Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Badly infected computer (i think)


  • Please log in to reply
59 replies to this topic

#1 jewtastik

jewtastik

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 11 February 2011 - 02:54 AM

Hi,

my computer is badly infected (i think) but every time mbam "deletes" the problem, they just keep coming back. here are the logs for you. i am not sure what it is that is infecting my computer but would appreciate any help

Thanks in advance

Attached Files

  • Attached File  DDS.txt   14.33KB   22 downloads
  • Attached File  Attach.txt   18.85KB   8 downloads
  • Attached File  ark.txt   177.79KB   12 downloads


BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:30 PM

Posted 11 February 2011 - 06:42 AM

Hello

Would you please attach Mbam log here?
Posted Image

#3 jewtastik

jewtastik
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 11 February 2011 - 09:59 AM

here is the mbam log, this one is from 2/11/11 and only shows 2 problems

Attached Files


Edited by jewtastik, 11 February 2011 - 09:59 AM.


#4 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:30 PM

Posted 11 February 2011 - 10:34 AM

Hello

Doesn't look bad.

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
C:\Documents and Settings\Scott Heller\Application Data\Azigig.exe
Click Submit/Send File
Please post back, to let me know the results.


If Jotti is too busy please try Virustotal

_________________________

Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Please post results of the file and Eset report :)
Posted Image

#5 jewtastik

jewtastik
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 11 February 2011 - 10:46 AM

here is where the problem happens. My browser (firefox) will not allow me to open any of the link (with the exception of ATF) any suggestions?

#6 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:30 PM

Posted 11 February 2011 - 10:52 AM

Can you use other browsers or write the link manually?
http://virusscan.jotti.org/

eset online scan:
http://eset.com/onlinescan

Edited by Baabiouz, 11 February 2011 - 11:02 AM.

Posted Image

#7 jewtastik

jewtastik
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 11 February 2011 - 10:58 AM

typing the links into the address bar on firefox of Internet explorer isnt working either

#8 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:30 PM

Posted 11 February 2011 - 11:01 AM

How about copy & paste the link? Right-click the link and choose copy. At the adress bar right click and choose paste.

Edited by Baabiouz, 11 February 2011 - 11:02 AM.

Posted Image

#9 jewtastik

jewtastik
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 11 February 2011 - 11:03 AM

doesnt help either. i keep getting the problem loading page link in firefox and in IE

#10 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:30 PM

Posted 11 February 2011 - 11:05 AM

Okay, let's try Combofix

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.



-----------------

If you can't download Combofix.exe, try rename it before downloading.


Posted Image


Posted Image

Edited by Baabiouz, 11 February 2011 - 11:06 AM.

Posted Image

#11 jewtastik

jewtastik
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 11 February 2011 - 11:28 AM

here is the log for combofix

Attached Files



#12 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:30 PM

Posted 11 February 2011 - 12:00 PM

Hello

Please click your Start button then Click on Run and type in the following without the quotes: "notepad" Then copy (Ctrl C) and paste (Ctrl V) the following text in the codebox,
File::
c:\windows\Zmipia.exe

Rootkit::
c:\documents and settings\Scott Heller\Application Data\Azigig.exe 



Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.



-------------

Run Malwarebytes' Anti-malware. Click Update -tab and choose Check updates.
Update Mbam and then do full system scan on Scan tab.
After scanning, save the results and post back here.


Post Mbam results and Combofix log back here :)
Posted Image

#13 jewtastik

jewtastik
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 11 February 2011 - 01:19 PM

here is the combofix log and mbam log

Attached Files



#14 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:30 PM

Posted 11 February 2011 - 01:45 PM

Hello
Let's do CFscript one more time, with different content. Please first remove your old cfscript.txt file.


Please click your Start button then Click on Run and type in the following without the quotes: "notepad" Then copy (Ctrl C) and paste (Ctrl V) the following text in the codebox,
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Azigig"=-



Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Can you run Eset online scanner now? Do you still have same problems than earlier, can't acces websites and write to adress bar?
Posted Image

#15 jewtastik

jewtastik
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 11 February 2011 - 05:54 PM

still cant open the link from before

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users