Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security 2010


  • Please log in to reply
12 replies to this topic

#1 Dominicus

Dominicus

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 15 December 2009 - 02:27 AM

I have just recently been infected with this evil malware. I have followed the uninstall guide here on the site and I have done everything it has told me to do. The problem that I keep running into is whenever malwarebytes finishes downloading (I make sure open and update automatically boxes are clicked) the window opens for Malwarebytes but it then closes after a few seconds with no warning. I dont get any notifications about why it closed or any of those fake warning messages. When I try opening the icon on my desktop I get a message saying the shortcut is missing and I have to browse it myself. There are no options for me to open when I click the browse button. I have uninstalled the malwarebytes several times and reinstalled to see if I can just perform the scan but it keeps closing for no reason and I get that annoing missing shortcut miniscreen.
I was wondering if anybody has had this problem with Windows Security 2010 and what they did to keep the Malwarebytes open.

-I have done every step in this sites guide.
-If I need to add more details please ask.
-Im desperate to kill this damn thing so please help would be greatly appreaciated.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:07 PM

Posted 15 December 2009 - 08:46 AM

Perform the steps in this guide:

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Dont create a new topic though. Just post the DDS and Rootrepeal logs as a reply to this topic.

#3 Dominicus

Dominicus
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 15 December 2009 - 06:04 PM

After I ran the DDS program nothing happens. I don't get that notepad of detail. What am I doing wrong? :(

I apologize for my noobiness im just not very knowledgeable with computers or anything. So I hope frustrations don't run high in you.

#4 Dominicus

Dominicus
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 15 December 2009 - 06:18 PM

RootRepeal log is right here.

Attached Files



#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:07 PM

Posted 16 December 2009 - 04:11 PM

Download ComboFix from here

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

#6 Dominicus

Dominicus
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 17 December 2009 - 01:48 AM

Here is the log for the combo fix.

Attached Files



#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:07 PM

Posted 17 December 2009 - 04:57 PM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
c:\windows\system32\lahofipe.dll
c:\documents and settings\NetworkService\ntload.dll
C:\enhs.exe
C:\dens.exe
C:\acad.exe
c:\windows\system32\drivers\hyzakhvlsrfh.sys
c:\windows\wp4.dat
c:\windows\wp3.dat
c:\windows\system32\bunivaya.dll
c:\windows\system32\fupikeke.dll
c:\windows\system32\gazikiri.dll
c:\windows\system32\gedofano.dll
c:\windows\system32\henovijo.dll
c:\windows\system32\jinuyeju.dll
c:\windows\system32\juruzuhu.dll
c:\windows\system32\luyunaku.dll
c:\windows\system32\nezovefo.dll
c:\windows\system32\ratijipe.dll
c:\windows\system32\sikonese.dll
c:\windows\system32\tamiwuru.dll
c:\windows\system32\wuyedawa.dll
c:\windows\system32\yohirema.dll
c:\windows\system32\config\systemprofile\ntload.dll
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll

Folder::
c:\windows\system32\config\systemprofile\PrivacIE

Registry::
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78c0eeb0-b961-40f9-bf2f-8c17c6b48773}]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"notepad"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Driver::
fohljtiwvtuto


Save this as the txtfile CFScript

Then drag the CFScript into KittyKat.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

#8 Dominicus

Dominicus
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 18 December 2009 - 06:31 AM

Heres the results of the stuff you told me to do, and I was just wondering...what was that stuff?

Attached Files



#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:07 PM

Posted 18 December 2009 - 10:23 AM

That stuff was malware that CF did not automatically delete on the first run. Only file left that I don't like is this one file. I don't like how its called .exe. Please delete this file:

c:\documents and settings\HP_Administrator\Application Data\Real\Update\setup\rp\.exe

Otherwise, you look clean. Let's run this to just be safe:

Please download Malwarebytes' Anti-Malware from here:

MalwareBytes' AntiMalware download link

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#10 Dominicus

Dominicus
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 18 December 2009 - 10:42 PM

Holy bleep its all gone!
I ran the Malwarebytes and I deleted all kinds of nonsense, something around 24 infected items. All kinds of nonsense. If you want I can give you that log as well.

Before I begin to give you my eternal thanks do the files I showed you give you an idea where they came from? How do I avoid this bleep?


Now I cant begin to tell you how thankful I am. What you did was truly a nice thing to do. Thank you very much sir and I hope I can come back here for help in the future. THANK YOU SO MUCH SIR YOU ARE TRULY ONE THE GREATEST HUMAN BEINGS

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:07 PM

Posted 18 December 2009 - 10:58 PM

I would like to see the logfile please from mbam.

Unfortunately, I am unsure where it came from. This crap typically comes from porn sites, crack sites, pdf exploits, and hacked sites. I suggest you also run this program and update whatever it finds to the more secure versions:

http://secunia.com/vulnerability_scanning/online/

#12 Dominicus

Dominicus
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 19 December 2009 - 07:46 AM

What exactly are cracked sites?? and I was just thinking a bit here. If these douchy malwares ask for your money cant the higher authorities track the money down and arrest these clowns?

I did two scans, the first being a quick scan and the second being a full system scan.

Thanks for that link I apparently have 6 out of date programs >___>

Attached Files



#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:07 PM

Posted 19 December 2009 - 09:39 AM

Update Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 6 Update 17' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.
Then,

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here for your particular Windows Version:


Windows XP System Restore Guide



Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


I am closing this topic. Please message a moderator if you need it reopened.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users