Some things run, some don't.

Discussion in 'Malware Help (A Specialist Will Reply)' started by TybudX, Mar 2, 2009.

  1. TybudX

    TybudX Private E-2

    Not sure if this is even a malware problem, but I figured I'd start with the best before shelling out 60 bucks for Microsoft's online support. I have an Acer laptop with Vista Home Premium 64 bit, I can post more info on it if needed.

    About a week ago, I was in the middle of watching a downloaded copy of Friday the 13th (the new one). There was maybe a couple minutes left in it when Media Player stopped. I thought nothing of it, figured maybe the movie was just cut short.

    Skip to the next day, and I try to start my laptop up again... all my settings have been changed (keyboard is lolCanadian, BioProtect is off, programs are running on startup that shouldn't, etc.). A whole mishmash. I try to plug my mp3 player in to charge, and Media Player won't boot up... this is when I clue in that something really isn't right.

    I spent the next day trying to get things to work... stuff like Hearts and Minesweeper work, but nothing on the taskbar will execute, I can't install stuff, and I can't download things off the internet. I tried to do System Restore, but the backup I had from a month ago failed... and when I rebooted, it was gone. Now I have one from a couple days ago.

    My first ray of hope came when I started in safe mode. Seems everything works here... Firefox, Explorer, all the programs that should work. I tried running Spybot, did a full system scan with Comodo, and ran a few apps that I had on hand (just happened to be all the ones you require... imagine that). None of them were able to update successfully, even with internet access. I was fooling around with this stuff when I found that the 64bit version of IE runs fine on my non-admin profile.

    So whatever. Here I am, with no idea what's wrong. I followed the steps provided to a T, although some things obviously didn't work. None of the programs updated, and even though I got Combofix to work with the run command, it said it wasn't compatible with a 64 bit OS. I did do SAS, Spybot, Malwarebytes, and MGTools, and have logs.

    Ooh, just got a new one... Comodo just alerted me to a virus when I looked to see if I had a log for Combofix. Name: ApplicUnsaf.\Win32.Hide.~AB@5325787, found at C:\ComboFix\hidec.exe. It also seemed like something was trying to open a browser window when it happened, I don't know what that means. I chose to ignore the problem once, then again. Don't want to screw anything else up. Got another... Application.Win32.NirCmd.~A@6740009, in C:\Combofix\NirCmd.cfexe.

    Anyways, my logs.
     

    Attached Files:

    TybudX, Mar 2, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Based on your logs, you are not having malware problems. I see a few minor non-malware things to fix but they will not have an effect on your problems. I will give this fix further down.

    That's correct and you now have a few files to cleanup from trying to run it a couple of times. Delete the below files:

    C:\Windows\system32\CF2849.exe
    C:\Windows\system32\CF2973.exe
    C:\Windows\system32\CF3767.exe
    C:\Windows\SysWOW64\CF2849.exe
    C:\Windows\SysWOW64\CF2973.exe
    C:\Windows\SysWOW64\CF3767.exe
    C:\Windows\SysWOW64\cmd.execf

    Also delete the combofix.exe file from your Desktop and also delete the C:\combofix folder.

    False detections. These are just valid programs used by ComboFix and many other tools.

    Why did you download rmvirut.exe? Did you think you had a Virut infection? Did you run this for some reason?



    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    F3 - REG:win.ini: load=
    F3 - REG:win.ini: run=
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

    After clicking Fix, exit HJT.

    Since you are not having malware problems, you may want to post in the Software Forum.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If you did not already do so as requested above, remove all the ComboFix related files and folders.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    9. After doing the above, you should work thru the below link:
     
    chaslang, Mar 3, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds