Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with virus/malware please. [Closed]


  • This topic is locked This topic is locked

#16
Drebinius

Drebinius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Boot in safe mode, or safe mode with networking? (just to be clear)
  • 0

Advertisements


#17
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
safe mode
  • 0

#18
Drebinius

Drebinius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Combofix runs, backs up something and then just disappears. Am i doing something wrong?
  • 0

#19
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like you to try this to see if combofix will run

combofix

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#20
Drebinius

Drebinius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
That didn't work either, same result as the last scan.

Edited by Drebinius, 30 December 2012 - 03:02 PM.

  • 0

#21
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image text box.
    :OTL
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
    IE - HKCU\..\URLSearchHook: {87775fdb-6972-41f9-ae51-8326e38cb206} - No CLSID value found
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\gopher - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012-05-19 13:45:58 | 000,000,000 | ---D | M] (uTorrentBar_NL Community Toolbar) -- C:\Users\Frits\AppData\Roaming\mozilla\Firefox\Profiles\wvwmpkbn.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
    [2012-05-19 13:45:45 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\Frits\AppData\Roaming\mozilla\Firefox\Profiles\wvwmpkbn.default\extensions\[email protected]
    :Files
    ipconfig /flushdns /c
    C:\Users\Frits\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
  • 0

#22
Drebinius

Drebinius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Both the OTL scan and the boot after should be in safe mode?
  • 0

#23
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
these can be done in normal mode
  • 0

#24
Drebinius

Drebinius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
My pc is less crash-prone in safe mode with networking, does it matter if i run the scan in safe mode with networking?
  • 0

#25
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
no it does not matter



gringo
  • 0

Advertisements


#26
Drebinius

Drebinius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I ran OTL with the custom code imbedded, restarted the computer after the prompt, but did not receive a log. Could it be that it was saved to a certain location?
  • 0

#27
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
how is it running?
  • 0

#28
Drebinius

Drebinius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
It's still running at 100% CPU, the only change i've noticed so far is how UAC got turned back on..
  • 0

#29
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.
  • 0

#30
Drebinius

Drebinius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I installed Mbar, unpacked it in a new map on my desktop, let it update and ran the scan.
No malware found. Ouch.

Edited by Drebinius, 02 January 2013 - 07:51 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP