Jump to content

noahdfear

Trusted Malware Techs
  • Content Count

    336
  • Joined

  • Last visited

Everything posted by noahdfear

  1. The cookies are coming from the ads on this site. Just opening this page, then clicking View>Source, I can see links to tribalfusion ads. They are not a threat. As for the Ÿ9Ÿ9 file, please upload it to my submission channel for analysis. Leave a link back to this topic. Other than that, are you experiencing any odd behavior?
  2. What same problems? Please give us a description ...
  3. Hi jlock, You've failed to give us any information about the current status of the machine. Are you still experiencing problems?
  4. Highlight and copy the contents of the code box below. reg delete HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2 /f exit cls Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own. Reboot then see if F:\ can be accessed normally.
  5. Download ATF Cleaner by Atribune and save it to your Desktop. Double click ATF-Cleaner.exe to run the program. Check the boxes to the left of: Windows Temp Current User Temp All Users Temp Temporary Internet Files Prefetch Java Cache Recycle bin The rest are optional - if you want it to remove everything check "Select All". Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.Reboot If no improvement, I recommend you try an IE reset. Open Internet Options in the Control Panel, select the Programs tab, then Click Reset Web Settings.
  6. Please check the Options panel of SpySweeper for View Session Log or similar. Locate a log that shows the Swizzor detection then Save to File and post that log here.
  7. Looks great! Remove any items in quarantine by your resident anitvirus and antispyware applications. Empty the recycle bin once more. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well. Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. You can delete any other logs that were created/saved too. That should finish things up as far as malware. Is IE still acting up?
  8. Please post the C:\ComboFix.txt log.
  9. Once again, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as; Filename: CFScript.txt Save As Type: All Files (*.*) Registry:: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "hujavawoki"=- Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log. Pl
  10. Scan again and check the following, then click Fix Checked. O4 - HKLM\..\Run: [hujavawoki] Rundll32.exe "C:\Program Files\tujumape\tujumape.dll",s Restart and do another scan. Let me know if the entry remains.
  11. TeaTimer is an excellent tool for the prevention of spyware, though it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now. TeaTimer can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. Reboot. Download ResetTeaTimer.bat b
  12. Delete the C:\R8VE.exe file. Download ATF Cleaner by Atribune and save it to your Desktop. Double click ATF-Cleaner.exe to run the program. Check the boxes to the left of: Windows Temp Current User Temp All Users Temp Temporary Internet Files Prefetch Java Cache Recycle bin The rest are optional - if you want it to remove everything check "Select All". Finally, click Empty Selected. Now select the Firefox option and clear at least the temporary files.When you get the "Done Cleaning" message, click OK then exit.Reboot Open HijackThis to the Misc Tools section. Check both box
  13. Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as; Filename: CFScript.txt Save As Type: All Files (*.*) http://forums.pcpitstop.com/index.php?s=&showtopic=163625&view=findpost&p=1554007 Collect:: c:\windows\system32\wvUoNGAP.dll c:\windows\system32\ydadrvjv.dll c:\windows\system32\ttfuqd.dll c:\windows\system32\hwuusawa.dll c:\windows\system32\ssqricsq.dll.ren File:: c:\windows\Tasks\hvbmgxiu.job c:\windows\Tasks\rcpxlyju.job Registry:
  14. Hi shadowxsssr, Please visit the following webpage for instructions for downloading and running ComboFix How to use ComboFix Download ComboFix by sUBs from here, saving the file to your desktop. Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs. Close all open programs and windows Double click ComboFix.exe and follow the prompts. It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
  15. Hi sphan, Does Webroot give you a filename and location, or registry location for this malware?
  16. If MyWay is still being detected, I would suspect some special permissions are set on the registry items preventing removal. This procedure is documented on the Microsoft.com website for resetting registry and system file permissions. While it might not fix the problem, it should do no harm either. Download and install SubInACL from Microsoft. Close out all other programs and open windows. Highlight and copy the contents of the code box below. cd /d "%ProgramFiles%\Windows Resource Kits\Tools" subinacl /subkeyreg HKEY_LOCAL_MACHINE\Software /owner=administrators /grant=adminis
  17. Happy to hear all is well. You're very welcome.
  18. The submitted file is fine. Thank you! Lets cleanup now. Now open MBAM and remove any items quarantined. Do the same with your resident antivirus. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well. Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. You can delete any other logs that were created/saved too.
  19. Works fine for me. What happens when you access it? Have you tried with both IE and FireFox?
  20. Please upload the following file to my submission channel for analysis. Leave a link back to this topic. C:\Qoobox\Quarantine\[22][email protected] Thanks! Log looks good. Lets get an online scan to see if we've missed anything. Please do an online scan with Kaspersky Online Scanner Click Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes
  21. The only thing I see that could indicate a problem is the following. ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\PavTPK.sys The system cannot find the file specified. ! ? C:\WINDOWS\system32\PavSRK.sys The system cannot find the file specified. ! ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. ! ? system32\drivers\av5flt.sys The system cannot find the file specified. ! First 2 and 4th file(s) are associated with Panda. The 3rd is with the User Profile Cleanup Utility from MS. Might want to do a repair insta
  22. Glad I could help kristina.
  23. That is an infection in your system restore point. Need only clear those past restore ponints to be rid of it. Clear past system restore points and create a new one. Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply to turn System Restore back on. Click OK, then OK to close the System Properties dialog. Verify a new restore point was created. Click Start>All Programs>Accessories>System Tools>System Restore Select 'Restore my computer to an earlier time', the
  24. Highlight and copy the contents of the code box below. reg delete HKU\.default\software\microsoft\windows\currentversion\policies\system /v DisableTaskMgr /f reg delete HKU\.default\software\microsoft\windows\currentversion\policies\system /v DisableRegistryTools /f reg delete HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5746e66-8fed-11dc-9a5e-001617d89ef3} /f exit cls Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own. Now, lets get an online sca
  25. Please post the contents of C:\Qoobox\combofix_quarantined_files.txt
×
×
  • Create New...