Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cftmona Virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 divchrome

divchrome

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 24 May 2008 - 09:43 PM

My problems starter with blue screen that says you are infected with spyware install and spyware removal to correct problem. My desktop would get loaded for a second then there was an error that ctfmona.exe program error. I ran spybot s&d and removed some general issues but did not fix the problem (did not save log). Now the only thing that produces from spybot search and destroy is a DSO exploit X 2. I tried to run syntemec on the computer but could only run through task manager and some produced results but no change. I then downloaded Malwarebytes and copied it onto non-working computer and ran. Reboot and now I get errors from explorer.exe and needs to restart and it keeps switching back and forth between that and the original blue screen. Malwarebytes found a lot of issues but seemed to create some as well. I then downloaded Hijack this and ran. Posted is the log file. Please help.

Thank you

In addition, I forgot that I am not in a specific operating system thread. I am using Windows XP, let me know if there is any other information I should provide.

Merge posts. ~ OB

Attached Files


Edited by Orange Blossom, 25 May 2008 - 12:14 AM.


BC AdBot (Login to Remove)

 


#2 divchrome

divchrome
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 25 May 2008 - 10:26 AM

In addition, I cannot get onto Internet explorer now. keeps on crashing.

Please help

#3 divchrome

divchrome
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 27 May 2008 - 08:07 AM

Is there any othe information that I can provide that may help?

#4 divchrome

divchrome
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 03 June 2008 - 07:04 PM

I just wanted to add some other events even though I had posted in the No reply in 5 days thread.

I had an error that read something along the lines of Dr. Watson bad attachment, Fatal Error las time I booted my computer and the screen reads only Stop: 0x00000005 (0x828C2840,0x810CE460,0x00000001,0x00000000) Invalid_process_attach_attempt.

Thanks for your help!!!

#5 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:07 PM

Posted 04 June 2008 - 04:51 AM

Hi, sorry for the delay in responding, but the amount of people posting with infected computers is through the roof and we sometimes can't get to logs as fast as we would like to.

You might want to save this page on your favorites, so you can find it again when you return.

# Step 1 #

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows


# Step 2 #

Please click this link-->Jotti
  • When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
  • C:\WINNT\system32\rxnnhgod.dll
  • Please post back the results of the scan in your next post.
  • You can try the same at Virustotal: http://www.virustotal.com/

# Step 3 #

Please download the ComboFix from the links above and follow all instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • "If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!"
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  • Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer


# Step 4 #

In your next reply, please post:
  • The results from Jotti's analyse.
  • The ComboFix log.
  • A new HijackThis log.
Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#6 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:07 PM

Posted 13 June 2008 - 06:08 AM

Due to inactivity this thread has been closed to prevent others with similar problems posting to it.
If you need it re-opened please PM a member of the moderating team with a link to your thread.

Thanks
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users