Cant get rid of Darksma
- Thread starter P.Diddy
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Yes, that`s a very good thing.
Once you`ve posted the requested log files, I`ll be able to advise you further.
Regards Howard
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Once you`ve posted the requested log files, I`ll be able to advise you further.
Regards Howard
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
howard_hopkinso
Posts: 21,238 +17
Your AVG Antispyware log says all items have been "Ignored". This is because you haven`t followed the instructions properly for using AVG Antispyware. SEE HERE.
If you follow the instructions is step12 of this thread HERE, it tells you how to use Combofix.
In the meantime, please do the following exactly as instructed.
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {44218730-94E0-4b24-BBF0-C3D8B2BCE2C3} - C:\WINDOWS\system32\tmp79.tmp.dll
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\cbxxut.dll",sitypnow
O20 - Winlogon Notify: iasgmt - C:\WINDOWS\SYSTEM32\iasgmt.dll
Click on the fix checked button.
Close HJT.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.
These are the filepaths you need to enter into Killbox.
C:\WINDOWS\SYSTEM32\iasgmt.dll
C:\WINDOWS\cbxxut.dll
C:\WINDOWS\system32\tmp79.tmp.dll
Once your system has rebooted, rehide your protected OS files.
Post fresh HJT, AVG Antispyware and Combofix logs.
Regards Howard
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
If you follow the instructions is step12 of this thread HERE, it tells you how to use Combofix.
In the meantime, please do the following exactly as instructed.
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {44218730-94E0-4b24-BBF0-C3D8B2BCE2C3} - C:\WINDOWS\system32\tmp79.tmp.dll
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\cbxxut.dll",sitypnow
O20 - Winlogon Notify: iasgmt - C:\WINDOWS\SYSTEM32\iasgmt.dll
Click on the fix checked button.
Close HJT.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.
These are the filepaths you need to enter into Killbox.
C:\WINDOWS\SYSTEM32\iasgmt.dll
C:\WINDOWS\cbxxut.dll
C:\WINDOWS\system32\tmp79.tmp.dll
Once your system has rebooted, rehide your protected OS files.
Post fresh HJT, AVG Antispyware and Combofix logs.
Regards Howard
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Unfortunately, you have posted your HJT log from safe mode. I need to see a fresh HJT log from normal mode.
Regards Howard
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Delete all files in AVG Antispyware quarantine.
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.
2. Download the attached avengerscript.txt and save it to your desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by double clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh Combofix log.
Regards Howard
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.
2. Download the attached avengerscript.txt and save it to your desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by double clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh Combofix log.
Regards Howard
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
That looks ok. However, you didn`t post a fresh Combofix log as requested.
Regards Howard
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso said:
Regards Howard
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
That looks ok.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of P.Diddy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
Latest posts
-
New Affordable AMD B650 Motherboard Roundup- Loadedaxe replied
-
Sony's Ghost of Tsushima brings familiar PlayStation features to PC- WhiteLeaff replied
