Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got a nasty one. kazy.mekml?


  • This topic is locked This topic is locked
6 replies to this topic

#1 Dayzed

Dayzed

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 26 April 2011 - 07:05 AM

Hi there. I've used this site in the past and usually found answers without posting. Not this time! Recently Avira detected an infection with kazy.mekml. Per the descriptions I found online it hid the majority of my programs and personal files as well as making my E drive(backup)unreadable with i/o problems. It also hijacked my browser (Firefox)and I periodically get sound cutting in from an unknown site the infection likes to visit. What I've done so far:

-I checked "show hidden files" which repopulated my programs list but they appeared with a "ghost" image. Downloaded and ran Unhide which fixed the "ghost" problem.

-Downloaded rkill and updated Avira, Mbam, and adaware. Rebooted in safe mode, ran rkill, then ran everything! I found a couple of infections possibly unrelated and cleaned them but it didn't solve my problem.

-Uninstalled Avira and installed AVG which found no infections. Re-installed Spybot SD and ran it.

-Ran everything in normal startup just for chuckles.

-Repeated the same process with combofix after disabling AVG.

Looking at my HJT log there were a few questionable programs but when I tried to remove them the add/remove programs list wouldn't populate (which is new). Any help is greatly appreciated. Heeeeeeeeeeeeeeeeeeeeelp!!!!!!!!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:43 PM

Posted 26 April 2011 - 08:15 AM

Press the WINKEY + R keys on the keyboard or click Posted Image > Run..., and in the Open dialog box, type: cmd
Click OK or press Enter.

At the command prompt C:\>_, type: regsvr32 appwiz.cpl
(Note there is a space between 32 and appwiz)
press Enter.
When finished, type: exit
press Enter and reboot your computer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Dayzed

Dayzed
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 26 April 2011 - 08:43 AM

Thanks quietman7. After further review my program list is showing up, eventually after 5 minutes. Don't know if it's related to my current woes.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:43 PM

Posted 26 April 2011 - 08:51 AM

Complaints about Add/Remove being slow to populate are not uncommon. That feature uses several heuristics to attempt to determine information like program size and frequency of use. If the program does not provide this info, Add/Remove is basically forced to guess. It takes time to gather these details and then populate (load) the list with what it finds, especially if you have a lot of programs installed on your system. See here for a more detailed explanation. Processor speed and available amount of memory are also a factor.

Unchecking "Show updates" at the top will eliminate the population of Windows security updates or using Add/Remove Programs in Safe Mode should speed things up. You can also try using a third party utility as an alternative.If you use CCleaner, you can find an uninstall list by clicking on the Tools button.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Dayzed

Dayzed
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 26 April 2011 - 09:07 AM

Good advice. Since the list being slow to populate is a new thing I'm assuming it's related to my computers infection and will return to normal when/if I can find the culprit.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:43 PM

Posted 26 April 2011 - 09:43 AM

You may want to perform at least one Online Virus Scan to see if it finds anything the other scans missed:-- F-Secure requires free Java Runtime Environment (JRE) to be installed before scanning for malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:43 PM

Posted 27 April 2011 - 03:40 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic393906.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users