Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many Pop-ups; Can't Run Most Diagnosis Programs - Hjt Log Attached -


  • This topic is locked This topic is locked
3 replies to this topic

#1 moose.ca

moose.ca

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 31 December 2006 - 11:58 AM

I have followed the instructions in the posting - but my computer seems to reject the thought of running most of the anti-virus or anti-malware programs. Whatever has infected it is VERY SMART!

Attached is the HJT log - please help...

Logfile of HijackThis v1.99.1
Scan saved at 9:49:31 AM, on 31/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\winservnt32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\sudcvvbA.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe winservnt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,winservnt32.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [sudcvvbA] C:\WINDOWS\sudcvvbA.exe
O4 - HKLM\..\Run: [win3206080809177] C:\WINDOWS\win3206080809177.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\h0n0la5m1d.dll

Thanks - and Happy New Year!

BC AdBot (Login to Remove)

 


#2 moose.ca

moose.ca
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 31 December 2006 - 12:03 PM

I thought I should clarify my above post.

I inherited an older laptop from my brother-in-law. He was having tons of problems with pop-ups and other malware-type stuff. I reformatted the HD, installed Windows XP (instead of Win98 which he had) and immediately starting getting lots of pop-ups right from day 1. I went through the instruction topic, but most of the times I would try to install anti-malware programs or go to online anti-virus sites, IE would crash or the install program wouldn't start (Spy-bot, Housecall, Panda). The Ad-Aware program caught about 150 items the first scan, and consistently about 20 items each subsequent scan, so it was never fully clean. But I moved on... I got through the list, created the HJT log (post above).

Thanks for your assistance.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:33 AM

Posted 31 December 2006 - 12:42 PM

Hello,

This is a VERY nasty log :thumbsup:

Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

Avira, AVG OR Avast OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Agnitum Outpost Free, ZoneAlarm Free OR Kerio are FREE firewalls.

Understanding and using firewalls

Update your Antivirus and let it perform a full scan.
Then reboot afterwards.
If you can't access the sites, do next first:

* Download: Hoster
Unzip hoster to an own folder, eg C:\Hoster
Start Hoster.exe, click 'Restore Original Hosts' and click OK.

It is important you don't miss a step and perform everything in the right order!!
It's better you print out next instructions, because you also have to work in safe mode without networking support, so this page won't be available.

* Please download, install, and update AVG Anti-Spyware
  • Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
Do not run the scan yet.

----------------------

* Download SDFix and save it to your Desktop.

* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Do not run it yet.

------------------------

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe winservnt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,winservnt32.exe
O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKLM\..\Run: [sudcvvbA] C:\WINDOWS\sudcvvbA.exe
O4 - HKLM\..\Run: [win3206080809177] C:\WINDOWS\win3206080809177.exe
O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\h0n0la5m1d.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if some entries won't go away, we'll deal with that later...

---------------------

* Open AVG Antispyware.
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close AVG Anti-Spyware and reboot!!
    I need the log later.
-------------------------

* Open the extracted SDFix folder.
  • Double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum). I need that log later.
-----------------

So now you're back in normal mode...

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post next logs in your following reply:
  • Log from combofix (combofix.txt)
  • Log from AVG Antispyware
  • New HijackThislog
  • Log from SDfix (will be in the SDfix folder)
You may need several replies to post the logs in case they won't fit in one reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:33 AM

Posted 09 January 2007 - 06:12 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users