also @ TechSpot: Bill Gates is once again the richest person in the world

Can't start several programs or access some sites

Discussion in 'Virus and Malware Removal' started by Geoffrey, Nov 11, 2012.

Page 2 of 2

  1. Geoffrey Newcomer, in training Posts: 18

    I'm getting a Syntax error : 'Syntax error in line 2, Invalid file path.' In the TMP folder was a suspiciously looking xbeujjdm file though.
    Geoffrey, Nov 23, 2012
    #21

  2. Jay Pfoutz Malware Helper Posts: 4,286   +49

    • Double-click BlitzBlank.exe to run it.
    • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
    • Click the Script tab and copy/paste the following text there:
    • Click Execute Now. Your computer will need to reboot in order to kill the files.
    • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\
    Jay Pfoutz, Nov 24, 2012
    #22

  3. Geoffrey Newcomer, in training Posts: 18

    Still no luck. I get the same error as above.
    Geoffrey, Nov 24, 2012
    #23

  4. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please open Malwarebytes' Anti-Malware, and click More Tools tab. Under FileASSASSIN, click Run Tool.

    For each file listed below (this process only handles one file at a time), find its location, and you will see the name of the file in the Filename box, then click Open.

    Files to delete using FileASSASSIN:
    C:\TMP\rsjinqaf.sys
    C:\TMP\gvgaehbg.exe
    C:\D & S\Prezes\Menu Start\Programy\Autostart\gvgaehbg.exe

    The FileASSASSIN will then delete the file, or ask you to reboot your computer in order to delete it. Please allow it to reboot, if necessary.

    Run Malwarebytes' Anti-Rootkit again and post a log please.
    Jay Pfoutz, Nov 25, 2012
    #24

  5. Geoffrey Newcomer, in training Posts: 18

    I couldn't find the mentioned files with FA. Neither of them. I've run the the scan though :

    Malwarebytes Anti-Rootkit 1.1.0.1009
    www.malwarebytes.org

    Database version: v2012.11.25.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.13
    Prezes :: KOMP [administrator]

    2012-11-25 22:00:21
    mbar-log-2012-11-25 (22-00-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled: PUP | PUM | P2P
    Objects scanned: 26355
    Time elapsed: 4 minute(s), 25 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Delete on reboot. [562bc5f414493bfb413c1a5df909b050]
    HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Delete on reboot. [ed940dac62fb0c2a1f5d067138ca857b]

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 3
    HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot. [077a3188c39a999d03f454d4eb19c739]
    HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot. [463bdfda5c01221464947cac8c780ff1]
    HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot. [7b068f2a75e872c433c664c4719356aa]

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    Geoffrey, Nov 25, 2012
    #25

  6. Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
    Jay Pfoutz, Nov 26, 2012
    #26
     

  7. Geoffrey Newcomer, in training Posts: 18

    I can't go onto the site. It doesn't load on this pc for me at all.
    Beside the not being able to start programs and blocking sites, I don't seem to be experiencing any other problems like slower computer or crashes, except for one thing. Windows is missing a sfc.dll and when I start the computer, I get an error message regarding that.
    Geoffrey, Nov 27, 2012
    #27

  8. Jay Pfoutz Malware Helper Posts: 4,286   +49

    SystemLook x86 scan

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Jay Pfoutz, Nov 27, 2012
    #28

  9. Geoffrey Newcomer, in training Posts: 18

    SystemLook 30.07.11 by jpshortstuff
    Log created at 22:30 on 27/11/2012 by Prezes
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "sfc.dll"
    C:\WINDOWS\system32\sfc.dll --a---- 5120 bytes [12:00 15/04/2008] [12:00 15/04/2008] 71C6AB6EB8CF1190BAC7075F82BD8F05

    -= EOF =-
    Geoffrey, Nov 27, 2012
    #29

  10. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Next thing to enter to SystemLook to do a scan:

    :regfind
    sfc.dll
    Jay Pfoutz, Nov 28, 2012
    #30

  11. Geoffrey Newcomer, in training Posts: 18

    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:22 on 28/11/2012 by Prezes
    Administrator - Elevation successful

    ========== regfind ==========

    Searching for "sfc.dll"
    No data found.

    -= EOF =-
    Geoffrey, Nov 28, 2012
    #31

  12. Jay Pfoutz Malware Helper Posts: 4,286   +49

    • Please download Unhide by Grinler from here and save it to your desktop.
    • Double click unhide.exe to run the tool.
    • It will take some time to go through all your files, so please be patient.
    • Post any logs..
    Jay Pfoutz, Nov 29, 2012
    #32

  13. Geoffrey Newcomer, in training Posts: 18

    The program did not create any logs. Or at least there weren't any on the desktop.
    Geoffrey, Nov 30, 2012
    #33

  14. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [IMG]


    Go to Start Repairs tab and click Start button.

    [IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [IMG]

    Click on box next to the Restart System when Finished. Then click on Start.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
    Jay Pfoutz, Nov 30, 2012
    #34

  15. Geoffrey Newcomer, in training Posts: 18

    I already ran this program and the error wasn't repaired. I can see that I broke my stuff too much and any help might be too late. In order to stop wasting my own and more importantly your time, I decided that I will simply reinstall windows on the computer. Nonetheless thanks a lot for the help you gave me. Your answers were very helpful and professional. It was the fault of my silly kind of trying to fix stuff that got in the way.

    tl:dr Close the thread
    Geoffrey, Dec 2, 2012
    #35

  16. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Thanks for letting me know....and as you wish.
    Jay Pfoutz, Dec 3, 2012
    #36
Page 2 of 2
Topic Status:
Not open for further replies.

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.