Abebot

[freakyferret]

i got this damn thing about a month ago and just reformated i dont want to have to do that this time i got hijackthis any way i can get some help figuring it out guys

 

[kritius]

Hello freakyferret, and welcome to the forums.

My name is kritius and I'll be glad to help you with your malware and virus problems.

First you must understand that working a HijackThis log can take some time to research, so please be patient. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

The first thing that I need you to do for me is to download and install HijackThis for me,

Highjackthis Instructions

• Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
• Run the HijackThis Installer and it will automatically place HJT in its own folder, usually C:\Program Files\Trend Micro\HijackThis. Please don't change the directory as it is necessary to create backups.
• After installing, the program launches automatically, select Scan now and save a log
• After the scan is complete attach the log in your reply.

Do not attempt to fix any item yet.
Do not add anything to the ignore list.
Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.

Hijackthis will give me an idea as to what nasty things there are lurking about in your system and will help the both of us get rid of them.

If you have any problems or questions then please post back.


This thread is for the use of freakyferret only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[freakyferret]

ok here is log

 

[kritius]

You are running a system without a firewall,

Please download ONE of the following,

• Comodo
• Kerio
• Online Armor
• Zonealarm

Fix entries using HiJackThis

• Launch HiJackThis
• Click the Do a system scan only button
• Put a check next to the entrieslisted below
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.roboform.com/test.html?a...NHICMEKMICNJJCKJNBJCMNJGJIJIJGJKJJNKJCMJNNICM
  O2 - BHO: (no name) - {ed38042c-64e4-4bb3-a5d1-c544f92b87ad} - C:\WINDOWS\nqjmzopo.dll
  O4 - HKLM\..\Run: [mzmjihyv] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\mzmjihyv.dll"
  O4 - HKCU\..\Run: [dfgyuclr] C:\WINDOWS\system32\ovyruvgf.exe
  O4 - HKLM\..\Policies\Explorer\Run: [j6y1JNGg0p] C:\Documents and Settings\All Users\Application Data\mbkjsrul\gbivovud.exe
  O4 - HKCU\..\Policies\Explorer\Run: [bW1DMNGg0p] C:\WINDOWS\jepezune.exe
  O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
  O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
  O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
  O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
  O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  
• IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
• Click the Fix checked button and close HiJackThis
• Reboot HijackThis if necessary

Delete Files and Folders

• Right Click on the start button and chose explore
• Show all hidden files and folders, see how HERE
• Navigate to the following files and folders and delete them(if still present)

C:\WINDOWS\System32\lxcycoms.exe<---------This File
C:\WINDOWS\system32\ovyruvgf.exe<---------This File
C:\WINDOWS\jepezune.exe<---------This File
C:\Documents and Settings\All Users\Application Data\mbkjsrul<---------This Folder

• Empty the recycle bin.

If that does not work then repeat the process in safe mode. See how to boot into Safe mode HERE.
***DO NOT USE MSCONFIG TO BOOT INTO SAFE MODE***

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach the log in your next reply.
• If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

AVG Anti-Spyware - 1st Part

Please download the trial version of AVG Anti-Spyware here and install it.
When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:

• Click the Update icon at the top and under Manual Update click the Start update button.
• The program will either update or inform you that no update was available.
• It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).

Please set up the program as follows:

• Click the Shield icon at the top and under Resident shield is... click active. This should now
  change to inactive.
• Click the Update icon and untick the automatic update option.
• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act? - make sure that Quarantine is selected.
  • Under How to scan? - All checkboxes should be ticked.
  • Under Possibly unwanted software - All checkboxes should be ticked.
  • Under Reports - Select Do not automatically generate reports.
  • Under What to scan? - Select Scan every file.

Close all open windows.
Do not run a scan yet.

AVG Anti-Spyware - 2nd Part

Start AVG Anti-Spyware

• Click on Scanner on the toolbar.
• Click on Complete System Scan to start the scan process.
• Let the program scan your computer.
• When the scan has finished, follow the instructions below:
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Tray Icon and select Exit.
• Now attach the report back to this topic.

Run HijackThis again and post a fresh log.

In your next post you should have,
1) Malwarebytes report
2) AVG antispyware report
3) Fresh HijackThis report
4) Firewall installed
5) Updated status on how the computer is running


This thread is for the use of freakyferret only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[freakyferret]

i am behind a router i thouhgt that was the firewall b/c it has one in it i did not install one yet b/c i was not sure and also i can not get in to taskmanager

 

[kritius]

Did you do HJT before or after malwarebytes?

 

[freakyferret]

i did it after did not think it mattered pluse forgot where i saved log

 

[kritius]

Looking over them now.

 

[freakyferret]

any news on how it is and how i can get enable my taskmanger so that it works

 

[kritius]

Download RatsCheddar.zip
It contains a program written by Rathat, and it is a Policy Controller.
Save and extract this program to the desktop.
Once extracted, click on the RatsCheddar.exe file.
Enable everything, then click Exit
Reboot your Computer.

Fix this entry with HijackThis,

O4 - HKLM\..\Policies\Explorer\Run: [j6y1JNGg0p] C:\Documents and Settings\All Users\Application Data\mbkjsrul\gbivovud.exe

Delete this file,

C:\Documents and Settings\All Users\Application Data\mbkjsrul

 

[freakyferret]

did what you said got taskmanager back here is a new copy of hjt see any thing else i need to do

 

[kritius]

I would like you to do an online scan so that we can what else may be in your system,
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  o Scan using the following Anti-Virus database:
  o Extended (If available, otherwise use standard)
  o Scan Options:
  o Scan Archives
  o Scan Mail Bases
• Click OK
• Under select a target to scan, select My Computer
• The scan will take a while so be patient and let it run.
• Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
• Click the Save Report As... button (see red arrow below)
  
  
  
  
  
• In the Save as... prompt, select Desktop
• In the File name box, name the file
• In the Save as type prompt, select Text file (see below)
  
  
  
  
  
• attach the report in your next post.