Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Save My Computer


  • This topic is locked This topic is locked
41 replies to this topic

#31 float1ng1nspace

float1ng1nspace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 08 September 2009 - 09:20 PM

Same problems in safe mode ad regular mode. I type combofix /u in the run window, then I get a small box that says combofix with a status bar. As the status bar fills in a blue color, I get the below dialog bubble pop up in my tool bar, next to the clock:

sfsdadsf.exe - corrupt file
the file or directory
c:\windows\system32\UACmnesxqcplumxnox.dll is corrupt
and unreadable. Please run the chkdsk utility

(the sfsdadsf.exe is what I had renamed the combofix file when you originally asked me to download)
once the status fills in completely, it disappears and my computer makes a beep sound and a new window pops up with the following:

warning!!

Combofix has detected the following real time scanner(s) to be active:

antivirus: authentium antivirus

antivirus and intrusion prevention programs are kneon to interfere with combofix's running. This may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking ok

as mentioned in my previous post I have no knowledge of downloading this, nor does there appear to be any processes running in my task manager related to this program, so then I just clicked ok.

Then I get a second beep from the computer, another dialog bubble pops up with the following:

cscript.exe - corrupt file

the file or directory
c:\windows\system32\UACmnesxqcplumxnox.dll is corrput
and unreadable. Please run the chkdsk utility.

This is accompanied by a window that reads:

waring!!

Antivirus : authenium antivirus

the above real time scanner(s) are still active but combofix shall
continue to run. Kindly note that this is at your own risk

I click ok and nothing happens.

Combofix

BC AdBot (Login to Remove)

 


#32 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:06 PM

Posted 09 September 2009 - 04:44 PM

Hello float1ng1nspace,

We need to check your hard disk for errors.

1.
To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.
*NOTE: This scan could take along time to complete, but let it finish.


2.
Please download Malwarebytes Anti-Malware (v1.40) rename it to floating.scr and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

3.
If Malwarebytes run successfully, then try running Combofix again after renaming it.

4.
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Things to include in your next reply:
Combofix.txt if succesfull
MBAM LOG
RootRepeal.txt

Edited by fireman4it, 09 September 2009 - 04:45 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#33 float1ng1nspace

float1ng1nspace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 09 September 2009 - 06:42 PM

Hello
so I tried running the error checking thing on the c drive while I was in safe mode. I checked both boxes and clicked start. A box popped up that reads

checking disk local drive (c:)
windows was unable to complete the disk check.

I restarted the computer in normal mode this time and the computer randomly restarted before I could get to my computer. I've tried about 10 times and each time could not even get to the my computer screen before the computer restarts on me. A little frustrating, so hopefully you know of a way to allow this to run this in safe mode.

Thanks!

#34 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:06 PM

Posted 09 September 2009 - 07:55 PM

hello,

Do the following while in safe mode hopefully this will help.

Go to start > Run copy/paste the following lines one by one in the run box and click OK after each line.

cmd /c chkntfs /t:0
cmd /c chkdsk /r


By the first command a window flashes. It is normal.
The second command opens the command window. Type Y and press Enter.
Close the open window, restart the computer and leave it to finish the disk check.
Please post back when it is done.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#35 float1ng1nspace

float1ng1nspace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 09 September 2009 - 08:11 PM

Will the computer restart in safe mode or do ihave to hit f8 while it's restarting or should it run in normal mode?

#36 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:06 PM

Posted 09 September 2009 - 08:21 PM

Let it go in normal mode if not then try safemode

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#37 float1ng1nspace

float1ng1nspace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 09 September 2009 - 08:30 PM

Disregard my previous post. I did exactly what you said. When I restarted I got the below message:

checking file system on C:
the type of the file system is RAW
AUTOCHK is not available for RAW
windows has finished checking the disk
....

Thoughts?

#38 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:06 PM

Posted 11 September 2009 - 04:47 PM

Hello float1ng1nspace,

Disregard my previous post. I did exactly what you said. When I restarted I got the below message:

checking file system on C:
the type of the file system is RAW
AUTOCHK is not available for RAW
windows has finished checking the disk

Thoughts?


Hate to be the bearer of bad news. :thumbup2:
After consulting with others this error is a sign that your HardDrive is probably failing.I would suggest backing up your data and try reformatting and reinstalling your operating system. If this doesn't work, we can point you over to our Hardware Department they might have other ideas,but at this point I would doubt it. While backing up your files don't back up any files with the following extensions: (.exe, .scr ,.zip,.cab,.rar,.php, .asp, .htm, .html, .xml) as these are common places malware can hide.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#39 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:06 PM

Posted 13 September 2009 - 11:14 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding :thumbup2:

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#40 float1ng1nspace

float1ng1nspace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 14 September 2009 - 09:32 PM

Hello Fireman4it,

I am going to attempt to back up some of the files in the next couple days. do you have any instructions available for how to reformat my harddrive?

#41 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:06 PM

Posted 15 September 2009 - 04:48 PM

Hello float1ng1nspace,

Reformatting is just not my area of expertise. :) :thumbup2: Your can post a topic in Internal Hardware section of our forums. They area usually not as busy as the malware forum. They could help You out on that for sure. If you post in that section let us know so we can close this topic if you have no other questions for us in the malware section.

Edited by fireman4it, 15 September 2009 - 04:50 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#42 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 AM

Posted 20 September 2009 - 05:50 PM

As the problem here seems to be resolved, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. If you should have a new issue, please start a new topic. Everyone else with similar problems, please start a new topic.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users