Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what I'm infected with. Think it's system fix or googleupdater


  • This topic is locked This topic is locked
12 replies to this topic

#1 ntraenkner

ntraenkner

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 02 December 2011 - 11:07 AM

Windows 7 64-bit

last night i got a couple dozen popups telling me there was a "delayed read error" or something. Then a popup telling my my hard drive was broke- asked me to scan and fix. before this I was receiving messages about "googleupdate.exe" or something like that. Whatever infected me logged me off and restarted the computer.

1. I unplugged the network cable and I immediately came here (using another computer) and downloaded iExplore.exe to "stop the processes".

2. Popups disappeared, scan and fix dialog disappeared.

3. Next, I ran tdsskiller it reported it found one thing (Locked File (Service: sptd) default action presented to me was "skip" per the TDSSKiller instructions I hit "continue" keeping "Skip" selected.

4. I installed malwarebytes from a flash drive. because i was unplugged from the network i couldnt update the database

5. when I restarted the same behavior (popups, scan and fix) but no logoff and no mention of googleupdate

6. ran unhide

6. Repeated steps 1-3 ran Malwarebytes again. This time only reported Registry entries.

7. I removed them.

8. Restarted. Same behavior.

9. BECAUSE I DID NOT READ INSTRUCTIONS CAREFULLY I then installed and ran ComboFix but did not do anything other than let it generate a log.

10. Realized that I should update my Malwarebytes and so plugged in the network cable again.

11. updated Malwarebytes.

12. Noticed that I now no longer get the popups or system scan message

13. However, in my notification tray I have a little flag with an X that says: "Solve PC Issues: 1 important message 6 total messages" when I mouse over.

14. If I right-click the task bar and select Properties > Notification Area > Customize Button In the list of Icons there is a file called "Action Center" (the little flag with the X) vMttfGqwlJXmmgo.exe with a USB icon next to it (that looks like malware) and three instances of "proxycheck.exe".

While things seem to be running fine, I'm convinced that by running ComboFix, I half-fixed something. I have since downloaded DDS and created a log. I also have all the logs generated through the above process.

What do you think? Am I doomed?

Thank you for reading this!

If anyone knows how I might go about fixing this, I of course am grateful.

-Nick

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 07 December 2011 - 11:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430387 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:50 AM

Posted 10 December 2011 - 06:16 AM

If you still need help, please post the requested logs.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 ntraenkner

ntraenkner
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 10 December 2011 - 01:49 PM

Please let me know what logs I need to attach that I haven't already attached. (see the first message).

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:50 AM

Posted 10 December 2011 - 02:27 PM

Those logs are more than a week old, in order to see the current state of your computer, I need to see at least an updated DDS log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 ntraenkner

ntraenkner
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 13 December 2011 - 12:24 PM

Sorry for not getting back sooner.

I will re-generate these logs tonight and attach them.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:50 AM

Posted 13 December 2011 - 12:30 PM

Okay, I'll wait for the new logs! :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 ntraenkner

ntraenkner
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 13 December 2011 - 06:28 PM

Thank you for your patience and especially for your time!

Attached Files



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:50 AM

Posted 14 December 2011 - 03:50 AM

Can you please redownload combofix and run it as instructed below (delete any old copy you still may have).

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:50 AM

Posted 18 December 2011 - 12:27 PM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 ntraenkner

ntraenkner
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 19 December 2011 - 09:19 AM

Yes. I'll get these posted tonight.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:50 AM

Posted 19 December 2011 - 10:43 AM

Okay, thank you for letting me know! :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:50 AM

Posted 06 January 2012 - 06:31 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users