned will just end up reappearing again. If I try and clean it, it just comes back and with a different dll name. I have done this dozens of times already, in and out of Safe Mode. From the logs you can see that this time it is "iwanabon.dll."

    There must be some other malware installed which creates it again after it is removed but nothing else besides the "Rvevetaco" comes up after scanning.

    Attached are my logs.
     

    Attached Files:

    UserMG, Apr 8, 2009
    #1
  2. Corporal Punishment

    Corporal Punishment Head of Software Shenanigans Staff Member

    Looks like it is loading up oout o cache.

    Run ccleaner. Clean all temp files including prefetch. Rerun SAS amd MalwareBytes Anti-malware.

    see if that get's 'er done.
     
    Corporal Punishment, Apr 11, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you have any idea what the below new files are for/from?
    Code:
    "C:\Documents and Settings\Paragon\My Documents\"
pass.apm      Apr  8 2009       28219  "pass.apm"
t.rt          Apr  8 2009      599064  "t.rt"
    Uninstall the below old versions of software:
    J2SE Development Kit 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 2

    Now we need to use ComboFix again.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Now run Ccleaner to clean out only temp files and nothing else!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 12, 2009
    #3
  4. UserMG

    UserMG Private E-2

    chaslang,

    Thank you for the reply and the instructions. But on the 11th I decided to just do a reformat and fresh install :\
     
    UserMG, Apr 16, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Apr 19, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds