still spyware after running test

Discussion in 'Malware Help (A Specialist Will Reply)' started by jamielyn, Feb 8, 2008.

  1. jamielyn

    jamielyn Private E-2

    ive ran the initial test and am still infected.browser gets redirected when searching.webroot finds and quarantines trojan/downloader/ruin after every reboot.stop zilla finds nothing but will redirect the redirect to the right site sometimes.2/31/08 is when the problem,i think,occured after trying to allow a control to open a streaming video.the combofix would not run......cannot change name combofix to combofix and shuts down,thanks
     

    Attached Files:

    jamielyn, Feb 8, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Is your copy of Spy Sweeper a paid version or free trial? If free, uninstall it now!!

    Also uninstall Ask Toolbar


    Run C:\MGtools\analyse.exe by right clicking on it and selecting Run as Administrator. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
    O4 - HKLM\..\Run: [dmell.exe] C:\Windows\system32\dmell.exe
    O4 - HKLM\..\Run: [dmoei.exe] C:\Windows\system32\dmoei.exe
    O4 - HKLM\..\Run: [dmztd.tmp] C:\Windows\system32\dmztd.tmp
    O4 - HKLM\..\Run: [dmbrf.tmp] C:\Windows\system32\dmbrf.tmp
    O4 - HKLM\..\Run: [dmcns.tmp] C:\Windows\system32\dmcns.tmp
    O4 - HKLM\..\Run: [dmicm.tmp] C:\Windows\system32\dmicm.tmp
    O4 - HKLM\..\Run: [dmabz.tmp] C:\Windows\system32\dmabz.tmp
    O4 - HKLM\..\Run: [dmybi.tmp] C:\Windows\system32\dmybi.tmp
    O4 - HKLM\..\Run: [dmovt.tmp] C:\Windows\system32\dmovt.tmp
    O4 - HKLM\..\Run: [dmpwf.tmp] C:\Windows\system32\dmpwf.tmp
    O4 - HKLM\..\Run: [dmqxc.tmp] C:\Windows\system32\dmqxc.tmp
    O4 - Global Startup: tavmsi.lnk = F:\Setup\setup_w32.exe
    O23 - Service: Windows Management Service - Unknown owner - C:\Windows\system32\dmgfj.exe

    After clicking Fix, exit HJT.


    Now reboot into safe mode and delete the below files.
    C:\Windows\System32\dmbld.exe
    C:\Windows\system32\dmell.exe
    C:\Windows\system32\dmgda.exe
    C:\Windows\system32\dmgfj.exe
    C:\Windows\system32\dmoei.exe
    C:\Windows\system32\dmztd.tmp
    C:\Windows\system32\dmbrf.tmp
    C:\Windows\system32\dmcns.tmp
    C:\Windows\system32\dmicm.tmp
    C:\Windows\system32\dmabz.tmp
    C:\Windows\system32\dmybi.tmp
    C:\Windows\system32\dmovt.tmp
    C:\Windows\system32\dmpwf.tmp
    C:\Windows\system32\dmqxc.tmp

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\Windows\Temp
    C:\Users\jamie\AppData\Local\Temp

    Now reboot into normal mode.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.


    Make sure you tell me how things are working now!
     
    chaslang, Feb 10, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds