Not sure what malware is on my computer

Discussion in 'Malware Help (A Specialist Will Reply)' started by mofenstein, Jan 26, 2009.

  1. mofenstein

    mofenstein Private E-2

    I have tried running the Malware Removal guide but the only things I can get to run are some of Combofix, Malware bytes, and hi jack this. The virus at first was bringing up Chinese Porn sites but after I ran combofix and cleaned up a few things it disabled my network card, or something along the lines of that. I can't get an Ip address, if I go into Network Connections properties there is nothing labeled there. But if I go into the Device Manager my network card is listed as being there and being enabled. If I do an ipconfig I only get 0.0.0.0 So for that I can't install Spybot and when i try installing Super Anti-Spyware I get a Error2203: c:\windows\installer\3cbce.ipi, -2147287035 message box. I also get that when trying to uninstall Java. I couldn't run combofix all the way because of no internet connection. But I'm attaching the logs I was able to obtain.

    If I try starting the DHCP Client then I get the error message:

    Could not start the DHCP Client service on Local Computer.
    Error 1083: The executable program that this service is configured to run in does not implement the service.

    Same error message when I try to start Network connections
    If I try to look at the Dependencies of Remote Procedure Call then I get the error:

    Win32: The executable program that this service is configure to run in does not implement the service.

    Also Task Manager is disabled.
     

    Attached Files:

    mofenstein, Jan 26, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to attach this:
    C:\MGLogs.zip

    Let's start with this:
    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger. Also see if you cant run SAS and MBAM and attach those logs.
     
    TimW, Jan 27, 2009
    #2
  3. mofenstein

    mofenstein Private E-2

    O.K.

    Here are the logs. Still won't let me install SAS and I still can't get an ip address, so Spybot search and destroy can't be installed. I ran malware bytes on the 21st and I'm including that log.
     

    Attached Files:

    mofenstein, Jan 27, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now I want you to go back to the Read and Run First instructions and download the latest version of MGTools. Attach the new MGLogs.zip and the Avernger log.
     
    TimW, Jan 27, 2009
    #4
  5. mofenstein

    mofenstein Private E-2

    I deleted those files again:

    \lljyn090113.exe
    \zhnahsdf090101c.dll a16zhqb
    ming9a090110.exe

    with hijack this again. But they always seem to come back. Well, when windows first loads I get an error message telling me that:

    error loading c:\windows\system\zhnahsdf090101c.dll
    The specified module could not be found.

    But everytime hijack this finds it.
    I still can't run SAS

    Here are the logs

    Thanks for the help so far.
     

    Attached Files:

    mofenstein, Jan 28, 2009
    #5
  6. mofenstein

    mofenstein Private E-2

    After all this, I ran combo fix again and after that, SAS was able to load, not update though, because the network card is still down or corrupted or something. But I'm going to run SAS and see what happens from there.
     
    mofenstein, Jan 28, 2009
    #6
  7. mofenstein

    mofenstein Private E-2

    SAS found nothing but I am able to start removing Java, which I couldn't before, so that's a good thing
     
    mofenstein, Jan 28, 2009
    #7
  8. mofenstein

    mofenstein Private E-2

    I tried fixing the Error 1083: problem I am getting when trying to start certain services. I tried using wscfix.exe but got nothing. I also have tried Winsockxpfix.exe also getting nothing.
     
    mofenstein, Jan 28, 2009
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's keep at it:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
    TimW, Jan 28, 2009
    #9
  10. mofenstein

    mofenstein Private E-2

    Here's the logs
    It won't let me upload the mglogs.zip file. It says it's already on this thread.
     

    Attached Files:

    mofenstein, Jan 29, 2009
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    That message usually indicates that you are trying to upload the same log that you did in a previous post. Make sure you run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file which will be over written by doing this.
     
    TimW, Jan 29, 2009
    #11
  12. mofenstein

    mofenstein Private E-2

    Sorry, I couldn't post the Mglogs.zip. I couldn't wait any longer. The client whose computer it was, was really needing it back due to a dead line. I went ahead and reformatted. Thank you for your help and patience. I guess we can close this ticket.
     
    mofenstein, Jan 30, 2009
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sorry to hear that and hope it all goes well.
     
    TimW, Jan 30, 2009
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds