Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slowed Computer, Internet Explorer Issues, Popups, Programs Spontaneously Closing.


  • Please log in to reply
7 replies to this topic

#1 Verion

Verion

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 25 December 2007 - 03:32 PM

:thumbsup: Lets start off then.

My computer has been experiencing problems lately. It runs random advertisement popups, runs MUCH slower, programs close without notice, i have not been able to run many programs. Internet explorer cant load a page, and closes all the time showing this notice:

Posted Image
Weirdly, without the rest of the stuff the notice usually shows.

This icon appears in my tray, and when you right click and click close nothing happens.
Posted Image

(the green and red circles with the exclamation mark)

This appears when you click it.

Posted Image


4 New Folders appeared in the PROGRAM FILES folder, called OuterInfo, Kimmkofn, rgpmlybi, Zuxttrbm, without me installing anything.


I cant run the HijackThis Installer, i click OK as soon as it loads, then it comes up with an error "Out of memory"
I also tried to install Spybot Search and Destroy, but it would be about 1 minute into installation and it would just disappear. This happens with many programs.


Please help with this matter,

Verion

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,270 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:04 PM

Posted 25 December 2007 - 11:50 PM

Hello and welcome to Bleeping Computer Verion.
Let's go to Control Panel> Add/Remove Programs
Look for any of these and uninstall them...
ClickSpring
Cowabanga by OIN
ipwindows / ipwins
MediaTickets
MediaTickets by OIN
OIN
Outer Info Network
PurityScan
PurityScan by OIN
Snowball Wars by OIN
TizzleTalk
TizzleTalk by OIN
Yazzle by OIN
Yazzle ActiveX By OIN
Yazzle Cowabanga by OIN
Yazzle Kobe :filtered:! By OIN
Yazzle Picster by OIN
Yazzle Sudoku by OIN
Yazzle Snowballwars by OIN
Yazzle Kobe Balls! by OIN
Zolero Translator
or anything similar with OIN, Outer Info Network or Yazzle in them.

and any other programs you didn't install or don't recognize.

Then IF they're not listed run the Outerinfo Uninstaller

Important! Reboot when done.

Open My Computer or Windows Explorer, navigate to C:\Program Files and delete any of the named program folders listed above that you find (if they still exist).

Please follow the the instructions for using Vundofix in BC's self-help tutorial: "How To Remove Vundo/Winfixer Infection".

After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt.
Please copy & paste the contents of that text file into your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:04 PM

Posted 26 December 2007 - 11:28 AM

After doing the above, also delete these folders:
C:\Program Files\Kimmkofn
C:\Program Files\rgpmlybi
C:\Program Files\Zuxttrbm

Please print out and follow the generic instructions for using "SmitfraudFix".
(If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!)
-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.

Go to Start > Control Panel > Display. Click on the "Desktop" tab, then the "Customize Desktop..." button.
Click on the "Web" tab, then under Web Pages, uncheck everything and look for any of the following:
  • Security Info
  • Warning Message
  • Security Desktop
  • Warning Homepage
  • Desktop Uninstall
If present, select each entry and click the Delete button.
Also, make sure the Lock desktop items box is unchecked. Click "Ok", then "Apply" and "Ok".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Verion

Verion
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 26 December 2007 - 08:07 PM

Ok, I have completed boopme's instructions, here is the Vundo Fix log

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 8:19:49 AM 27/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\aayay.ini
C:\WINDOWS\system32\aayay.ini2
C:\windows\system32\drvlacr.dll
C:\WINDOWS\system32\mljifdb.dll
C:\WINDOWS\system32\winaag32.dll
C:\WINDOWS\system32\wvuuttu.dll
C:\WINDOWS\system32\yayaa.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aayay.ini
C:\WINDOWS\system32\aayay.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\aayay.ini2
C:\WINDOWS\system32\aayay.ini2 Has been deleted!

Attempting to delete C:\windows\system32\drvlacr.dll
C:\windows\system32\drvlacr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljifdb.dll
C:\WINDOWS\system32\mljifdb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\winaag32.dll
C:\WINDOWS\system32\winaag32.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuuttu.dll
C:\WINDOWS\system32\wvuuttu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayaa.dll
C:\WINDOWS\system32\yayaa.dll Has been deleted!

Performing Repairs to the registry.
Done!


Now, i cant delete the folders i mentioned before, it says they are in use. I have done the Smitfraudfix Scan, and now will reboot in safe mode, try to delete them, and then do the Smitfraudfix clean, then the rest of the options.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,270 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:04 PM

Posted 26 December 2007 - 09:42 PM

You also need to Update your Java. It's a security risk as are any older versions on your PC.

Follow these steps to install Java.. Latest is version 6 update 3

1. Download the latest version of Java Runtime Environment (JRE).
2. Scroll down to where it says Java Runtime Environment (JRE) 6 Update 3.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' (jre-6u3-windows-i586-p.exe) and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once after all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:04 PM

Posted 27 December 2007 - 08:51 AM

Yes, you should be able to delete the folders in safe mode. If you can't, open each one and let us know what (if any) files are inside.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Verion

Verion
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 29 December 2007 - 02:14 AM

Ok, I have done all the steps, and there were no web boxes. It has stopped bothering me :thumbsup: Thanks for the help, I'm going to update Java now.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:04 PM

Posted 29 December 2007 - 08:18 AM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users