please help

Discussion in 'Malware Help (A Specialist Will Reply)' started by kutino, Feb 19, 2007.

  1. kutino

    kutino Private E-2

    overview of problem

    my startup applications are slow to load up and also i am getting application error dialogue (ccSvchst.exe) when i try to shut down my computer and i seem to have a lot of new processes on my windows task manager
     

    Attached Files:

    kutino, Feb 19, 2007
    #1
  2. kutino

    kutino Private E-2

    hijack log
     

    Attached Files:

    kutino, Feb 19, 2007
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    To update:
    http://securityresponse.symantec.com/avcenter/security/Content/2003.06.25a.html

    Sophos Anti-Rootkit will scan your computer for files that have been hidden using rootkit technology.

    Many of the newer malware infections use this technology to hide themselves and to make them more difficult to remove.

    Installation
    Download Sophos Anti-Rootkit 1.1 and save to a location you will be able to find such as your desktop

    Run sarsfx.exe by double clicking on it.

    Click Accept to agree to the EULA

    Click Install (if you wish to change the default installation location do so here but remember where you install to, the default is C:\SOPHTEMP)

    Once it finishes copying files, exit the installer​
    Running the scan
    Navigate to the location that you installed the software to (Default: C:\SOPHTEMP)

    Run sargui.exe by double clicking on it.

    Ensure that all three of the options are checked

    Click Start Scan

    Once the scan is complete, close Sophos Anti-Rootkit by closing the scan window and clicking Exit in the main window

    DO NOT CLICK 'CLEAN UP CHECKED ITEMS' OR ATTEMPT TO HAVE SOPHOS ANTI-ROOTKIT FIX ANYTHING UNLESS SPECIFICALLY INSTRUCTED TO IN THE THREAD YOU ARE WORKING ON
    Finding the logsClick on Start --> Run

    Type in %TEMP%\sarscan.log and press enter

    The log file will open in the default editor (probably Notepad)

    Click File --> Save As and save the file to your desktop or other location for easy retrieval.


    Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll

    After clicking Fix, exit HJT.
    Now attach new logs for:

    * GetRunKey
    * ShowNew
    * HJT

    Be sure to tell us how things are running.
    When we are done, you will need to update to sp2!!
     
    TimW, Feb 20, 2007
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds