Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with virtumonde and maybe more


  • This topic is locked This topic is locked
2 replies to this topic

#1 effeacci

effeacci

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 19 June 2009 - 10:28 AM

DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by Owner at 11:10:01.85 on Fri 06/19/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by Verizon Online
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: {a4c43ec4-bfa4-4bfd-92c7-2441a2138caf} - c:\windows\system32\bataduka.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
uRun: [AROReminder] c:\program files\advanced registry optimizer\aro.exe -rem
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [HostManager] c:\program files\common files\aol\1126029153\ee\AOLSoftware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [kulukiwazu] Rundll32.exe "c:\windows\system32\kujapebo.dll",s
mRun: [sysldtray] c:\windows\ld09.exe
mRun: [sysfbtray] c:\windows\freddy46.exe
mRun: [13404684] c:\documents and settings\all users\application data\13404684\13404684.exe
mRun: [f4264954] rundll32.exe "c:\windows\system32\dozilibe.dll",b
mRun: [CPMf7157ac8] Rundll32.exe "c:\windows\system32\rapasevu.dll",a
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226016574968
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://remote.condenast.com/dana-cached/setup/JuniperSetupSP1.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\judobida.dll c:\windows\system32\rapasevu.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rapasevu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\rapasevu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = c:\windows\system32\judobida.dll scecli

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-19 08:20 1,407,044 ---sh--- c:\windows\system32\ebilizod.ini
2009-06-18 20:20 1,407,011 ---sh--- c:\windows\system32\isewiliv.ini
2009-06-18 08:20 1,407,024 ---sh--- c:\windows\system32\umadadug.ini
2009-06-17 15:21 1,407,024 ---sh--- c:\windows\system32\uhufavad.ini
2009-06-17 03:21 1 ----h--- c:\windows\bf23567.dat
2009-06-17 03:21 2 a------- c:\windows\0101120101465452.dat
2009-06-17 03:21 40,960 ----h--- c:\windows\freddy46.exe
2009-06-17 03:21 2 a------- c:\windows\104116116112584747.dat
2009-06-17 03:21 1,407,011 ---sh--- c:\windows\system32\udoluseg.ini
2009-06-17 03:21 2 a------- c:\windows\010112010146118114.dat
2009-06-17 03:20 164 a------- C:\nm8912.bat
2009-06-16 16:19 <DIR> --d----- c:\program files\Trend Micro
2009-06-16 16:18 <DIR> --d----- c:\docume~1\owner\applic~1\Sammsoft
2009-06-16 16:17 <DIR> --d----- c:\program files\Advanced Registry Optimizer
2009-06-16 15:20 1,407,024 ---sh--- c:\windows\system32\unulasif.ini
2009-06-16 03:23 181 ---sh--- c:\windows\system32\bogigipi.exe
2009-06-15 09:19 <DIR> --d----- c:\program files\podmena
2009-06-15 09:19 2 ----h--- c:\windows\zaponce53173.dat
2009-06-15 09:19 529 ---sh--- c:\windows\system32\lafokune.exe
2009-06-15 09:19 1,407,024 ---sh--- c:\windows\system32\ezamuyef.ini
2009-06-15 09:19 2 ----h--- c:\windows\zaponce53290.dat
2009-06-15 09:19 159 a------- C:\d45.bat
2009-06-15 08:22 15,360 ----h--- c:\windows\ld09.exe
2009-06-10 09:07 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-06-10 09:05 <DIR> --d----- c:\documents and settings\owner\.housecall6.6
2009-06-10 07:53 1,407,011 ---sh--- c:\windows\system32\umeyanol.ini
2009-06-09 16:40 <DIR> --dsh--- C:\found.001
2009-06-09 10:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\13404684
2009-06-07 21:38 1,434,364 ---sh--- c:\windows\system32\umasamaw.ini
2009-06-04 09:51 2,713 ---sh--- c:\windows\system32\ruyopaku.dll
2009-05-31 00:12 1,434,346 ---sh--- c:\windows\system32\ehimuhet.ini
2009-05-31 00:12 81,920 -------- c:\windows\system32\tehumihe.dll
2009-05-30 10:22 1,434,355 ---sh--- c:\windows\system32\agohanuk.ini
2009-05-30 10:22 81,920 -------- c:\windows\system32\kunahoga.dll
2009-05-29 22:22 1,434,346 ---sh--- c:\windows\system32\ilegeday.ini
2009-05-29 22:22 81,408 -------- c:\windows\system32\yadegeli.dll
2009-05-29 10:03 1,434,346 ---sh--- c:\windows\system32\umidozop.ini
2009-05-29 10:03 80,896 -------- c:\windows\system32\pozodimu.dll
2009-05-28 17:32 1,434,346 ---sh--- c:\windows\system32\ahoyaboz.ini
2009-05-28 17:32 80,896 -------- c:\windows\system32\zobayoha.dll
2009-05-28 02:13 1,434,346 ---sh--- c:\windows\system32\adelasuj.ini
2009-05-28 02:13 81,920 -------- c:\windows\system32\jusaleda.dll
2009-05-27 10:16 1,434,346 ---sh--- c:\windows\system32\ohupoped.ini
2009-05-27 10:16 82,432 -------- c:\windows\system32\depopuho.dll
2009-05-24 21:04 1,434,346 ---sh--- c:\windows\system32\ijofevip.ini
2009-05-24 21:03 81,920 -------- c:\windows\system32\pivefoji.dll
2009-05-24 09:04 1,434,346 ---sh--- c:\windows\system32\ulomukag.ini
2009-05-24 09:04 81,920 -------- c:\windows\system32\gakumolu.dll
2009-05-23 20:30 1,434,346 ---sh--- c:\windows\system32\edurenaw.ini
2009-05-23 20:29 81,920 -------- c:\windows\system32\wanerude.dll
2009-05-23 08:29 1,434,346 ---sh--- c:\windows\system32\ujeviwug.ini
2009-05-23 08:29 81,920 -------- c:\windows\system32\guwiveju.dll
2009-05-22 02:06 2,713 ---sh--- c:\windows\system32\tosivusu.exe

