Multiple Infections

Discussion in 'Malware Help (A Specialist Will Reply)' started by kidubi, Jul 29, 2010.

  1. kidubi

    kidubi Private E-2

    Hello, I am currently working over my friends computer and I found several infections. He is running Windows Vista Home Premium 64bit. I used Avast! Anti-Virus initially, and it found 9 problems. As per the READ & RUN ME FIRST thread, I am including the log files I was able to obtain from the computer, along with a screenshot of the results from the Avast! scan. As far as he can tell me, the problems started between 1 - 2 months ago. He told me the first problem he noticed was that whenever he opened any program, the window would pop up and almost immediately close again. However, that was not persistent. Soon, it was replaced by those programs no longer being able to establish an internet connection even when he was clearly connected to his network and could still browse websites with Firefox. As I was working my through the READ & RUN ME FIRST thread, I came across several steps that would not work. First, I couldn't remove Java in order to reinstall with the newest version. Then, in the Vista Cleaning Procedure steps, SUPERAntiSpyware could not be updated. I tried both the online update using the program itself, and the manual updates via the provided link. I hope I'm not forgetting anything, and thank you in advance for your time and your help.
     

    Attached Files:

    kidubi, Jul 29, 2010
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here.

    Viewpoint Media Player <--- uninstall this if you are able to.

    Give this a run. SUPERAntiSpyware Portable

    If you did not deliberately set this proxy yourself then please include it in the HJT fix below:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking Fix exit HJT.

    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.


    Code:
    :Files
C:\Users\Raymond\AppData\Local\qjrlhjemt
C:\Users\Raymond\AppData\Local\qnudshyjd
C:\Users\Raymond\AppData\Local\Temp\FONBF5.tmp
C:\Users\Raymond\AppData\Local\Temp\browserview-3e23bf8.htm
C:\Users\Raymond\AppData\Local\Temp\browserview-3e5d2f0.htm
C:\Users\Raymond\AppData\Local\Temp\browserview-3eb60f0.htm
C:\Users\Raymond\AppData\Local\Temp\browserview-3f0c168.htm
C:\Users\Raymond\AppData\Local\Temp\browserview-40b4cb0.htm
C:\Users\Raymond\AppData\Local\Temp\browserview-4142960.htm
C:\Users\Raymond\AppData\Local\Temp\FonF073.tmp
C:\Users\Raymond\AppData\Local\Temp\FonF0C2.tmp
C:\Users\Raymond\AppData\Local\Temp\Low
C:\Users\Raymond\AppData\Local\Temp\resource.h
C:\Users\Raymond\AppData\Local\Temp\rmVYvyiQ.exe.part
C:\Users\Raymond\AppData\Local\Temp\uttA754.tmp
C:\Users\Raymond\AppData\Local\Temp\uttA754.tmp.old

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=-
"EA Core"=-
"WMPNSCFG"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer]

:Commands
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Also delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day).

    C:\Windows\TEMP
    C:\Users\Raymond\AppData\Local\Temp

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let me know how things are running now.
     
    Kestrel13!, Jul 29, 2010
    #2
  3. kidubi

    kidubi Private E-2

    I have done all of the steps you provided, and here is the result:




    Also, I should mention that the portable version of that software worked like a charm, and I was able to get it to update and do the scan.
     

    Attached Files:

    Last edited by a moderator: Jul 30, 2010
    kidubi, Jul 29, 2010
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Are you able now to uninstall the old Java? If not try JavaRA 1.15

    Reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6


    Code:
    :services
Viewpoint Service

:Commands
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Now tell me how everything is running before I give you final steps. :)
     
    Kestrel13!, Jul 30, 2010
    #4
  5. kidubi

    kidubi Private E-2

    Well, I did all that and the computer is running great! Here is the output from OTM:

     
    kidubi, Jul 30, 2010
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    That's great. :)

    Now just let me have one final sweep through the logs:

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Kestrel13!, Jul 31, 2010
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds