wimad.d and new polywin32. Please help

Discussion in 'Malware Help (A Specialist Will Reply)' started by princessp, Oct 4, 2006.

  1. princessp

    princessp Private E-2

    I have done all the steps in the read and run instructions. I have WinXP Home SP2. I was on vacation for a while and came home turned on my pc and all of a sudden I have pop ups and virus warnings. the 2 major ones were caught by mcaffee and kaspersky. Kaspersky caught Wimad.d and mcaffee new poly neither could be deleted. My computer is extremely slow and I get the occasional pop up. It is just getting worse by the minute. I would really appreciate some help with this. Find my logs attatched (Panda stoped responding so that is not here) Also I included Silent runners scan just incase you wanted to have a look. Thank You
     

    Attached Files:

    princessp, Oct 4, 2006
    #1
  2. princessp

    princessp Private E-2

    here are the rest
     

    Attached Files:

    princessp, Oct 4, 2006
    #2
  3. princessp

    princessp Private E-2

    Ran Avast this is the log. Also tried to run Panda quick remover but it stoped responding. Also ran ewido but there was an error I will attatch that log as well. I am doing this in Safemode with networking if that helps. Thanks again.
     

    Attached Files:

    princessp, Oct 4, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    You do not appear to be following the directions for using GetRunKey and ShowNew. As a result your logs are incomplete and not useful. You must make sure you follow the directions exactly. The .bat files MUST be extracted from the ZIP file and you must run them from a Windows Explorer session. If you run them from inside the ZIP file, which you appear to be doing, they will not work.

    However, you don't appear to have any problems! Just delete the file your antivirus program is complaining about yourself. You could also run your antivirus scanner in safe mode to see if that helps. For one example, Kaspersky found the below:

    C:\Documents and Settings\All Users\Documents\nonnas music\alishia marty robins 47.wma

    You can just delete this yourself. Kaspersky's Online scanner will not fix anything.
     
    chaslang, Oct 5, 2006
    #4
  5. princessp

    princessp Private E-2

    I did run the get run keys right from explore but it gives error messages such as:
    C:\Windows\System32\cmd.exe
    C:\Windows\System32\AutoExec.NT.
    The system file is not suitable for running MS-DOS and Microsoft Windows Applications. Choose close to terminate the App.
    And then the Cmd screen says this:
    The process cannot access the file because it is being used by another process.

    C:\xrkey00.txt



    C:\xrkey01.txt



    C:\xrkey02.txt



    C:\xrkey03.txt



    C:\xrkey04.txt



    C:\xrkey05.txt



    C:\xrkey06.txt



    C:\xrkey07.txt



    C:\xrkey08.txt



    C:\xrkey10.txt

    Also my windows firewall is disabled and it won't let me re enable it. I have now installed Zone alarm (this was happening before I installed Zone Alarm) so I dont need it but there must be a reason for that and the other online scans freezing. Also why would the icons on the desktop and in folders be all scattered in all 4 users on this pc? Why is my pc so slow? Also can you please tell me what Twunk.001.Mtx and Twunk.002.mtx are? I really appreciate the help thanks. Oh forgot to mention that I ran Mcaffee's check tool to make sure that it was working and it did not detect the file? Also it turns off every so often and I get a Black M.

    Telia
     
    Last edited: Oct 5, 2006
    princessp, Oct 5, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Go back and read the information about this error on the download page again and follow the directions given.


    It is not necessarily malware but could have been a residual effect. As long as ZoneAlarm is working you are OK! The Windows firewall is totally inadequate and too easy to defeat and break.

    I don't understand what you mean???

    Do to what you are running! McAfee is a known resource hog. Also you now have Ewido and Windows Defender running. If Ewido is the free version, uninstall it and keep Windows Defender. If Ewido is a paid version then uninstall Windows Defender.

    Dump the Google Toolbar unless it is an absolute must have!

    You can also have HJT fix the below two unnecessary startups:
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    The rest of the stuff you have running you will have to determine the necessity of.



    Where are these and what are the dates of the files? There was a trojan with a similar name (see http://www.bleepingcomputer.com/startups/twunk_service-8044.html )

    If you decide to uninstall McAfee to resolve the slow PC problems, we will give you a free antivirus to use and this problem will not matter anymore. Otherwise uninstall McAfee anyway and then reboot, and then reinstall (DO NOT skip the reboot).
     
    Last edited: Oct 6, 2006
    chaslang, Oct 6, 2006
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds