Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A bad case of the Win32/Cryptor.


  • This topic is locked This topic is locked
2 replies to this topic

#1 CSDustin

CSDustin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 27 July 2009 - 09:34 PM

Ok, I'm running windows XP pro on my HP Pavillion a1520n. I recently left town for a couple of days and when I came back my AVG was going mad, saying it had found several instances of this Win32/Cryptor madness. So, I do what usually works, try to run Malwarebyte's removal tool, it doesn't start, because as I will soon learn, this cryptor mess is pretty clever. It blocks access to all kinds of web pages that have information about spyware removal. Malarebyte's, Spybot, SuperAntispyware, and avg all have problems either executing or updating. So, I tried following just about every guide out there, but there's this one extra problem that compounds the situation. My computer won't start in safe mode, and I have no idea what the administrator password is. I don't remember making one, and some websites say this trojan can change it.

Well, good luck guys.

Here's a little info on the system.

------------------
System Information
------------------
Time of this report: 7/27/2009, 21:25:17
Machine name: HENRY
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_gdr.090206-1234)
Language: English (Regional Setting: English)
System Manufacturer: HP Pavilion 061
System Model: EX272AA-ABA a1520n
BIOS: Phoenix - AwardBIOS v6.00PG
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+, MMX, 3DNow (2 CPUs), ~2.0GHz
Memory: 958MB RAM
Page File: 685MB used, 1631MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5512 32bit Unicode.



------------------------ Here's the DDS file. -------------------------------

DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 21:20:25.15 on Mon 07/27/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.403 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator.HENRY\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://uconnect.uco.edu/cp/home/displaylogin
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\speebo~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\speeboyte\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus\AirPlus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\speebo~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-7-26 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-26 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-26 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-26 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-26 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-26 298776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 119808]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-26 19096]
S2 MBAMService;MBAMService;"c:\program files\malwarebytes' anti-malware\mbamservice.exe" --> c:\program files\malwarebytes' anti-malware\mbamservice.exe [?]
S3 WLAN(WLAN);802.11g USB 2.0 WLAN Dongle(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2009-5-26 237568]

=============== Created Last 30 ================

2009-07-27 20:28 <DIR> --d----- c:\program files\Violence
2009-07-26 19:39 <DIR> --d----- c:\program files\Speeboyte
2009-07-26 19:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-26 19:35 <DIR> --d----- c:\program files\Trendie Macro
2009-07-26 19:17 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 19:17 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-26 19:17 <DIR> --d----- c:\program files\Calmarehype's
2009-07-26 16:54 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-26 16:54 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-07-26 16:54 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-26 16:54 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-26 16:54 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-26 16:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-07-26 16:38 1,110,399 a------- c:\windows\system32\UACmpcbehesrt.db
2009-07-26 16:38 0 a------- c:\windows\SC.INS
2009-07-25 05:08 1,110,399 a------- c:\windows\system32\UACoqxnrfunus.db
2009-07-25 05:08 785,920 a------- c:\windows\system32\wscsvc32.exe
2009-07-25 05:08 257,536 a------- c:\windows\system32\resdll.dll
2009-07-25 05:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\11797344
2009-07-25 05:06 0 a------- c:\windows\system32\A83.tmp
2009-07-25 05:06 40 a------- c:\windows\system32\A81.tmp
2009-07-25 05:06 <DIR> --d----- c:\program files\sFX
2009-07-25 05:06 209 a------- c:\windows\prxid93ps.dat
2009-07-24 16:22 856 a------- C:\CheckMeOut.class
2009-07-24 16:11 367 a------- C:\CheckMeOut.java
2009-07-24 16:02 <DIR> --d----- c:\program files\Notes+
2009-07-21 21:02 <DIR> --d----- c:\docume~1\hp_adm~1.hen\applic~1\FileOpen
2009-07-21 21:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FileOpen
2009-07-16 15:01 1,970,176 a------- c:\windows\system32\d3dx9.dll
2009-07-16 15:01 679,936 a------- c:\windows\system32\D3DX81ab.dll
2009-07-16 15:01 <DIR> --d----- c:\program files\Cheat Engine
2009-07-15 15:19 <DIR> --d----- c:\documents and settings\hp_administrator.henry\Logs
2009-07-15 13:17 5,632 a------- c:\windows\system32\ptpusb.dll
2009-07-15 13:17 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-07-15 13:17 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2009-07-15 13:17 159,232 a------- c:\windows\system32\ptpusd.dll
2009-07-07 10:01 <DIR> --dsh--- c:\windows\System Volume Information
2009-07-06 22:05 2,349 a------- C:\compareTemps.class
2009-07-06 21:50 1,998 a------- C:\compareTemps.java
2009-07-06 21:50 1,992 a------- C:\compareTemps.java~
2009-07-03 10:35 <DIR> --d----- c:\docume~1\hp_adm~1.hen\applic~1\Malwarebytes
2009-07-03 10:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-02 13:02 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-02 11:20 2 a------- C:\117513891
2009-07-02 11:20 0 a------- C:\ttrw.exe

==================== Find3M ====================

2009-07-26 16:39 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-07-21 23:21 1,932 a------- c:\docume~1\hp_adm~1.hen\applic~1\wklnhst.dat
2009-06-13 17:33 27,610 a------- C:\config.bin
2009-06-13 17:23 2,912,288 a------- C:\FW_WRT110_WRT100_1.0.05.003_EN_20080708.bin
2009-05-30 00:11 23,040 a------- c:\windows\_MSRSTRT.EXE
2009-05-29 16:50 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-29 16:49 65,536 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-05-29 16:49 341,048 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2009-05-29 16:49 217,088 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
2009-05-29 16:49 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-05-29 16:49 64,512 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-05-29 16:49 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-05-29 16:49 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-05-29 16:49 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-05-29 16:49 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-15 19:36 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-05-15 19:36 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\localspl.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 00:31 1,657,376 a------- c:\windows\system32\nwiz.exe
2009-05-01 00:31 449,056 a------- c:\windows\system32\nvappbar.exe
2009-05-01 00:31 436,768 a------- c:\windows\system32\keystone.exe
2009-05-01 00:31 1,724,416 a------- c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31 1,507,328 a------- c:\windows\system32\nview.dll
2009-05-01 00:31 1,101,824 a------- c:\windows\system32\nvwimg.dll
2009-05-01 00:31 466,944 a------- c:\windows\system32\nvshell.dll
2009-05-01 00:30 1,194,528 a------- c:\windows\system32\nvcplui.exe
2009-05-01 00:30 163,840 a------- c:\windows\system32\nvcolor.exe
2009-04-30 22:02 1,579,630 a------- c:\windows\system32\nvdata.bin
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 663,552 a------- c:\windows\system32\nvcuvid.dll
2009-04-30 22:02 457,248 a------- c:\windows\system32\nvudisp.exe
2009-04-28 23:46 3,068,928 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 23:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-28 23:46 666,624 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 23:46 620,032 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 23:46 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-04-28 23:46 81,920 -------- c:\windows\system32\ieencode.dll
2009-04-28 23:46 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2008-09-27 12:11 675,840 a------- c:\documents and settings\all users\gnugo-mingw-36.exe
2008-09-27 12:08 1,217,016 a------- c:\documents and settings\all users\compogo.zip

============= FINISH: 21:22:23.65 ===============


Let me know if you can figure out a solution, and I'll get back to you with the next piece of the puzzle.

I also attached a sysprot log, in case that helps, I saw on another topic a hjt member request one.

Attached Files


Edited by CSDustin, 28 July 2009 - 05:28 PM.


BC AdBot (Login to Remove)

 


m

#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:25 PM

Posted 06 August 2009 - 06:55 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:25 PM

Posted 11 August 2009 - 06:55 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users