Malwares on my pc HELP!

Discussion in 'Malware Help (A Specialist Will Reply)' started by abyswaal13, Nov 29, 2009.

  1. abyswaal13

    abyswaal13 Private E-2

    Hello everyone. I have this malware problem. Its been on my PC for at least a week. I did all the instructions on the RUN & RED ME FIRST thread, and I also did what the Vista Cleaning Procedure thread instructed me to do. Attached in this post is the logs which I attained. Any help would be highly appreciated.
     

    Attached Files:

    abyswaal13, Nov 29, 2009
    #1
  2. abyswaal13

    abyswaal13 Private E-2

    MG log attached in this post.
     

    Attached Files:

    abyswaal13, Nov 29, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Sometimes we have to ask, how does a person manage to get a their PC so badly infected. All I can guess here is the use of several P2P/torrent downloading programs. You really need to reconsider how you are using your PC before you suffer even worse problems.


    Uninstall the below old versions of software:
    Java(TM) 6 Update 15

    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Nov 30, 2009
    #3
  4. abyswaal13

    abyswaal13 Private E-2


    I really admire your skills and expertise. Thank you so much for the help.

    Yes, you are right. The cause of this madness is the P2P/torrent downloading programs. Guess this means I have to stop downloading things from the torrent.

    So, I ran combofix with the CFScript.txt thing. After the scan, before the pc reboots, the "Logging Off" screen was taking forever. I decided to just manually press the restart button. I dont know if that was right though. :-o After manually pressing the restart button, I logged in into my account BUT it was all on black screen and combofix wouldn't continue. I switched to another account, and finished the processes on combofix there. Then I switched again to my account, good thing that things were fine already (I guess). Attached in this post are the logs from combofix and mgtools.

     

    Attached Files:

    abyswaal13, Nov 30, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It was not finished and your log is incomplete due to this. However is looks like what we were trying to fix was fixed. You do however have some new problems. Make sure that you are not using anymore torrent downloaders and that you do not have any cracked sotware installed that could be interferring with our fixes.

    If you value your personal security and your PC's health, you will stop using torrent and P2P downloaders.

    Since ComboFix is not running properly for you, let's continue by using a different tool.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )



    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Dec 2, 2009
    #5
  6. abyswaal13

    abyswaal13 Private E-2

    So yeah, I'm not using P2P downloaders anymore and I did what you instructed. The scan with Avenger and the reboot sailed smoothly and everyting seems fine(I guess). Hmm, I just have this run dll error thing while I'm running the machine. It pops up randomly and all I have to do is to click ok. The error says "The specified module cannot be found." Hmmm:confused
     

    Attached Files:

    abyswaal13, Dec 3, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please remove the below from your Desktop. This is not where we asked you to save it.

    C:\Users\Emperor\Desktop\MGtools.exe

    Also what are the below on your Desktop. It is not a good idea to save downloads on your Desktop. You should change your browser defaults.
    Code:
    C:\Users\Emperor\
NO$GBA        Nov 28 2009              "No$Gba"
nss103~1.exe  Jun 23 2009     7323880  "NSS103815.exe"
    Does it say any more than this? Does it give a file name? If there is more information, give the full word for word message. Also when exactly does it occur? What are you running when it happens? This may not be malware. Have you check for possible errors showing in your EventViewer logs. See the below:

    http://windows.microsoft.com/en-us/windows-vista/Open-Event-Viewer
    http://www.computerperformance.co.uk/vista/vista_event_viewer.htm


    You really should update FireFox. You are using Mozilla Firefox (3.0.15) which is way out of date.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: Invoke Class - {82E4CA4E-8EAB-4961-B9D8-A62365CCAE05} - C:\Windows\system32\95bc.dll (file missing)
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [combofix] C:\ComboFix\CF19792.cfxxe /c C:\ComboFix\Combobatch.bat
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-21-1478592084-3196911286-2272197292-501\..\Run: [BitTorrent DNA] "C:\Users\Guest\Program Files\DNA\btdna.exe" (User 'Guest')

    After clicking Fix, exit HJT.



    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Dec 5, 2009
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds