Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Explorer and MBAM


  • Please log in to reply

#1
MehChan

MehChan

    Member

  • Member
  • PipPip
  • 19 posts
I think I clicked into this website and got a virus. Then my internet explorer stopped working. Now whenever I click Internet Explorer it just stops working right away. It just keep popping this window out that says "Internet Explorer has stop working". When I try to click into MBAM to scan for viruses, it seems like the MBAM.exe got deleted right away. So right now in my MBAM folder there is no mbam.exe . Please and thank you for your help.

Also if you can, please do not delete my restore points in this process because last time my computer was not able to turn on and I had to use restore points.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
See Quietman7's post in http://www.bleepingc...opic267354.html

Are you able to run OTL as requested in the top post of this forum? The log would really be useful.

Ron
  • 0

#3
MehChan

MehChan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I was able to run OTL. Here is the log.

Attached Files

  • Attached File  OTL.Txt   91.79KB   100 downloads

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Please do not attach files. Just copy and paste them.

I see these culprits:

C:\Windows\Tasks\esdklhks.job
C:\Windows\Tasks\succlthb.job
C:\ProgramData\sijudika
C:\ProgramData\nitesani
C:\ProgramData\dobojobe
C:\ProgramData\wifekeba
C:\ProgramData\rimakita
C:\ProgramData\genetoda

The first two are scheduled tasks. Right click on Computer and select Manage. (Continue) Now click on Task Scheduler. Click on View then Show Hidden Tasks. In the right pane find the Active Tasks. Look for esdklhks and double click on it. Click on Actions. What program is it trying to run? Please copy the full path. Select Disable in the list on the right. Now find succlthb and repeat.

Close the window.

Download The Avenger by Swandog46 from
http://swandog46.gee...r2/download.php
* Unzip/extract it to a folder on your desktop.
* Right click on avenger.exe and Rename it to john.exe, Enter then right click on it and select Run As Administrator
* Click OK.
* Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
* Copy all of the text between the stars to the clipboard by highlighting it and then pressing Ctrl+C.
*******************************************************
Files to delete:
C:\Windows\Tasks\esdklhks.job
C:\Windows\Tasks\succlthb.job
C:\ProgramData\sijudika
C:\ProgramData\nitesani
C:\ProgramData\dobojobe
C:\ProgramData\wifekeba
C:\ProgramData\rimakita
C:\ProgramData\genetoda


******************************************************
* In the avenger window, click the Paste Script from Clipboard icon, Image button.
* :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
* Click the Execute button.
* You will be asked Are you sure you want to execute the current script?.
* Click Yes.
* You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
* Click Yes.
* Your PC will now be rebooted.
* Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
* If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
* After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt). I would like to see the log in your next post.

If Avenger won't work go on to Combofix.


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#5
MehChan

MehChan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I was able to find esdklhks in the task manager, but I cannot find succlthb.
For esdklhks the details are :
C:\Windows\system32\rundll32.exe “C:\Windows\system32\gobewowi.dll”,d

Also when I copy and paste the text in john.exe and press execute it says:
Error: Invalid Script. A valid script must begin with a command directive.
Aborting execution.
Also i found this log:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6000)
Sat Feb 27 08:31:05 2010

08:31:05: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6000)
Sat Feb 27 08:34:14 2010

08:34:14: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////

Edited by MehChan, 27 February 2010 - 10:44 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP