Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gaopdx virus cleanup


  • Please log in to reply
1 reply to this topic

#1 r1024768

r1024768

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 21 April 2009 - 02:51 PM

Using Windows XP Pro Version 2002 with Service Pack 2
Tried AVG, Spybot S&D, Spyware Doctor, Malwarebytes, ComboFix...varying success, seems to have crippled the virus to the point that it's barely (if any) doing anything. I didn't run them all at the same time to avoid any problems they might have with each other
RootkitRevealer still shows a hidden registry listing called ovfsthxxyiqxfai under HKLM\SYSTEM\ControlSet001\Services and HKLM\SYSTEM\ControlSet002\Services
Right after ComboFix finishes running (ie. after the reboot part of it), I'm able to find a few files inside Windows\system32\ with the same naming scheme (ovfsthxlrepapja.dll, ovfsthxslrrvruk.dll, and ovfsthxfqsipjnd.sys) that disappears after a reboot if ComboFix wasn't the one rebooting. They are all "in use" and can't seem to be removed.
I've been getting redirected to a besttopnet and a poiskin.ru site with half my links in google search results, but it seems rather random at which one gets redirected and I had no problems getting to any antivirus sites so far

I got the virus after installing an infected file (it showed clean when I scanned it before installing) 2 days ago, scanned and killed it off for the most part (minus what's been listed), and I figured it was just crippled remains that won't can't anything since scans aren't picking up any more alterations and HijackThis didn't pick up any hidden processes. Yesterday I had a popup saying a1.exe has encountered an error when trying to run (found that file in Windows\system32\ shortly after, very recently created.) Since I wasn't running anything at the time other than more repeat scans, I'm seeing if I can try and clear off the remains too.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Edited by Animal, 21 April 2009 - 05:08 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:29 AM

Posted 22 April 2009 - 09:49 PM

With the tools that you have already run, I would suggest submitting a HJT log:



Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users