Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Miva DLL problems, freezing / search hijacks [Moved]


  • Please log in to reply
9 replies to this topic

#1 fieramente

fieramente

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 16 July 2009 - 04:44 PM

My searches are being hijacked and they are redirecting me to a site that says 'welcome to miva dll enjoy your stay' or something along those lines. My computer continually freezes every 20 or 30 minutes, making me unable to do much of anything. I cannot run MBAM, spybot, or combofix due to this virus. When I try to open RootRepeal up it gives me an error 'cannot read boot sector try adjusting the disk access level in options dialog. I have also adjusted that to each of the levels and i continue to get a problem. I have googled this problem the past 2 days and cant seem to find a solution besides reinstalling windows but that would cause a lot of problems for me, so i'd prefer to just get rid of this damn thing.

Thank you for your time and also I apologize if I posted this in the wrong forum. Im pretty sure this is malware though.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:29 PM

Posted 16 July 2009 - 05:03 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:29 PM

Posted 16 July 2009 - 07:44 PM

Hello let's try Fatdcuk's fix.

Please navigate to the MBAM folder located in the Program Files directory.

Locate MBAM.exe and rename it to winlogon.exe

Once renamed double click on the file to open MBAM and select Quick Scan

At the end of the scan click Remove Selected and then reboot.


Post the scan log. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Edited by boopme, 16 July 2009 - 07:45 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 fieramente

fieramente
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 July 2009 - 11:15 PM

Would not run still? I can see the process on task manager but nothing else. Renamed :/

#5 fieramente

fieramente
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 July 2009 - 11:52 PM

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

7/18/2009 11:48:23 PM
mbam-log-2009-07-18 (23-48-23).txt

Scan type: Quick Scan
Objects scanned: 84056
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 17
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\mediaplayerplg.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\dlp.dlpobj (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dlp.dlpobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dnscache.dnscacheobj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1fd79a59-37b1-459b-9097-09f9fab8a523} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b97f9125-71a1-48d0-b920-f140ef8de809} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dnscache.dnscacheobj.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b1e22eb8-2ae8-4e8e-96ae-74f2a1764533} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{29a5ea88-29a5-ea88-29a5-ea8829a5ea88} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5f920865-38c9-40da-8fcf-d9dc83f84ec5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{be2ed590-ca49-46b5-8cce-244fb2e0d1aa} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\DLP.dll (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\mediaplayerplg.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

#6 fieramente

fieramente
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 19 July 2009 - 03:18 AM

Not to bump my own topic or anything, but I am still freezing every 20 min. At first it was alright but now its back to freezing consistantly every 20 minutes

2 infections continue to show up HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) and C:\WINDOWS\system32\uacinit.dll (Trojan.Agent)
it says in the logs that they were deleted on reboot but they do not and continue to show up anyways. ._.

Edited by fieramente, 19 July 2009 - 03:31 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:29 PM

Posted 19 July 2009 - 01:58 PM

Hi iwas out last nite.. can you run Rootrepeal.
Next Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K.
Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner.
Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services


Now you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report.
Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there).
Please copy and paste that into your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 fieramente

fieramente
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 19 July 2009 - 02:48 PM

I try to open RootRepeal up it gives me an error 'cannot read boot sector try adjusting the disk access level in options dialog. I have also adjusted that to each of the levels and i continue to get a problem.

#9 fieramente

fieramente
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 19 July 2009 - 02:54 PM

I try to open RootRepeal up it gives me an error 'cannot read boot sector try adjusting the disk access level in options dialog. I have also adjusted that to each of the levels and i continue to get a problem.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:29 PM

Posted 19 July 2009 - 02:55 PM

OK, this one will ned some specialized tools..

You will need to run HJT/DDS.
Please follow this guide. Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users