Unknown Infection

Discussion in 'Malware Help (A Specialist Will Reply)' started by Divinicus, Sep 15, 2008.

  1. Divinicus

    Divinicus Private E-2

    It started 2 days ago. The wife was looking for a key generator for an adobe product she got from one of her friends. Next thing I know the computer is popping up with some windows firewall message saying that i have a key logger. Other messages as well, not just a key logger, another one was some kinda of bank fraud trojan. The message wants me to click "Enable Protection." I of course have not clicked that. I attemted to access the task manager to see if there were any extra processes running but I get a message saying "The administrator has restricted access the Task Manager." I found that a little odd since I'm the administrator and I couldn't remember doing that. I immediately disconnected the internet and ran Spybot and Symantec antivirus. Those picked up a crap load of things and I was at least able to get to the task manager.

    After running the Read and Run Me things seems to be much better. But I am still getting the windows firewall message popping up, and when I tried to enable symantec again I got some error about a missing file. The windows installer keeps popping up saying to please wait while windows configures Symantec, I keep canceling it. I still have the software for symantec so I can easily reinstall that.

    I have attached the logs from Read and Run Me. Would really appreciate any assistance you could give me.
     

    Attached Files:

    Divinicus, Sep 15, 2008
    #1
  2. Divinicus

    Divinicus Private E-2

    Last attachment.
     

    Attached Files:

    Divinicus, Sep 15, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs do indicate that Norton is not installed.

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it. (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now use windows explorer to find and delete:
    C:\WINDOWS\system32\wfojyfyx.exe
    C:\Documents and Settings\All Users\Application Data\snmdgzkb

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file and tell me how things are running.
     
    TimW, Sep 15, 2008
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds