Jump to content

essexboy

Trusted Malware Techs
  • Content Count

    752
  • Joined

  • Last visited

About essexboy

  • Rank
    Advanced Member

Contact Methods

  • Website URL
    http://cid-32d8666f4048075b.skydrive.live.com/browse.aspx/Malware%20files
  • ICQ
    0

Profile Information

  • Gender
    Male

Previous Fields

  • Teams:
    Nothing Selected

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Here we go famous last words " This looks relatively easy " Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdmqu.exe] C:\WINDOWS\system32\kdmqu.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\muwatibi.dll wzhatx.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' An
  2. Now the best part of the day ----- Your log now appears clean :thumbsup: A good workman always cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep We will now confirm that your hidden files are set to that, as some of the tools I use will change that Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden fi
  3. The OTScanit will produce a text file. It could be quite large, so if you upload it to mediafire and post the sharing link I will download and then analyse it
  4. Looks good - now the big question How is your computer running ?
  5. According to that you are re-infected. I am running threat expert on my system at the moment to see if it is reporting right But for confirmation as something seems a bit hickey To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link. Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Close ALL OTHER PROGRAMS. Open the OTScanit folder and double-click on OTScanit.exe to start the program. Check the box that says Scan All Users Check t
  6. That is the legitimate file, notice the difference in spelling The main question is how is your computer running now ?
  7. Still a few to remove though Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. [Unregister Dlls] [Registry - Safe List] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YN -> "NAV" -> %UserProfile%\Local Settings\Temp\IXP000.TMP\NAV09EN.exe ["C:\Documents and Settings\Student\Local Settings\Temp\IXP000.TMP\NAV09EN.exe" /RELAUNCH /RUNONCE /NOPROMPT] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFT
  8. Now lets clear the waifs and strays and see what remains Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. M
  9. OK lets have a go shall we Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O20 - AppInit_DLLs: ogjhcm.dll ycgytx.dll djrzyk.dll hrobui.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Please download the OTMoveIt3 by OldTimer. Save it to your desktop. Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pre
  10. Lets move swiftly on then to clear a few more 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: KillAll:: Driver:: RkHit VMwareService srwsvc File:: c:\windows\system32\mlJYrSjK.dll c:\windows\system32\drivers\RKHit.sys c:\windows\system\VMwareService.exe c:\windows\system32\drivers\srwsvc.sys 3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES 4. Save the above as CFScript.txt 5. Then drag the CFScr
  11. Hi kristen lets get the big boy on it first and see what that reveals Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly reco
  12. Comes up clean this time Glad to be off assistance
  13. Yes there is a Java script trojan somewhere on that page and Avast does not like it. I received three warnings. Unfortunately I do not know enough about web crafting to assist But your system is OK ?
  14. Now the best part of the day ----- Your log now appears clean :thumbsup: A good workman always cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep We will now confirm that your hidden files are set to that, as some of the tools I use will change that Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden fi
  15. This looks to be the last.. How is your computer now Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. [Kill Explorer] [Unregister Dlls] [Win32 Services - Non-Microsoft Only] YY -> (WinSpoolSvc) Windows Spool Services [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\csrsc.exe [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Authorized
×
×
  • Create New...