Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ironclk.exe - What is this???


  • Please log in to reply
17 replies to this topic

#1 Alpineman2

Alpineman2

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 20 November 2009 - 03:00 PM

Please help, What should I do?

I was infected with SystemDefender last night and have been able to clear said malware from my computer, however, I believe Ironclk.exe was also installed along with said malware; however, Ironclk is not coming up as malware.


The below two programs were newly displayed in the startup configuration, after SystemDefender was auto installed.
Ironclk.exe
%systemroot%\system32\dumprep 0 -k

Your help is greatly appreciated.


Alpineman2

BC AdBot (Login to Remove)

 


#2 Alpineman2

Alpineman2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 20 November 2009 - 07:31 PM

Any takers on this yet or is Ironclk.exe a newer malware/spyware, etc...?

#3 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:26 PM

Posted 20 November 2009 - 09:14 PM

Welcome to BC :thumbsup:

:inlove: Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
:trumpet: Please download RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
:flowers: Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#4 Alpineman2

Alpineman2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 21 November 2009 - 11:37 AM

Hi Rigel,

I'm running:
Gateway 1.67 ghz, 2 gb RAM
Windows XP, sp3
Avg 8.0
normally CPU runs at approx 1% - 3% post start-up w/out any programs selected.

Following Malwarebytes installation and scan, post start-up w/out any programs selected CPU runs at approx 80%.
I also downloaded and ran Houscall.
Start-up Config 'msconfig' has remained the same.
I unstalled Malwarebytes to see if that would help and it did nothing at all.
Also, am not sure why, but unable to boot in 'safe mode'.

Any ideas on why it's running so heavy?


I will follow your above instructions and revert back with outcome.

Edited by Alpineman2, 21 November 2009 - 12:44 PM.


#5 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:26 PM

Posted 21 November 2009 - 12:42 PM

Let take a look with Process Explorer and see what is dragging the system down.

Please download Process Explorer.
Expand the folder by double clicking on the file. Run the Process Explorer program. The program will open and look for programs with high CPU usage. If you see one, please post it here. You can minimize that program and watch the graph in the system tray - beside clock to see if something spikes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#6 Alpineman2

Alpineman2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 21 November 2009 - 01:23 PM

Hi Rigel,

I disengaged AVG and total usage went down to 54%

Here is what I have:
CLI sub of ATI is running at 50%

When I start another program the CPU goes to and stays at 100% until program is terminated.
I'm unable to reboot in 'safe mode' or any 'mode', every time I choose any 'mode' it restarts and goes back to boot menu.

Noticed that a non-Microsoft Windows Defender is running. That's malware correct?

What should I do?????

Edited by Alpineman2, 21 November 2009 - 04:05 PM.


#7 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:26 PM

Posted 21 November 2009 - 10:54 PM

Non microsoft sounds suspicious. Let's look at a rootkit scan...

Install RootRepeal

Click here - Official Rootrepeal Site, and download RootRepeal.zip. I recommend downloading to your desktop.
Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.
Click RootRepeal.exe to open the scanner.
Click the Report tab, now click on Scan. A Window will open asking what to include in the scan.
Check the following items:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

Click OK
Scan your C Drive (Or your current system drive) and click OK. The scan will begin. This my take a moment, so please be patient. When the scan completes, click Save Report.
Name the log RootRepeal.txt and save it to your Documents folder - (Default folder).
Paste the log into your next reply.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#8 Alpineman2

Alpineman2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 22 November 2009 - 01:46 PM

Hi Rigel,

The one major issue is that I am unable to boot my computer. Every time I choose any boot selection it restarts and goes back to the boot menu. Bios system is by Phoenix

Should I try to access my computer from another PC?
My major concern is obtaining my most recent files, then I could reformat the drive.
What do you think I should?

Thanks for you help, much appreicated.

Alpineman2

Edited by Alpineman2, 22 November 2009 - 01:47 PM.


#9 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:26 PM

Posted 22 November 2009 - 03:46 PM

I see. Do you have your Operating System Disk (XP) handy. We can try a repair install.

How comfortable are you with working inside your computer? Would you be comfortable in placing your hard drive into another computer?
Would you be able to create a Boot CD if I pointed you to the right site?

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#10 Alpineman2

Alpineman2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 22 November 2009 - 06:38 PM

Sorry for the late response, but I just returned home.

I have the Operating System Disk (XP) [Widows XP Media Center Version 2005 with Update Rollup 2].

I have upgraded RAM before and would feel comfortable with working inside my Gateway Notebook.
I do feel confident in my ability to create a Boot CD.

Thoughts on this post? http://www.bleepingcomputer.com/forums/ind...=unable+to+boot

What's the next step?

Edited by Alpineman2, 22 November 2009 - 07:23 PM.


#11 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:26 PM

Posted 22 November 2009 - 08:02 PM

I am not sure. With malware, one solution doesn't always work for another. You can take a look and see if his situation applies to you. In the case of a repair install, the original OS files are reinstalled. You may have to reinstall some programs and then upgrade after cleaning back to SP3.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#12 Alpineman2

Alpineman2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 22 November 2009 - 08:09 PM

Hi rigel,

What is meant by 'the original OS files are reinstalled'?
My main concern is that I'm able to obtain/ keep intact my business files, is such possible with a repair install? If so, then I'll go ahead with the repair install and revert back with my outcome.

Thanks again, I do appreciate your help with my issue.


Alpineman2

Edited by Alpineman2, 22 November 2009 - 08:11 PM.


#13 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:26 PM

Posted 22 November 2009 - 09:46 PM

The repair install should not harm your business files. A repair install will only replace XP OS files and leave the others intact. You will have to run updates on your system to get it back to the SP3 level. The alternative is to remove the hard drive from this computer and install it into a working one. The computer should boot to the working hard drive and then give access to your files. You need to be careful with both options. The are no true guarantees when it comes to cleaning malware.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#14 Alpineman2

Alpineman2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 23 November 2009 - 12:07 PM

I set the CD ROM drive to 1st in boot sequence; however, it's still doing the same loop and not booting up. Hope I'm not SOL.

Edited by Alpineman2, 23 November 2009 - 12:54 PM.


#15 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:26 PM

Posted 23 November 2009 - 03:28 PM

Let me get some help with this one. Another tech will be here shortly...

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users