 Trojan.Vundo.H, Trojan.Agent, Rogue.Adware Alert (according to MBAM), Seems complicated, cannot resolve problem |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jan 23 2009, 06:29 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 23-January 09 Member No.: 286,418  |
I have tried many different ways to remove the infections present on my computer. I will provide a brief history: I use firefox (latest version) and began receiving popups constantly. Websites such as facebook or google simply wouldn't load (the page would remain on "contacting www.google.ca ..." and never load anything). Closing firefox completely and restarting it resolved the problem for a few moments, but the popups and freezing would continue. I tried several programs and methods. MBAM identifies many risks (quick and complete scans performed) and removes most at the time of the scan, with the rest requiring a restart, which is always performed. On restart, I receive a rundll error stating that the dll name (i.e. defarewo.dll or zapezade.dll) cannot be located. I downloaded AVG and allowed it to scan as well. While active in my task bar, upon opening firefox, one or several trojans are identified and I allow AVG to "heal", "remove" or "delete" them (there are different options depending on what is identified). Regardless, once in firefox the popups continue. I have also attempted several protocols suggested on this website. I have started the computer in safemode with the program that suspends explorer and winlogon (the protocol states to suspend rundll32 as well, but that file is not listed on the screen). I then ran vundofix, which failed to locate it on the computer. Still in safemode I ran MBAM and several things (registry keys and dll's) were identified and removed. Once again, on restart and running firefox, pop ups return. There are two distinct types: One is a new window, not full screen, that advertises something (a game, a website etc). This window has no address bar or back/forward options. The other opens up in the same size as my current window, but doesn't load anything. The address bar is complicated and begins with an IP such as 70.82.etc. In the address bar is also a recent thing I have searched for at google. For example, if I searched "vundo removal" the window that opens up is blank, but in the address bar there is an IP, and some gibberish containing ...=vundo.removal//google etc (not exactly like that, but some what, I'm sorry I have nothing to copy atm). I have also ran Ad aware, spybot, and several other programs as well. I also ran the trendmicro housecall webpage, which again identified the trojans and claimed removal, but to no avail. I thank you for your help, it would be a monumental weight off my shoulders if this can be corrected. I have attached the required file. Sam. EDIT: When the blank window opens up, my working window freezes for a few moments and the top blue bar flashes (blue/grey/blue/grey). If I'm typing something, it just stops and I can't resume until the window pops up (2-3 seconds later). As well, I forgot to mention that the first popup I ever received was one claiming my computer was infected, click here to scan etc (Antivirus 2009). I never closed the window directly, I usually ctrlaltdel and close the popup that way. Sometimes, despite the warning that my computer is infected coming up, there is no option to close it in the ctrlaltdel menu, so I have to press the x to close it. The popup that then begins "scanning" my computer comes up, and I then use ctrlaltdel to close that. Hah, the popup just happened. I couldn't type for 5 seconds and then this window opens (not a new tab, a new window): //82.98.235.111/dot.gif/?ver=119&cmp=profiling4&uid=50065b30c8bc11dd9e8600304890471a&guid=ee605607a5b07d408417cb6678c548d3&affid=170802&rid=in0009&m=re7v&revid=lappland&lid=www.google.ca%2Fsearch%3Fhl=en%26q=how+to+mix+drinks%26btnG=Google+Search%26meta=&uqs=1&s=0&c1=1&c2=0&uid_track=9807dc72-3196-4758-91de-e2ef6d357b14&br=firefox DDS (Ver_09-01-19.01) - NTFSx86 Run by Sam at 18:07:13.48 on 23/01/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.40 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Rogers\SelfHealing\rogersagent.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Sam\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com mSearchAssistant = hxxp://www.google.com BHO: {92789ac5-a15e-e429-c1b4-3da4a4f4ab51}: {15ba4f4a-4ad3-4b1c-924e-e51a5ca98729} - c:\windows\system32\vflyel.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: {bdc1d751-d583-42ad-bb1c-2167012bff56} - c:\windows\system32\vidajadu.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [RogersAgent] c:\program files\rogers\selfhealing\rogersagent.exe uRun: [SHS] "c:\program files\rogers\selfhealing\SHS.exe" /background uRun: [Update Manager] "c:\program files\rogers\update manager\UpdateManager.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AdwareAlert] c:\program files\adwarealert\AdwareAlert.exe -boot mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [gewosemujo] Rundll32.exe "c:\windows\system32\defarewo.dll",s mRun: [CPM8f34e186] Rundll32.exe "c:\windows\system32\wakozawa.dll",a uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127397272078 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: karna.dat avgrsstx.dll ogyreo.dll c:\windows\system32\kunuzavi.dll vflyel.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL LSA: Notification Packages = scecli c:\windows\system32\kunuzavi.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\sam\applic~1\mozilla\firefox\profiles\qk5zocdd.default\ FF - prefs.js: browser.startup.homepage - hxxps://webmail.utoronto.ca/ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\sam\application data\mozilla\firefox\profiles\qk5zocdd.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-20 97928] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-20 26824] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-20 231704] S4 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2005-3-8 17432] =============== Created Last 30 ================ 2009-01-23 17:16 <DIR> --d----- c:\docume~1\sam\applic~1\AdwareAlert 2009-01-23 17:09 133,341 a--sh--- c:\windows\system32\vflyel.dll 2009-01-23 14:06 <DIR> --d----- C:\VundoFix Backups 2009-01-23 04:21 134,351 a--sh--- c:\windows\system32\owkqzl.dll 2009-01-22 16:18 1,417,488 ---sh--- c:\windows\system32\efahiweb.ini 2009-01-22 16:18 133,431 a--sh--- c:\windows\system32\ogyreo.dll 2009-01-21 15:13 1,417,488 ---sh--- c:\windows\system32\ayiyopil.ini 2009-01-20 23:40 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-01-20 23:13 10,520 a------- c:\windows\system32\avgrsstx.dll 2009-01-20 23:13 97,928 a------- c:\windows\system32\drivers\avgldx86.sys 2009-01-20 23:13 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-01-20 23:13 <DIR> --d----- c:\program files\AVG 2009-01-20 23:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2009-01-20 21:15 <DIR> --d----- c:\windows\SxsCaPendDel 2009-01-20 20:29 134,468 a------- c:\windows\system32\okasmc.dll 2009-01-20 20:18 2,713 ---sh--- c:\windows\system32\vijufezi.dll 2009-01-20 20:18 2,713 ---sh--- c:\windows\system32\tisuzezi.dll 2009-01-20 20:18 2,713 ---sh--- c:\windows\system32\garenuji.dll 2009-01-20 08:23 133,814 a------- c:\windows\system32\mdubkv.dll 2009-01-20 08:18 2,713 ---sh--- c:\windows\system32\fosadite.dll 2009-01-19 20:22 133,200 a------- c:\windows\system32\rqlpmj.dll 2009-01-18 10:37 133,279 a------- c:\windows\system32\rhbtgq.dll 2009-01-18 10:33 2,713 ---sh--- c:\windows\system32\juwefisi.dll 2009-01-17 18:37 2,713 ---sh--- c:\windows\system32\sotugulu.dll 2009-01-17 06:54 133,231 a------- c:\windows\system32\ykokqp.dll 2009-01-17 06:36 2,713 ---sh--- c:\windows\system32\navuyane.dll 2009-01-17 06:36 2,713 ---sh--- c:\windows\system32\popuyumi.dll 2009-01-17 06:36 2,713 ---sh--- c:\windows\system32\zufasewa.dll 2009-01-16 18:48 133,763 a------- c:\windows\system32\xdsmba.dll 2009-01-16 18:36 2,713 ---sh--- c:\windows\system32\bozakita.dll 2009-01-16 18:36 5,018 ---sh--- c:\windows\system32\jibanehi.dll 2009-01-16 18:36 5,018 ---sh--- c:\windows\system32\nitalopo.dll 2009-01-16 18:36 2,713 ---sh--- c:\windows\system32\webukeyo.dll 2009-01-16 06:47 1,390,479 ---sh--- c:\windows\system32\ahotetib.ini 2009-01-16 06:36 5,018 ---sh--- c:\windows\system32\yoduseya.dll 2009-01-16 06:36 5,018 ---sh--- c:\windows\system32\kigoleki.dll 2009-01-15 15:36 2,713 ---sh--- c:\windows\system32\zakupuju.dll 2009-01-13 08:55 1,318,228 ---sh--- c:\windows\system32\omuvetod.ini 2009-01-13 08:38 5,018 ---sh--- c:\windows\system32\weluyiki.dll 2009-01-13 08:38 2,713 ---sh--- c:\windows\system32\wasomuli.dll 2009-01-12 20:49 1,255,908 ---sh--- c:\windows\system32\imewidul.ini 2009-01-12 20:40 2,713 ---sh--- c:\windows\system32\nukatojo.dll 2009-01-12 20:40 2,713 ---sh--- c:\windows\system32\hakurevi.dll 2009-01-11 20:39 1,328,039 ---sh--- c:\windows\system32\ebolokim.ini 2009-01-08 18:24 1,312,845 ---sh--- c:\windows\system32\apurabaf.ini 2009-01-08 18:19 2,713 ---sh--- c:\windows\system32\kisevabi.dll 2009-01-08 18:19 2,713 ---sh--- c:\windows\system32\wuduzuli.dll 2009-01-08 06:24 1,309,042 ---sh--- c:\windows\system32\edakafij.ini 2009-01-08 06:20 2,713 ---sh--- c:\windows\system32\bibegipe.dll 2009-01-06 20:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard 2009-01-06 20:33 <DIR> --d----- c:\program files\common files\iS3 2009-01-06 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla! 2009-01-02 21:40 1,294,028 ---sh--- c:\windows\system32\ibedisuz.ini 2008-12-31 08:38 1,701,582 ---sh--- c:\windows\system32\atapubab.ini ==================== Find3M ==================== 2009-01-23 17:09 133,341 a--sh--- c:\windows\system32\vajapaso.dll 2009-01-23 04:21 134,351 a--sh--- c:\windows\system32\tareniva.dll 2009-01-22 16:18 65,186 a--sh--- c:\windows\system32\lubujoko.dll 2009-01-22 16:18 133,431 a--sh--- c:\windows\system32\guromome.dll 2009-01-22 16:18 99,647 a--sh--- c:\windows\system32\tifakapu.dll 2009-01-21 15:13 133,383 a--sh--- c:\windows\system32\hotomoho.dll 2009-01-20 20:29 134,468 a------- c:\windows\system32\lenasoyu.dll 2009-01-20 08:23 65,797 a------- c:\windows\system32\vufeguja.dll 2009-01-20 08:23 133,814 a------- c:\windows\system32\zegofadu.dll 2009-01-19 20:22 133,200 a------- c:\windows\system32\wisepale.dll 2009-01-18 22:37 133,370 a------- c:\windows\system32\pujojiwu.dll 2009-01-17 18:46 101,160 a------- c:\windows\system32\mufayehu.dll 2009-01-17 06:54 133,231 a------- c:\windows\system32\liyayeki.dll 2009-01-16 18:48 133,763 a------- c:\windows\system32\duwekide.dll 2009-01-16 18:48 64,122 a------- c:\windows\system32\vogomiyi.dll 2009-01-16 06:47 131,843 a------- c:\windows\system32\jodenosi.dll 2009-01-15 15:39 127,861 a------- c:\windows\system32\siruboma.dll 2009-01-15 15:39 68,856 a------- c:\windows\system32\nugebini.dll 2009-01-13 20:55 99,992 a------- c:\windows\system32\lejufomu.dll 2009-01-13 20:55 131,809 a------- c:\windows\system32\rilihezo.dll 2009-01-13 08:55 99,576 a------- c:\windows\system32\pufajahe.dll 2009-01-12 08:38 100,987 a--sh--- c:\windows\system32\fatodogi.dll 2009-01-09 06:20 103,642 a--sh--- c:\windows\system32\rimododi.dll 2009-01-08 18:24 102,109 a------- c:\windows\system32\zanelupo.dll 2009-01-08 06:24 102,126 a------- c:\windows\system32\legadaza.dll 2009-01-06 21:42 103,556 a--sh--- c:\windows\system32\lupomoja.dll 2009-01-06 21:42 67,380 a--sh--- c:\windows\system32\ginejoyi.dll 2009-01-06 09:42 102,113 a--sh--- c:\windows\system32\kukeyehu.dll 2009-01-05 21:42 103,035 a--sh--- c:\windows\system32\sevabija.dll 2009-01-05 09:41 104,155 a--sh--- c:\windows\system32\wevanovo.dll 2009-01-04 21:41 102,579 a--sh--- c:\windows\system32\somibezi.dll 2009-01-04 09:41 104,096 a--sh--- c:\windows\system32\pekiboba.dll 2009-01-03 21:40 102,571 a--sh--- c:\windows\system32\verazemi.dll 2009-01-03 09:40 103,098 a--sh--- c:\windows\system32\lifigote.dll 2009-01-02 21:40 101,665 a--sh--- c:\windows\system32\fabufepu.dll 2009-01-02 08:40 102,007 a--sh--- c:\windows\system32\nolamira.dll 2009-01-02 08:40 66,708 