Not sure....

I've run your READ&RUN first procedure and the machine seems to be back in better order. Before running that procedure I couldn't open webpages or even use google, the browser never loaded. Seems fine now tough.

Anywho, what worried me is that I got an error message that some .dll file couldn't be found on startup so I'm a bit worried that there's still something hanging around. Attaching logs so you can see.

As for how long I've had problems, it's been for a few weeks now but I haven't had time to start fixing before this weekend. Why I'm infected I don't know, but I'm not the only one in this house using this machine.

Well, hope you can give me a hand. Many thanks in advance! You guys are great!!

 

...and the MGtools log.

 

Hi norwayn00b!
Welcome to the Malware Forum!

The scans obviously did some good. I'll look at the logs and see how things look. This takes some time so thanks for being patient.

abri

 

Hi norwayn00b,

Please do the following:

1) Go to add/remove programs and uninstall the below:

Java(TM) 6 Update 4
Java(TM) 6 Update 5

Additionally, you need to replace the other two Java programs (if you use them), the development kit and the Java DB. Please go to Sun's website for more information about most recent versions. That is here: http://java.sun.com/javase/downloads/index.jsp

2) Reboot after uninstalling the above.

3) Install the current version of Sun Java from: Sun Java Runtime Environment

4) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {0CD61A72-0082-4A46-BA53-19DE0404F485} - C:\WINDOWS\system32\hgGyvvsT.dll (file missing)
O2 - BHO: (no name) - {B57BD1A6-5B9C-467D-9F7F-180A5CB1F420} - C:\WINDOWS\system32\fccyaXrp.dll (file missing)
O4 - HKLM\..\Run: [340a27d9] rundll32.exe "C:\WINDOWS\system32\nruxecvu.dll",b
O20 - Winlogon Notify: khfEWPJb - khfEWPJb.dll (file missing)

After you click fix, just close hijackthis.



5) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the 'Execute' button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

6) Now run CCleaner at the default setting with the Windows tab as the top one.

7) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

Thanks for the fast reply mate. I've gone through the list now, I uninstalled the Java DB and and dev kit as well. As far as I know I've never used them

Apart from that everything went smooth and the machine seems to be in order as far as I can tell. I'm attaching the logs as you wanted.

Just two questions:

1: In the READ & RUN ME FIRST process my virus program Avast seems to have been affected. It is no longer visible in the tray. I've tried to adjust the settings but it doesn't appear there, but according to the windows security center the scanner is updated and running. Is there a problem?

2: Can you reccomend a good and free software firewall?

Thanks for the help!!

 

Hi norwayn00b,

Your logs look good. There are several free two-way software firewalls listed in the link in the box below called How to protect yourself from malware. There are other good things as well, so it's worth a read.

As for your Avast, it may have lost a file when we removed the malware. I suggest that you go to the How to protect yourself thread and download the installation program for Avast and put it somewhere where you can find it later. Then disconnect from the internet (physically) and disable Avast. Then go to add/remove programs and uninstall it. After that install the new one and see if the problem you ran into is gone. Reconnect to the internet and get the updates and make sure it's running correctly.

In the box below are the final cleanup instructions.

abri

 

Ok, thank you very much! You guys are doing a great job! Hope I won't have to set foot in here again.

Are there any of the firewalls that will work better with avast? Or should I take that question to the Software forum?

Cheers.

norwayn00b

 

I like Zone Alarm because it's easy. I think all the ones recommended work well with Avast. I think Comodo is a bit more complex than the others, but that's just from watching discussions not from personal experience.

Thanks very much.
I hope you won't set foot in here again too! hahaha

You can always visit the Software Forum just for the fun ot it.

Good luck to you and your computer!
abri

 

I'll check out Zone Alarm then. Thanks mate.

Just wanted to let you know that uninstalling and installing Avast did the trick. It's back and working like a clock.


Once again, thanks for great help!! Major Geeks FTW!!11!! :major

 

You're welcome!
Glad that worked!