==================== Find3M ====================

2009-06-19 08:19 89,600 a--sh--- c:\windows\system32\rapasevu.dll
2009-06-19 08:19 81,408 a--sh--- c:\windows\system32\dozilibe.dll
2009-06-19 08:19 15,360 a--sh--- c:\windows\system32\wefivewu.exe
2009-06-18 20:19 89,600 a--sh--- c:\windows\system32\zulagovi.dll
2009-06-18 20:19 15,360 a--sh--- c:\windows\system32\fukevudo.exe
2009-06-18 08:20 89,600 a--sh--- c:\windows\system32\bedinuni.dll
2009-06-18 08:20 80,896 a--sh--- c:\windows\system32\gudadamu.dll
2009-06-18 08:20 15,360 a--sh--- c:\windows\system32\popefuha.exe
2009-06-17 15:21 89,600 a--sh--- c:\windows\system32\runimuhu.dll
2009-06-17 15:21 15,360 a--sh--- c:\windows\system32\nitukito.exe
2009-06-17 03:20 89,600 a--sh--- c:\windows\system32\vokeloso.dll
2009-06-17 03:20 15,360 a--sh--- c:\windows\system32\buregoso.exe
2009-06-16 15:20 89,600 a--sh--- c:\windows\system32\pahekuve.dll
2009-06-16 15:20 81,920 a--sh--- c:\windows\system32\fisalunu.dll
2009-06-15 09:19 50,688 a--sh--- c:\windows\system32\deluguba.dll
2009-06-15 09:19 89,600 a--sh--- c:\windows\system32\regisifo.dll
2009-06-15 09:19 81,408 a--sh--- c:\windows\system32\feyumaze.dll
2009-06-15 09:18 15,360 a--sh--- c:\windows\system32\sujuwido.exe
2009-06-15 08:22 15,360 a--sh--- c:\windows\system32\telariva.exe
2009-06-10 11:10 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-09 10:25 537,918 a--sh--- c:\windows\system32\sesisage.exe
2009-05-19 13:37 81,920 -------- c:\windows\system32\lugavoha.dll
2009-05-18 11:30 81,920 -------- c:\windows\system32\teyesoro.dll
2009-05-17 22:45 81,920 -------- c:\windows\system32\zerejuhu.dll
2009-05-17 10:30 81,920 -------- c:\windows\system32\wopebulu.dll
2009-05-15 22:15 81,408 -------- c:\windows\system32\zojizane.dll
2009-05-15 07:29 82,432 -------- c:\windows\system32\dipepufe.dll
2009-05-14 19:29 81,408 -------- c:\windows\system32\niwuzodo.dll
2009-05-14 07:29 81,920 -------- c:\windows\system32\witukezo.dll
2009-05-13 19:32 81,920 -------- c:\windows\system32\heyotina.dll
2009-05-13 19:32 47,104 a--sh--- c:\windows\system32\sojerire.exe
2009-05-13 07:29 82,432 -------- c:\windows\system32\dalepeme.dll
2009-05-12 15:23 81,408 a--sh--- c:\windows\system32\zedikano.dll
2009-05-12 15:23 8,704 a------- c:\windows\instsp2.exe
2009-05-11 22:21 81,408 -------- c:\windows\system32\jayugavu.dll
2009-05-11 09:35 81,408 -------- c:\windows\system32\hirumodu.dll
2009-05-10 10:32 81,408 -------- c:\windows\system32\nififaju.dll
2009-05-09 10:02 81,408 -------- c:\windows\system32\hemozote.dll
2009-05-08 10:34 82,432 -------- c:\windows\system32\burasinu.dll
2009-05-07 08:58 81,920 -------- c:\windows\system32\fozugalu.dll
2009-05-06 13:05 47,104 a--sh--- c:\windows\system32\nirirolo.exe
2009-05-06 13:05 81,408 -------- c:\windows\system32\nuhipagu.dll
