Please help on this: logs attached. Thanks.

Discussion in 'Malware Help (A Specialist Will Reply)' started by k2doggo, Apr 22, 2009.

  1. k2doggo

    k2doggo Private E-2

    A few days ago I ran an executable I'd downloaded and thought safe. It didn't "do" anything, and right away I knew I was in trouble.

    The symptoms are:
    --DVD burner inaccessible to Nero or other burning programs...sometimes it gives an error message reading "The maximum number of secrets that may be stored in a single system has been exceeded";
    --on Internet Explorer, Google search links are redirected to some damned Russian site, then come up as random advertising;
    --upon starting one certain program (DVD Flick), the system now asks for a missing driver (RCD.MSI) from a system CD-Rom--this isn't a driver I have or have ever needed;
    --System Restore hangs and won't restore to any chosen restore point (clever, that).

    Thanks so much you guys, in advance, for any help you can offer.
     

    Attached Files:

    Last edited: Apr 22, 2009
    k2doggo, Apr 22, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Well, that isnt any fun!!

    Let's try this:

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * [color=darkred)Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.[/color]
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

Driver::
ovfsthxwvdrjnoo

File::
c:\windows\system32\sf87wuijndoio43j.dll
c:\windows\system32\drivers\ovfsthxwvdrjnoo.sys 
c:\windows\system32\ovfsthxepdgbyoe.dat 
c:\windows\system32\ovfsthxlsawkxxv.dat 
c:\windows\system32\ovfsthxnomtqoyr.dll 
c:\windows\system32\ovfsthxsqkbodeu.dll 
c:\windows\system32\ovfsthxvkbakymn.dll
C:\WINDOWS\system32\sf87wuijndoio43j.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxjiyesjta]
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:
    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat[/b] file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Apr 26, 2009
    #2
  3. k2doggo

    k2doggo Private E-2

    tim--thank you so much for your detailed help.

    i wasn't able to implement it, because the system got more and more unstable, and i finally had to give up and reinstall XP from scratch, shortly after i received your help.

    i have one question remaining: while i still had a chance, i put all my important data on an external usb hard drive. this drive was brand new, and i formatted it on a clean computer. then i plugged it into the infected one, copied my stuff off, and shut it down. do you think there's any likelihood that the external drive got infected with anything?

    now with a "new" old XP system, the only problem i have is that the computer, a dell, doesn't see its own network adapter, and i have to figure out how to wake it up for the internet. i gather i need to get a driver from dell, even though this surely would have been on the disc that dell provided? hmm...

    anyway, that aside--thanks again for your help, it was very much appreciated.

    --jim c
     
    k2doggo, Apr 28, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sorry to hear that.....you may need to download the driver to a thumb drive for your network card (did you also have a driver disc?). And I would advise you scan the external drive before transferring anything back.

    You should read this:
    How to Protect yourself from malware!
     
    TimW, Apr 28, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds