Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gmer freeze


  • This topic is locked This topic is locked
48 replies to this topic

#1 ricochet53

ricochet53

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 13 May 2010 - 03:44 PM

Hi- I am a newbie to this group. I have been trying to elimnate a smit fraud type of security alert. I have run several malware cleaners, including AVG, Avast, and MalawareBytes. I have also run Super Anti-spyware.
When I found the bleeping site I tried to follow the steps laid out in the preparation guide. Things went fine until I tried to save the gmer file. My computer froze completely. I was unable to move anything, Cntrl-alt-del did nothing, and I could not even restart or shut down.
I had to cut power to the box and then restart. Seems to be ok now, but I hesitate to unpack the GMER again.
Any thoughts or advice would be very much appreciated.
Thanks,
Michael.

QUOTE(Orange Blossom @ May 13 2010, 01:51 PM) View Post
Hello,

Don't worry about the GMER scan at this point. Please post the DDS and attach.txt logs. Once you have done so, I will merge that post to your initial post here and remove mine so your topic won't get lost.

Orange Blossom fruits_cherry.gif

Ok Blossom and thanks-here is the dds.txt file. I cannot find any zip mechanism on my computer-at least if I follow Microsoft's instructions. I will try to add the attach.txt direct.
I appreciate your patience-this is quite new to me.

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 13 May 2010 - 07:52 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 14 May 2010 - 03:40 PM

Hello ricochet53

What problems are you still having with your computer?

I would like you to do one more san for me before we start fixing things

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

I will be waiting for your reply


Gringo







I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ricochet53

ricochet53
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 May 2010 - 12:24 AM

QUOTE(gringo_pr @ May 14 2010, 01:40 PM) View Post
Hello ricochet53

What problems are you still having with your computer?

I would like you to do one more san for me before we start fixing things

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
I will be waiting for your reply


Gringo



QUOTE(ricochet53 @ May 14 2010, 10:24 PM) View Post
QUOTE(gringo_pr @ May 14 2010, 01:40 PM) View Post
Hello ricochet53

What problems are you still having with your computer?

I would like you to do one more san for me before we start fixing things

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
I will be waiting for your reply


Gringo



#4 ricochet53

ricochet53
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 May 2010 - 12:30 AM

Hi Gringo-thanks for the help.
I downloaded and started RkU as you suggested. It threw up a list of stealth codes fairly quickly, but when It jumped to files the making a list window came up, and stayed up for almost thirty minutes before I hit cancel. Was I being too impatient, or is it stuck on something? I can run it again in the morning and let it cook for hours if that would help, but I could not see anyting happening.
appreciate your help very much. I didnt mention earlier, but I also ran that Siri form debugger that is supposed to look after that false security icon.
regards,
Michael.

#5 ricochet53

ricochet53
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 May 2010 - 12:33 AM

QUOTE(ricochet53 @ May 14 2010, 10:30 PM) View Post
Hi Gringo-thanks for the help.
I downloaded and started RkU as you suggested. It threw up a list of stealth codes fairly quickly, but when It jumped to files the making a list window came up, and stayed up for almost thirty minutes before I hit cancel. Was I being too impatient, or is it stuck on something? I can run it again in the morning and let it cook for hours if that would help, but I could not see anyting happening.
appreciate your help very much. I didnt mention earlier, but I also ran that Siri form debugger that is supposed to look after that false security icon.
regards,
Michael.



#6 ricochet53

ricochet53
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 May 2010 - 12:34 AM

Hi again Gringo- this is what I have so far on the reprt

Attached Files



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 15 May 2010 - 12:37 AM

Hello

wait a min be right back

Gringo

Edited by gringo_pr, 15 May 2010 - 12:40 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 15 May 2010 - 12:41 AM

hello


Go ahead and run this program


Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

[b]"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ricochet53

ricochet53
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 May 2010 - 04:53 AM

Hi Gringo PR-
I downloaded the windows file and it is on my desktop:
windowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
and I have downloaded combo fix.exe

However when I try to drag the windows onto the combo fix, the combo fix just moves out of the way. Been chasing it all over the desktop. even tried in the other direction ie combo fix>xp etc.
i can send you a screen shot of the desk top if that would help. Could aso send you a shot of Speccy, showing you what I have.
I have a 250Gb internal drive which has 95+Gb free, and upon which I ran Defraggler ystdy. I also have a 500Gb external, with about 50Gb free, but I do not think that is relevant to this problem.
appreciate the patience. Must be frustrating at times.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 15 May 2010 - 04:58 AM

ok just run combofix we will deal with the recovery console later

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ricochet53

ricochet53
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 May 2010 - 05:31 AM

QUOTE(gringo_pr @ May 15 2010, 02:58 AM) View Post
ok just run combofix we will deal with the recovery console later

Gringo

Hi-
It is ok, I think that I got it. Log att'd.
thanks

Attached Files



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 15 May 2010 - 11:43 AM

Hello ricochet53

Let me know about the redirects. are they still happening?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ricochet53

ricochet53
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 May 2010 - 01:50 PM

QUOTE(gringo_pr @ May 15 2010, 09:43 AM) View Post
Hello ricochet53

Let me know about the redirects. are they still happening?

Gringo



#14 ricochet53

ricochet53
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 May 2010 - 01:54 PM

Hi Gringo-
I have not touched that ugly little red icon that tells me"Windows Security Alerts" since I first saw it, but it is still there and I am reluctant to touch it. I will if you feel I should test it out, buty I am pretty sure that would mean a reboot in safe mode and then a system restore.
Michael.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 15 May 2010 - 04:07 PM

Greetings ricochet53

"I have not touched that ugly little red icon that tells me"Windows Security Alerts" since I first saw it"
    Dont touch it yet, lets do some things first
:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

µTorrent

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.
please do not use it until your computer is cleaned.

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Adobe Reader 8.1.2
    Java™ 6 Update 16


    and click on remove

Update Adobe Reader
    Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      If you don't like Adobe Reader (33.5 MB), you can download Foxit PDF Reader(3.5MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts
  • After the update is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo





I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users