Jump to content

Change Mode

essexboy

Trusted Malware Techs
  • Content Count

    752
  • Joined

  • Last visited

Everything posted by essexboy

  1. Here we go famous last words " This looks relatively easy " Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdmqu.exe] C:\WINDOWS\system32\kdmqu.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\muwatibi.dll wzhatx.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' An
  2. Now the best part of the day ----- Your log now appears clean :thumbsup: A good workman always cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep We will now confirm that your hidden files are set to that, as some of the tools I use will change that Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden fi
  3. The OTScanit will produce a text file. It could be quite large, so if you upload it to mediafire and post the sharing link I will download and then analyse it
  4. Looks good - now the big question How is your computer running ?
  5. According to that you are re-infected. I am running threat expert on my system at the moment to see if it is reporting right But for confirmation as something seems a bit hickey To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link. Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Close ALL OTHER PROGRAMS. Open the OTScanit folder and double-click on OTScanit.exe to start the program. Check the box that says Scan All Users Check t
  6. That is the legitimate file, notice the difference in spelling The main question is how is your computer running now ?
  7. Still a few to remove though Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. [Unregister Dlls] [Registry - Safe List] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YN -> "NAV" -> %UserProfile%\Local Settings\Temp\IXP000.TMP\NAV09EN.exe ["C:\Documents and Settings\Student\Local Settings\Temp\IXP000.TMP\NAV09EN.exe" /RELAUNCH /RUNONCE /NOPROMPT] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFT
  8. Now lets clear the waifs and strays and see what remains Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. M
  9. OK lets have a go shall we Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O20 - AppInit_DLLs: ogjhcm.dll ycgytx.dll djrzyk.dll hrobui.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Please download the OTMoveIt3 by OldTimer. Save it to your desktop. Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pre
  10. Lets move swiftly on then to clear a few more 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: KillAll:: Driver:: RkHit VMwareService srwsvc File:: c:\windows\system32\mlJYrSjK.dll c:\windows\system32\drivers\RKHit.sys c:\windows\system\VMwareService.exe c:\windows\system32\drivers\srwsvc.sys 3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES 4. Save the above as CFScript.txt 5. Then drag the CFScr
  11. Hi kristen lets get the big boy on it first and see what that reveals Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly reco
  12. Comes up clean this time Glad to be off assistance
  13. Yes there is a Java script trojan somewhere on that page and Avast does not like it. I received three warnings. Unfortunately I do not know enough about web crafting to assist But your system is OK ?
  14. Now the best part of the day ----- Your log now appears clean :thumbsup: A good workman always cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep We will now confirm that your hidden files are set to that, as some of the tools I use will change that Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden fi
  15. This looks to be the last.. How is your computer now Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. [Kill Explorer] [Unregister Dlls] [Win32 Services - Non-Microsoft Only] YY -> (WinSpoolSvc) Windows Spool Services [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\csrsc.exe [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Authorized
  16. Lets now do a deep search for hidden meanies To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link. Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Close ALL OTHER PROGRAMS. Open the OTScanit folder and double-click on OTScanit.exe to start the program. Check the box that says Scan All User Accounts Check the Radio button for Rootkit check YES Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified W
  17. Hi there try this for starters Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your
  18. If that scan was from your home and you can get windows updates then you should be good to go
  19. OK then subject to no further problems Now the best part of the day ----- Your log now appears clean :thumbsup: A good workman always cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep We will now confirm that your hidden files are set to that, as some of the tools I use will change that Click Start. Open My Computer. Select the Tools menu and click Folder Options
  20. Ah OK I see why it is not going the naming on your temp files has been amended to C:\Documents and Settings\G--- W---\ I should have noticed that earlier OK I will now try it again. How is your computer now ? Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :Files %SystemRoot%\System32\TDSSitpe.dat %SystemRoot%\System32\texnjkxy.ini
  21. Yep Avast does get a bit touchy about OTScanit, purely because of what it does OK some did not want to go first time around so lets hit them with a harder tool and this should finish it off Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below starting with :Processes to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): Return to OTMoveIt3, right click in the "Paste Instructions for Items t
  22. A quicker solution as it is your router that is infected Disconnect your system from the internet, and your router, then… Double Click mbam-setup.exe to install the application. Launch Malwarebytes' Anti-Malware, then click Finish. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted
  23. No problems there, my wife is impatient as well OK the removal of the job should have slowed it down some, so now lets remove the residue. Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. [Unregister Dlls] [Files/Folders - Created Within 90 days] NY -> TDSSitpe.dat -> %SystemRoot%\System32\TDSSitpe.dat NY -> texnjkxy.ini -> %SystemRoot%\System32\texnjkxy.ini [Files/Folders - Modified Within 90 days] NY -> TDSSitpe.dat -> %SystemRoot%\System32\TDSSitpe.dat NY -> te
  24. The trigger file does not appear to have been removed. So I will kill that and do a deeper investigation Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O20 - AppInit_DLLs: miturx.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Please download the OTMoveIt3 by OldTimer. Save it to your desktop. Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to th
  25. They were only important to the infection not windows
×
×
  • Create New...