Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

0i763f66bz.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 hunter7477

hunter7477

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 21 July 2012 - 08:33 PM

No internet on other computer, found this file today. Per other forums on the same, ran rkill then combofix to no avail, it is still showing up. Here is the current farbar from the windows recovery screen.

Attached Files

  • Attached File  FRST.txt   25.28KB   9 downloads


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:34 AM

Posted 25 July 2012 - 10:55 AM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\Alicia\...\Run: [0i763f66bz] C:\Users\Alicia\0i763f66bz.exe [38400 2012-07-09] (DeLOCK)
0 6c7313e3c6d3eaad; C:\Windows\System32\Drivers\6c7313e3c6d3eaad.sys [84936 2012-07-19] ()
2012-07-19 06:24 - 2012-07-19 06:24 - 00084936 ____A C:\Windows\System32\Drivers\6c7313e3c6d3eaad.sys
2012-07-09 16:20 - 2012-07-09 16:20 - 00038400 ____A (DeLOCK) C:\Users\Alicia\0i763f66bz.exe
testsigning: ==> Check for possible unsigned malware driver <===== ATTENTION!
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Please re-run ComboFix, allow it to update if it asks to do so, please make sure you disable your security programs first

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:34 AM

Posted 02 August 2012 - 03:40 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users