Qoologic help...

Discussion in 'Malware Help (A Specialist Will Reply)' started by RobsanX, Apr 15, 2006.

  1. RobsanX

    RobsanX Private E-2

    Hi folks! I've been pulling my hair out for a week with this infection before I stumbled upon your forums. I've been using Symantec AV, Ad-Aware, and Windows Defender in normal and safe-mode to try in clean it, but (as you probably know) it just keeps coming back. I read through your special instructions on Qoologic, and I think that I have followed all of them, but if I missed something please let me know. I have attached the four log files to this message. Thanks for your help, and it's great to know that there are still people out there willing to lend a hand! :D
     

    Attached Files:

    RobsanX, Apr 15, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Download - Pocket KillBox

    Extract it to its own folder somewhere that you will be able to locate it later to run it.

    First look in Add/Remove programs for webnexus and uninstall if found.

    Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Run Pocket Killbox by doubleclicking on killbox.exe
    Choose Tools > Delete Temp Files and click OK.

    Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note some of the files listed below may not exist but we need to check for them anyway.

    C:\WINDOWS\UNWN.EXE
    C:\WINDOWS\system32\ifgbkpd.exe
    C:\WINDOWS\system32\mxwwl.dat
    C:\WINDOWS\system32\haisak.exe
    C:\WINDOWS\system32\wjywa.exe
    C:\WINDOWS\system32\nhitqsn.dll
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\yhutg.exe


    If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself. However BOOT INTO SAFE MODE during this reboot and do not run anything but what I request. DO NOT open any browsers!


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wjywa.exe
    F2 - REG:system.ini: UserInit=userinit.exe,ifgbkpd.exe
    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - (no file)
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


    Now exit HJT
    Run Windows Explorer and double check to make sure the below files are all deleted (some we may already got with killbox):
    C:\visfx500.exe
    C:\WINDOWS\UNWN.EXE
    C:\WINDOWS\system32\ifgbkpd.exe
    C:\WINDOWS\system32\mxwwl.dat
    C:\WINDOWS\system32\haisak.exe
    C:\WINDOWS\system32\wjywa.exe
    C:\WINDOWS\system32\nhitqsn.dll
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\yhutg.exe

    Then reboot into normal mode and attach a new HJT log and a new log from FindQool
     
    chaslang, Apr 15, 2006
    #2
  3. RobsanX

    RobsanX Private E-2

    I'm not the expert here, but it looks like it worked! I did get that
    so I followed all the instructions after booting in safemode. I have attached updated HJT and FindQool logs. Thanks so much!!!
     

    Attached Files:

    RobsanX, Apr 15, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!

    Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Apr 15, 2006
    #4
  5. RobsanX

    RobsanX Private E-2

    Got it. Thanks again, and I will definitely look through that other thread!
     
    RobsanX, Apr 15, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely.
     
    chaslang, Apr 16, 2006
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds