TechSpot

Another virus

By brutalhoe
Jul 6, 2007
  1. it was kinda funny i tryed to find a crack for Nero instead dled virus which i find preatty cool the way it works0changed my time and such so no updates were avalible and i couldnt even validate my windows cuz i just instaled plus myantivir would work it was preaty carzy) anyway here the reports and rootkit didnt find anything and i dont really see anything symptoms now.
    Thank you again gor your help,hope to hear from you guys soon.4
    actually there are some symptoms i cant activate my resident protection for avast4.7 everytrime i change it to hight or normal it disablels and and doesnt even work usually there is 2 icon on the taskbar E and A but they dont show up there i even reinstaled it few times still same thing also samething happening to AVG spyware after enter activation key it avtivate real time protection and everything like it suppost to but as soon as i close it or minimize it and than open or restore it asks for activation key and real time and update are no longer avalable.
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I notice your log files says
    "Logfile of Trend Micro HijackThis v2.0.2"

    As far as I know, the latest version is 2.0.0, and I've checked the author's site as well as downloaded a fresh copy of HijackThis to confirm.

    The fact that your logfiles shows v2.0.2 is very fishy indeed. May I know where you obtained your HijackThis from?

    I suggest you visit the link in my signature and download a fresh copy just in case yours is corrupted.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

    Boot into safe mode under your normal user name. See how HERE
    Next turn on "Show all files and folders, including hidden and system". See how HERE

    1. Go to start > run and type msconfig. Press the enter key.
      Search for the following services and uncheck them to disable their startup.

      Alcmtr

    2. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

      O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll

      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

      Close HJT.
    3. Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.

      [​IMG]

      This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

    4. Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of brutalhoe only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. brutalhoe

    brutalhoe TS Rookie Topic Starter Posts: 45

  4. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I rechecked the site; indeed a new version is out. I will amend the instructions accordingly.

    Please follow these instructions carefully.

    1. Download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached "avengerscript.txt" (from my attachment) and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the attachment avengerscript.txt you have just downloaded, click on it and press open.
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT, ComboFix and AVG Antispyware log.


    Regards,
    Your friendly momok =)

    This thread is for the use of brutalhoe only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. brutalhoe

    brutalhoe TS Rookie Topic Starter Posts: 45

    here it is,i had to put combofix in zip cuz i couldnt upload it
     
  6. momok

    momok TS Rookie Posts: 2,265

    Hi,

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE
    Next turn on "Show all files and folders, including hidden and system". See how HERE

    1. Go to start > run and type msconfig. Press the enter key.
      Search for the following service and disable it by unchecking beside its name. Press Ok but do not restart yet.

      alcmtr

    2. Navigate in Windows Explorer and delete the following files and folders in bold.

      C:\WINDOWS\Alcmtr.exe

    3. Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, and ComboFix logs from normal mode as attachments into this thread.

    On the brighter side, your logs are looking fairly clean now. Are you still facing malware related problems?


    Regards,
    Your friendly momok =)

    This thread is for the use of brutalhoe only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...