[skorpeo]

I should have asked this before, but does it matter that I havent dun the TFC,ERUNT,or GMER prio to this? Thanks again for your time and effort.

[Advertisements]

what is finding them and where ?

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

* Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Check next options: Remove found threats and Scan unwanted applications.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
• Copy and paste that log as a reply to this topic

[Rorschach112]

what is finding them and where ?

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

* Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Check next options: Remove found threats and Scan unwanted applications.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
• Copy and paste that log as a reply to this topic

[skorpeo]

I ran the TFC and the Malwarebytes which did not find anythind, I ran the Kaspersky online and it found the attached file, virus.win32.induc.a I have not had the oppurtunity to run the eset ne yet,but I will attach the result as soon as possible. thanks again. Oh, I also recieved intrusion pop ups while my anti virus was deactiviated and my browser was redirected once when I tried to run the kapersky online scan.

Attached Files

•  kaspersky scan.txt   945bytes   117 downloads

[Rorschach112]

delete this file

C:\Documents and Settings\user\My Documents\My Downloads\WRC4Free.exe


and do the eset step when you can

[skorpeo]

I completed the eset scan and have attached the log. No soon as I rebooted the computer I received yet another intrusion blocked pop up again. Also, I saw the windows update icon in my systray and it was stuck at 4% then disappeared.

[skorpeo]

I just got a pop up that was too fast to write down, but it was a long series of numbers then .exe and it said that this exe file just changed 4 startup files.

[skorpeo]

I got another pop up that says something like jmvoxxkshaw accessed a network resource or something to that affect then a got a window that says a generic host win32 process encoutered a problem and needed to close. Sorry for so many posts, but I'm trying to get these out as soon as I get them.

[skorpeo]

now I am getting all kinds of weird security scan things poping up and running scans. It even has an icon in my systray! I cant stop it either. every time I click on it, it goes to the internet and starts running some kind of scan.

[skorpeo]

Well, now my infected computer is worse off than ever. Now I have all these securitysuite scan adds poping up all over and I cant access the internet. What do I do now if I cant get on the net to be able to fix my machine? When I boot the computer it stops at a window that says security warning, it says the file aawwsc.exe is infected, then I have all these other windows open up with security stuff. I even have this icon in my systray. I cant open either of the browsers on my computer and it is not connecting.Every program that I click on gives me a window that says it cant open because its infected. Is there anyway I can return the computer to a state before all this started happening? like earlier today? It really didnt like what ever eset did. After I ran the kapersky I was still having pop ups but was able to use the machine. Once I ran the eset online scan and it did its thing, all heck broke loose and this is where I am now.

Edited by skorpeo, 26 August 2010 - 10:08 PM.

[skorpeo]

sorry for all the posts last night, I was and still am very freaked about the prospect of my hijacked computer. But I really appreciate the help. What can I do now? Does that recovery console play into this now?

[Rorschach112]

It sounds like a case of Zlob/DNSchanger that change the router's DNS settings. Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.

• Launch Malwarebytes' Anti-Malware, then click Finish.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================

Please post the Malwarebytes log and let me know how things are running now

[skorpeo]

I can't. Get on the net from that computer but I have malwarebytes on my computer from.last.time. can I use it? The problem is that everytime I click on something it won't. load it says the file is infected.

[Rorschach112]

resetting the router is the important part

[skorpeo]

I can get on the net via wireless connection with no problem. Resetting the router is a pain since my ISP set it up for me, and on the phone with someone in India for 2 hours is a pain. Can I start up in safe and run the malwarebytes?

[Rorschach112]

mbam isn't important, the router reset is though, it really does need to be done sorry