Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sdra64.exe, UACinit.dll, FakeAlert, Vundo...


  • This topic is locked This topic is locked
2 replies to this topic

#1 piratemcdaddy

piratemcdaddy

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 11 July 2009 - 05:30 PM

sdra64.exe lowsec, UACinit.dll, FakeAlert, Vundo... all have been removed from my PC - I think.
I used a cocktail of programs: malbytes, SAS, a-squared, dr. web's cureIt!, and lastly combofix.
I had everything removed before I used combo-fix except for the UAC related files. I had to use windows recovery console to delete about seven UACasdfhjiasdiogfhjasdiohjfgasdio.dll (not exactly that but UAC followed by gibberish) files, but that wasn't enough because they regenerated upon reboot, and thats when I turned to combofix.

Combofix detected the files and removed them.
After rebooting, I noticed a significant change for the better in system performance, but it was still more sluggish than it should be. And ontop of that, I could not bring up any websites via IE after normal startup, although IE would work fine when starting up under safe mode with networking.
I have a feeling there is still some malware preventing me from connecting.
That being said, I can ping websites - both in normal and safe mode - like yahoo.com or google.com, and my requests do not timeout, but I can not connect to them through Internet Explorer. I also reinstalled IE, and still no luck.
Like I said, I think there's some malware still on the machine that I'm missing.

I'll post my HJT log and if needed I can post my combofix log which are both from the last time I used the PC.
If someone sees something here that indicates malware, please tell me how/why you determined this, as I am trying to further my virus removal skills.

muchas gracias

edit: I just remembered, I also had removed three entries in the HJT scan that were O1 Host entries in relation to spyware protector - which as I researched, I found to be malware related.

Attached Files


Edited by piratemcdaddy, 11 July 2009 - 05:37 PM.


BC AdBot (Login to Remove)

 


m

#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:05 AM

Posted 20 July 2009 - 04:25 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:05 AM

Posted 24 July 2009 - 06:17 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users