Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redir..Virtumond...Trojan..nothing but wallpaper..im dead here


  • This topic is locked This topic is locked
43 replies to this topic

#1 MisledUtopia

MisledUtopia

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 09 December 2008 - 11:49 PM

SORRY IM NEW AT THIS I TRIED TO GO BACK AND PUT HIJACK THIS LOG IN THE TOPIC BUT IT WOULDNT LET ME *LOG IS ATTACHED*
ok....through my task manager can i operate my computer somewhat, but for the most part this ordeal has reduced it to a really expensive paper weight. For about the past month ive noticed that my browser (firefox- but even IE) redirects me to all kinds of other sites some even before i finish typing the original url i was planning to attend. Most of the time its to a site that proclaims itself to be a windows virus scanner that begins to scan me without permission. I have been just xing out of it and it was simply a nuicense, but then my comp got slowere and slower and I found I had to click links several times to get them to work and some none at all. I got some "free trial" virus software to attempt removal(avg-MCaffe-PCtools) and durring my last attempt my comp just shut down and now all I see is wallpaper. No Icons no task bar....nothing. I try not to but I know my girlfriend torrents all day without regaurd for threats or malicious code of anykind and I should have watched her more closely so this is probably my fault....with that said if one of you could find it in your heart to help me out and possibly direct me to some good software to keep this from hppening again I would be in your debt for life.

Attached Files


Edited by MisledUtopia, 09 December 2008 - 11:54 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 13 December 2008 - 06:23 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post these logs in your next reply..

1. ComboFix
2. A fresh HijackThis log
3. Attach GMER report


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 MisledUtopia

MisledUtopia
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 13 December 2008 - 10:21 PM

I tried to load Combo Fix from all 3 links. I got it downloaded but every time I ran it, it told me I had a Date Error...and to check my settings, but the settings are fine....

I loaded another Hijack Log and GMER log ....that seems to be the only software that is operating properly....

Please .... please help me I use this Comp for work and home and it is almost useless....

Attached Files


Edited by MisledUtopia, 13 December 2008 - 10:35 PM.


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 13 December 2008 - 11:38 PM

Rename ComboFix to Combo-Fix and run it.. post the log here.. Or, tell me if Combo-Fix still not running..

Edited by fenzodahl512, 13 December 2008 - 11:39 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 MisledUtopia

MisledUtopia
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 14 December 2008 - 02:52 PM

I renamed ComboFix to Combo-Fix without the desired result. Every time I try to run it, it tells me I have a Date Error and to check my settings. Only I don't know how to even do that from my Task Manager and last time I checked the internet took care of keeping me on time so I don't see how I could be off even slightly.

Since I loaded the extra programs my computer is running even worse( slower - more browser redirections with even faster redirection, I can barely use firefox). I'm not sure if this is the result of the added software or the further propagation of malicious code that was already on my computer. Either way if this doesn't get resolved soon, I might not be able to turn my computer on to resolve it period.

Every time I turn on my computer, even with a successful SHUT DOWN the nest time it starts up It prompts me to load in safe made and tells me it was improperly shutdown. I don't know what to do. This kind of malfunction is beyond my capabilities so I beg of you, please lend me some resolving assistance as soon as you can.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 15 December 2008 - 03:02 AM

it tells me I have a Date Error and to check my settings.


Go to your Taskbar and check your date setting.. Change it to today's date :thumbsup:

Refer below if you do not know how..

http://www.helpwithpcs.com/tipsandtricks/c...-windows-xp.htm

Then, try ComboFix again and post the log here...

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 MisledUtopia

MisledUtopia
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 15 December 2008 - 08:14 PM

I REPEAT - I HAVE NO TASKBAR - JUST WALLPAPER

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 15 December 2008 - 10:26 PM

Can you press Ctrl + Alt + Del button at the same time and start Task Manager?.. If yes, please go to File >> New Task (Run..) >> Copy/paste below >> Enter

explorer.exe



If not, please do a System Restore to a most recent date available..Please visit here if you do not know how..

Then, tell me more about it..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 MisledUtopia

MisledUtopia
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 16 December 2008 - 02:08 AM

I tried that too (explorer.exe) and nothing happened ....

I did a little research and found my explorer in c:\WINDOWS\ServicePackFiles\i386\explorer.exe .

So once I got it....WAHLAH.... I saw icons..(sweet) so I changed my date...
that was somehow a week in the past and again....WAHLAH....ComboFix worked.

Immediately after running it my computer is running better,
but I still have to load my explorer via the task manager and explorer.exe wont do it.
I have to use that big string c:\WINDOWS\ServicePackFiles\i386\explorer.exe .

So long story short here is my combo fix log.

Ahhh...this to shall pass....I see hope at last on the horizon

but I still think there are some problems considering my explorer only shows when I call on it via task manager
and when I see it my taskbar retains a classic setting even when I choose the XP setting
but this is much closer to where I need it.

You people should be proud of yourselves.

Attached Files



#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 16 December 2008 - 06:24 AM

Firstly, please copy (don't cut.. just copy) c:\WINDOWS\ServicePackFiles\i386\explorer.exe file and put it in c:\WINDOWS folder.. Reboot your pc and then observe whether you have your normal computer back (with icons and everything)

If it doesn't work, tell me about it,

If it work, then run ComboFix again and post the log here :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 MisledUtopia

MisledUtopia
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 17 December 2008 - 01:50 AM

It worked. My taskbar shows up as XP style and my icons
are all where they should be. Thank You

I still am having some ridiculous CPU usage (a steady 100% at times) and my
computer locks up and always asks me to turn it on in safe mode.

There are still some serious problems, but I get closer to a safe zone
with every posting. Thank you so much.

Here is the new Combo fix log

Attached Files



#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 17 December 2008 - 11:50 PM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    mdxgthkn
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.


Post me these logs in your next reply..

1. OTMoveIt3
2. Malwarebytes'
3. RSIT log.txt
4. RSIT info.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 MisledUtopia

MisledUtopia
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 20 December 2008 - 01:46 AM

Here are all of the logs you have asked for.
My computer locked up a few times running Malwarebytes,
but I think we are on to something here.
Thanks again.

Attached Files



#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 20 December 2008 - 03:26 AM

Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE



Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.



How is your computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 MisledUtopia

MisledUtopia
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 31 December 2008 - 03:28 PM

Sorry this took me so long ,but I was gone for my Christmas.
Here is the log you asked for.
I hope this helps cause my computer is not doing well at all.
It shuts off randomly and occasionally runs as slow as i've ever seen it.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users