2009-05-05 08:30 81,408 -------- c:\windows\system32\yejuhuwo.dll
2009-05-04 20:27 81,920 -------- c:\windows\system32\losuvalo.dll
2009-05-04 08:26 81,408 -------- c:\windows\system32\zagonibu.dll
2009-05-04 08:26 47,104 a--sh--- c:\windows\system32\hefeduzo.exe
2009-05-03 10:18 47,104 a--sh--- c:\windows\system32\hipofahi.exe
2009-04-26 08:53 80,384 -------- c:\windows\system32\wilawape.dll
2009-04-25 10:12 2,713 ---sh--- c:\windows\system32\libopele.dll
2009-04-25 10:12 2,713 ---sh--- c:\windows\system32\dunozake.exe
2009-04-24 20:17 81,920 -------- c:\windows\system32\hogatoti.dll
2009-04-24 20:17 47,104 a--sh--- c:\windows\system32\winorivu.exe
2009-04-24 08:16 46,592 a--sh--- c:\windows\system32\tunirufa.exe
2009-04-24 08:16 80,896 -------- c:\windows\system32\wobubisi.dll
2009-02-17 22:35 56,936 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2008-12-29 15:49 45,132 -------- c:\docume~1\owner\applic~1\JuniperExtXP.exe
2007-09-20 23:06 148 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2006-04-06 09:00 389,120 a------- c:\documents and settings\owner\remote.exe
2009-03-15 09:19 50,688 a--sh--- c:\windows\system32\bataduka.dll
2009-02-13 19:32 47,104 a--sh--- c:\windows\system32\bumutehe.exe
2009-02-12 15:23 81,408 a--sh--- c:\windows\system32\duyudafe.dll
2009-02-01 09:40 47,104 a--sh--- c:\windows\system32\fikukaba.exe
2009-03-15 08:22 81,408 a--sh--- c:\windows\system32\funesabo.dll
2009-03-15 08:22 50,688 a--sh--- c:\windows\system32\gatinuro.dll
2009-02-06 13:05 47,104 a--sh--- c:\windows\system32\gesokabo.exe
2009-01-27 07:51 46,592 a--sh--- c:\windows\system32\hototire.exe
2009-03-15 09:19 50,688 a--sh--- c:\windows\system32\judobida.dll
2009-02-02 13:17 47,104 a--sh--- c:\windows\system32\junobuvo.exe
2009-01-24 08:16 46,592 a--sh--- c:\windows\system32\kijoyoli.exe
2009-03-15 09:19 50,688 a--sh--- c:\windows\system32\kujapebo.dll
2009-03-15 08:22 89,600 a--sh--- c:\windows\system32\lagoguze.dll
2009-01-24 20:16 47,104 a--sh--- c:\windows\system32\parojuse.exe
2009-02-04 08:25 47,104 a--sh--- c:\windows\system32\sasidepi.exe
2009-02-03 10:17 47,104 a--sh--- c:\windows\system32\serehera.exe
2009-01-25 10:11 47,616 a--sh--- c:\windows\system32\wojesahe.exe
2009-01-26 08:52 46,592 a--sh--- c:\windows\system32\yedopiji.exe
2009-02-02 13:17 80,896 a--sh--- c:\windows\system32\yetoravu.dll
2009-01-31 21:39 47,104 a--sh--- c:\windows\system32\yukofeva.exe
2008-10-25 19:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102520081026\index.dat

============= FINISH: 11:16:22.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:14 AM

Posted 20 June 2009 - 05:11 AM

Hi,

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:14 AM

Posted 07 July 2009 - 07:29 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users