nasty virus/trojan infection

Discussion in 'Malware Help (A Specialist Will Reply)' started by widetowest, May 28, 2009.

  1. widetowest

    widetowest Private E-2

    Hi there. I have been struggling with this nasty infection since monday. First thing I noticed was a message telling me that my firewall had been turned off then AVG kept giving me notifications of threats detected. My internet browser then started redirecting me from google searches. I ran malwarebytes as this has worked for me in the past but the infection was still there but I could no longer browse the internet (page could not be displyed message as if I had no connection). Anyway I ran the steps in your guide but now none of my networking devices (wireless adapter, ethernet etc) are working and I can't get them back on, i also have a new internet explorer icon on my desktop that wasn't there before. This only happened after running MGtools. Please help me as I am at my wits end with this bloody virus.
    logs are attatched.

    Thanks in advance - John

    PS - sorry forgot to mention that my problem with network adapter etc seems to be driver related but all of my network connections have been removed so I can't just repair them. J
     

    Attached Files:

    Last edited: May 28, 2009
    widetowest, May 28, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's start with this:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

Driver::
50c5b117
94934edf

NetSvc::
mocesxcv

File::
c:\windows\system32\drivers\50c5b117.sys
c:\windows\system32\drivers\94934edf.sys
C:\Documents and Settings\User\Local Settings\Application Data\3AAC2E72-258D-4248-BB41-B0D1AEC4EF3A.txt
C:\WINDOWS\system32\sysloc
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, May 30, 2009
    #2
  3. widetowest

    widetowest Private E-2

    Sorry for the delay in my reply - I cant get on the internet on my laptop so I had to wait untill I could get internet access. Right I have followed your steps and have attatched the logs you requested. However I cannot update combofix as I can't connect to the internet and after following the steps I still have the exclaimation mark next to all of my network devices. The icons for wireless and LAN are gone from my tool bar (next to the clock). I have previously tried to reinstall the drivers but to no avail. one thing I did notice was when I switched off my laptop after following the advice it went throught the normal blue screen "windows is shutting down" then said "closing network connections". Now I didn't think I had any network connections as my router is turned off and I cannot turn on my wireless reciever. Still really baffled but I really appreciate your help.

    J
     

    Attached Files:

    widetowest, Jun 2, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This little bugger doesnt want to die.....lets try this:

    download The Avenger by Swandog469, and save it to your Desktop.

    * Extract+ avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * -Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:


    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\Avenger.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Jun 3, 2009
    #4
  5. widetowest

    widetowest Private E-2

    Again sorry for the late reply but I have been off work so had no access to a PC. I ran the programs that you requested (logs attatched) but the problem is still there. Allthough the computer boots up marginally quicker (maybe) I still cannot get my network adapters to work. I have also tried to install a different (USB type) one which would not work either. I appreciate your help as this is now totally beyond my capabilities to fix on my own. Any ideas on what to try next as I don't particularly want to have to reformat my hard drive. I look forward to your reply.

    J
     

    Attached Files:

    widetowest, Jun 11, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I apologize for the delay....my isp took a 4 day dump.

    The only questionable thing in your logs is this a BHO. Lets remove it and see if that helps. If not, you will need to post in either software or networking for further assistance.

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Let me know.
     
    TimW, Jun 15, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds