Help
This topic is locked
Not surprising. I'll see what I can find out.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
SMART VIRUS
#31
- Forum Addict
-
- Group: Malware Response Team
- Posts: 6,414
- Joined: 19-June 07
- Gender:Male
- Location:Florida
Posted 09 November 2009 - 06:27 PM
If I have helped you then please consider donating so I can continue the fight against malware 
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
Back to top
#32
- Forum Addict
-
- Group: Malware Response Team
- Posts: 6,414
- Joined: 19-June 07
- Gender:Male
- Location:Florida
Posted 09 November 2009 - 06:39 PM
When I looked back on your initial post I did not see where you said you tried to run DDS per our posting instructions. If you didn't we are going to have to try it first.
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
- When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt
- DDS.txt
- Save both reports to your desktop.
If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
#33
- Member
-
- Group: Members
- Posts: 35
- Joined: 21-November 07
Posted 09 November 2009 - 06:55 PM
It ran the program and I saved both logs. I was not sure if you wanted to see them or not so i'll attach both of them to this post.
Attached File(s)
-
Attach.txt (13.56K)
Number of downloads: 4 -
DDS.txt (14.32K)
Number of downloads: 6
#34
- Forum Addict
-
- Group: Malware Response Team
- Posts: 6,414
- Joined: 19-June 07
- Gender:Male
- Location:Florida
Posted 09 November 2009 - 07:32 PM
Yes thanks, that was correct. Before I make up a long script tell me if this program will download and open. I don't need anything more than that right now.
We need to execute an OTM script
We need to execute an OTM script
- Please download OTM by OldTimer and save it to your desktop.
- Double click the
icon on your desktop.
If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
#35
- Member
-
- Group: Members
- Posts: 35
- Joined: 21-November 07
Posted 09 November 2009 - 07:46 PM
Yes it opened.
#36
- Forum Addict
-
- Group: Malware Response Team
- Posts: 6,414
- Joined: 19-June 07
- Gender:Male
- Location:Florida
Posted 09 November 2009 - 09:17 PM
Good we are going to try to let OTM remove a lot of infected files plus some other things and see if it will then allow any of our other tools access. If this script seems to run successfully immediately try to run MalwareBytes and if it runs add the log it produces to the one OTM should produce. As always if I am not clear on my instructions please stop and ask.
We need to execute an OTM script
We need to execute an OTM script
- Double click the icon on your desktop.
- Paste the following code under the
area. Do not include the word "Code".
:Files c:\windows\system32\gakemojo.dll c:\windows\system32\gezokije.dll c:\windows\system32\jejobadi.dll c:\windows\system32\kewowupa.dll c:\windows\system32\lenoruta.dll c:\windows\system32\mafopiwo.dll c:\windows\system32\muhoyawa.dll c:\windows\system32\neyuvena.dll c:\windows\system32\novusina.dll c:\windows\system32\tifileze.dll c:\windows\system32\tugokubu.dll c:\windows\system32\vakumene.dll c:\windows\system32\yejenujo.dll c:\windows\system32\zenemure.dll c:\windows\system32\zulagovi.dll c:\windows\system32\papororo.dll c:\windows\system32\homefebe.dll :Reg [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 :Commands [EmptyTemp] [Reboot]
- Push the large
button. - OTM may ask to reboot the machine. Please do so if asked.
- Copy/Paste the contents under the
line here in your next reply. - If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
#37
- Member
-
- Group: Members
- Posts: 35
- Joined: 21-November 07
Posted 10 November 2009 - 05:01 PM
Everything worked this time. I was able to move the files using OTM and then I was able to install and run Malwarebytes. I attached the two logs for you.
Attached File(s)
-
11102009_133601.log (9.53K)
Number of downloads: 4 -
mbam_log_2009_11_10__13_54_30_.txt (1.37K)
Number of downloads: 5
#38
- Forum Addict
-
- Group: Malware Response Team
- Posts: 6,414
- Joined: 19-June 07
- Gender:Male
- Location:Florida
Posted 10 November 2009 - 05:35 PM
Good deal!! 
How is the computer running now?
By the way although I don't think you would, do not run the version of ComboFix which you have. Delete it instead.
How is the computer running now?By the way although I don't think you would, do not run the version of ComboFix which you have. Delete it instead.
If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
#39
- Member
-
- Group: Members
- Posts: 35
- Joined: 21-November 07
Posted 10 November 2009 - 05:55 PM
The computer is running good now 
I am able to get onto IE and other programs as well. I deleted combofix along with all other programs except Malwarebytes and OTM. Is there anything I have to look out for in order to prevent this from coming back?
I am able to get onto IE and other programs as well. I deleted combofix along with all other programs except Malwarebytes and OTM. Is there anything I have to look out for in order to prevent this from coming back?
#40
- Forum Addict
-
- Group: Malware Response Team
- Posts: 6,414
- Joined: 19-June 07
- Gender:Male
- Location:Florida
Posted 10 November 2009 - 06:49 PM
I am going to give you some suggestions before we finish up. I still want you to run an on-line scan now that your machine is back up. This is an excellent scan we are going to use.
It's important to run this on-line scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:
Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)
If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
It's important to run this on-line scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:
Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)
If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- Open the Kaspersky WebScanner
page. - Click on the
button on the main page. - The program will launch and fill in the Information section on the left.
- Read the "Requirements and Limitations" then press the
button. - The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
- Once the files have been downloaded, click on the
...button.
In the scan settings make sure the following are selected:- Detect malicious programs of the following categories:
Viruses, Worms, Trojan Horses, Rootkits
Spyware, Adware, Dialers and other potentially dangerous programs - Scan compound files (doesn't apply to the File scan area):
Archives
Mail databases
By default the above items should already be checked. - Click the
button, if you made any changes.
- Detect malicious programs of the following categories:
- Now under the Scan section on the left:
Select My Computer
- The program will now start and scan your system. This will run for a while, be patient and let it finish.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- In the drop down box labeled Files of type change the type to Text file.
- Save the file to your desktop.
- Copy and paste that information in your next post.
If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
#41
- Member
-
- Group: Members
- Posts: 35
- Joined: 21-November 07
Posted 12 November 2009 - 05:09 PM
Ive tried scanning the computer twice. Both times the scan didnt complete. The first time i let the scan run over night but the scan only reached 79% and did not continue scanning. I just tried scanning it again and it only reached 75% and didnt continue scanning. According to the scan statistics there were 4 threats found and 5 infected objects found.
#42
- Forum Addict
-
- Group: Malware Response Team
- Posts: 6,414
- Joined: 19-June 07
- Gender:Male
- Location:Florida
Posted 12 November 2009 - 06:21 PM
Let's try this one it should be a little quicker and hopefully it will work:
I'd like us to scan your machine with ESET OnlineScan
I'd like us to scan your machine with ESET OnlineScan
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the
button. - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on
to download the ESET Smart Installer. Save it to your desktop. - Double click on the
icon on your desktop.
- Click on
- Check
- Click the
button. - Accept any security warnings from your browser.
- Check
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. - Push the
button. - Push
If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
#43
- Member
-
- Group: Members
- Posts: 35
- Joined: 21-November 07
Posted 12 November 2009 - 08:07 PM
Heres the scan report. Do i need to do anything else?
Attached File(s)
-
ESETScan.txt (1.82K)
Number of downloads: 4
#44
- Forum Addict
-
- Group: Malware Response Team
- Posts: 6,414
- Joined: 19-June 07
- Gender:Male
- Location:Florida
Posted 12 November 2009 - 09:01 PM
That scan was actually clean all it did was delete what OTM had already dealt with but that's OK.
I am not seeing an antivirus showing up on your computer. Do you have one?
I am not seeing an antivirus showing up on your computer. Do you have one?
If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
All donations go directly to the helper
Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you
#45
- Member
-
- Group: Members
- Posts: 35
- Joined: 21-November 07
Posted 13 November 2009 - 12:33 AM
No there is no antivirus on this computer.
