Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antimalware Doctor and sudden other trojans removal help


  • Please log in to reply
2 replies to this topic

#1 FlyMolo

FlyMolo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 26 July 2010 - 01:49 PM

Hi, Ive come to this site a couple times in the past to remove viruses or malware from my computer, and I had hoped that I would never need to actually come on here to post my problem.
But here I am.
So the other day I was trying to find sites to watch the new futurama season, particularly the new leaked episode, and as I got to one site, I felt odd lag, then I saw the java symbol appear in my taskbar and I frowned.
My Avira Antivir detected something, but I clicked deny access and closed Mozilla Firefox.
A couple minutes later "Antimalware Doctor" appeared on my screen, so I instantly checked the removal procedure for it, and it required the usual rkill.com and MBAM.
I ran RKILL and got rid of Antimalware Doctor, but as I try to run MBAM's full search, my Avira Antivirus repeatedly gives me alerts.
I ran MBAM once, and it said it got rid of 10 problems, so I figured hurray, clicked restart, and went to bed.
When I woke up I still find AntiMalware Doctor and all these different antivirus alerts appearing.
Even when MBAM isnt running, these files continue to appear from my Avira Antivirus alerts:
Local Settings\Temp\ilvu.exe is the TR /Dropper.Gen Trojan
Local Settings\ ... \ cgaickiqk[1].htm The file contains an executable program that is disguised by a harmless file extension [HIDDENEXT/CRYPTED]
Local Settings\ Temp\ acgpuwna.exe Is the TR/Random.XBlocker.avw Trojan
Local Settings\...\kofmhoahpk[1].htm Is the TR/Ranson.XBlocker.avw Trojan

At the same time as these occur, in the background, an error window appears that says
RUNDLL
Error loading uwwyp.dll
The specified module could not be found.
[OK]
I assumed that it had to do with AntiMalwareDoctor being unable to launch.

As soon as I click deny access/delete/move to quarantine on any of these alerts (5 running at the moment) another one instantly appears to take its place.


So today what I did was repeatedly launch RKILL.com as different alerts were popping up, until the log said that all it closed was RKILL.COM.exe
Then, I started running MBAM full scan, and it is currently running, while these alerts are still appearing.
I wont know if this MBAM search will work, but I will post back when it has finished, or if anyone posts in this thread, as I am currently using my laptop.
Thanks in advance for your help.

I am running XP, home edition.
Thanks for moving this to the appropriate section, I was wondering if it should go here.

edit: So I just finished my full pc scan, and It found 3 files in registry, which I deleted, and since then I have not been receiving any alerts via avira antivir, nor has antimalware doctor tried to reappear, and those error windows will not appear.
Im running a quick pc scan from MBAM, then Ill try restarting, and come back here to post results.

Edited by FlyMolo, 26 July 2010 - 04:16 PM.


BC AdBot (Login to Remove)

 


#2 FlyMolo

FlyMolo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 26 July 2010 - 04:39 PM

So, I just ran the quick PC scan of MBAM, and through running that I got 2 alerts from Avira Antivirus, and no detections from MBAM.
I figured what I was alerted to was running in the background and thats why MBAM couldnt find it, so I closed mbam and ran rkill, and rkill only closed itself.
After RKill was finished, I got these 4 alerts.

http://screencast.com/t/MTQ3MjVl Local Settings\ Temp\ acgpuwna.exe Is the TR/Random.XBlocker.avw Trojan
http://screencast.com/t/NjM1ZTk2OWUt Local Settings\...\kofmhoahpk[1].htm Is the TR/Ranson.XBlocker.avw Trojan
http://screencast.com/t/ZGE0ZjQ2OTM Local Settings\ ... \ cgaickiqk[1].htm The file contains an executable program that is disguised by a harmless file extension [HIDDENEXT/CRYPTED]
http://screencast.com/t/NDYzM2M3Y uwwyp.dll Is the TR/BHO.294910 Trojan
http://screencast.com/t/YTFiMTIyMTQt Local Settings\...\sjnvpnidk[1].htm The file contains an executable program that is disguised by a harmless file extension [HIDDENEXT/CRYPTED]

Does anyone know what I should do? These just keep appearing, and I keep clicking delete on my antivirus alerts.
Please respond soon, thanks in advance.
Edit: Antimalware Doctor is still on my PC, I have not been able to get rid of it or any of these trojan appearances, so I am now trying a system restore, I will edit this thread with new information when that is finished, though I wonder if anyone is actually reading it.

Edited by FlyMolo, 26 July 2010 - 07:29 PM.


#3 FlyMolo

FlyMolo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 26 July 2010 - 09:24 PM

Hello anyone thats reading this!
I got around to reformatting my computer because I want to install more ram in the near future, so I figured this was an opportune time to put windows 7 on.
Thanks for reading this thread I suppose, if you did.
Close this thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users