a--sh--- c:\windows\system32\subuzele.dll 2009-01-01 20:39 96,383 a--sh--- c:\windows\system32\yageyinu.dll 2009-01-01 08:39 95,988 a--sh--- c:\windows\system32\vamakepu.dll 2008-12-31 20:39 97,588 a--sh--- c:\windows\system32\gabuvike.dll 2008-12-31 08:38 97,880 a--sh--- c:\windows\system32\pabipihe.dll 2008-12-30 20:38 97,071 a--sh--- c:\windows\system32\semajosu.dll 2008-12-30 20:38 61,714 a--sh--- c:\windows\system32\nilujete.dll 2008-12-22 10:23 94,863 a--sh--- c:\windows\system32\repeseza.dll 2008-12-20 22:22 95,900 a--sh--- c:\windows\system32\geyinehi.dll 2008-12-20 10:22 97,427 a--sh--- c:\windows\system32\lizimobu.dll 2008-12-19 22:21 94,856 a--sh--- c:\windows\system32\lohukehi.dll 2008-12-17 10:20 96,828 a--sh--- c:\windows\system32\hemeketu.dll 2008-12-16 22:30 59,876 a---h--- c:\windows\system32\mlfcache.dat 2008-12-16 10:20 66,169 a--sh--- c:\windows\system32\lenidure.dll 2008-12-16 10:20 95,345 a--sh--- c:\windows\system32\ruwulehu.dll 2008-12-15 22:20 96,462 a--sh--- c:\windows\system32\savozuyi.dll 2008-12-15 21:19 95,540 a--sh--- c:\windows\system32\piyazuzi.dll 2008-12-15 21:19 64,075 a--sh--- c:\windows\system32\vukugaju.dll 2008-12-13 09:18 92,355 a--sh--- c:\windows\system32\lojonuda.dll 2008-12-12 21:18 60,537 a--sh--- c:\windows\system32\hosezuba.dll 2008-11-08 08:13 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-11-04 12:58 19,953 a------- c:\program files\common files\ugizuga.inf 2008-11-04 12:58 19,558 a------- c:\windows\enehu.reg 2008-11-04 12:58 18,547 a------- c:\windows\system32\vuvit.bat 2008-11-04 12:58 15,751 a------- c:\program files\common files\ydopujelar.sys 2008-11-04 12:58 14,600 a------- c:\windows\system32\yhuve.bin 2008-11-04 12:58 14,574 a------- c:\windows\axisysaxul.bin 2008-11-04 12:58 14,562 a------- c:\docume~1\sam\applic~1\nyfa.dll 2008-11-04 12:58 14,023 a------- c:\program files\common files\vufywarac.com 2008-11-04 12:58 19,585 a------- c:\docume~1\sam\applic~1\oriv.dat 2008-11-04 12:58 17,481 a------- c:\program files\common files\dypicebyq.exe 2008-11-04 12:58 13,554 a------- c:\program files\common files\eciv.dl 2008-11-04 12:58 10,964 a------- c:\program files\common files\fesono.db 2008-10-17 15:27 18,838 a------- c:\docume~1\alluse~1\applic~1\neky.reg 2008-10-17 15:27 18,503 a------- c:\docume~1\alluse~1\applic~1\aruqid.vbs 2008-10-17 15:27 14,957 a------- c:\docume~1\alluse~1\applic~1\avomapagal.bat 2008-10-16 19:58 10,457 a------- c:\docume~1\alluse~1\applic~1\ytigu.dll 0000-00-00 00:00 65,186 a--sh--- c:\windows\system32\kunuzavi.dll ============= FINISH: 18:08:58.85 =============== This post has been edited by KoanYorel: Jan 23 2009, 07:17 PM
Reason for edit: Hot link URL above disabled
Attached File(s)
|
 |
 
|
|
Feb 1 2009, 09:40 AM
Post
#2
|
|
 Forum Addict Group: Malware Response Team Posts: 6,490 Joined: 4-December 07 Member No.: 174,482 |
Please download Malwarebytes' Anti-Malware from HERE or HERE Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan" Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. NEXT Please download RSIT by random/random and save it to your Desktop.
NEXT Please download GMER and unzip it to your Desktop.
Post me these logs in your next reply.. Post each log in separate post.. 1. Malwarebytes' 2. RSIT log.txt 3. RSIT info.txt 4. Attach GMER result.. -------------------- Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine.. Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson   Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive In process of awesome comeback.. |
|
|
|
|
Feb 10 2009, 05:42 AM
Post
#3
|
|
|
Forum Addict Group: Malware Response Team Posts: 6,490 Joined: 4-December 07 Member No.: 174,482 |
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic -------------------- Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine.. Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive In process of awesome comeback.. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 29th July 2010 - 09:37 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.