Darksma Virus. Please Help.

[roman090109]

Hi everyone. I'm new here and I just discovered I have a Darksma virus. CA keeps showing and everytime I quarantine it, but it keeps coming up. Help is very much appreciated!

 

[roman090109]

hijack file

ok i attached the hijack this file can someone please help me?

 

[mflynn]

Hello roman090109

Welcome aboard!

Reboot clean run no other Apps.

Go here and do all 8 Steps carefully and completely!
The 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Attach all the logs.

Then Reboot to Safe Mode only (not with networking) and run MalwareBytes and SAS Full Scans again until they either come up clean or find something they can not clean.

Then reboot back to normal and attach yet another HJT log.

Mike

 

[roman090109]

logs

I attached the malware and sas logs as well, and now im gonna boot in safe mode and do the scans again. It seems to be going a lot faster now but for some reason Darksma keeps coming up everytime I do a CA scan even though my system seems fine.

 

[mflynn]

Wow you were eaten up!

You are doing a great job.

Just don't shortcut and do all my instructions carefully step by step

Make sure when back from safe mode to post a HJT log this time along with the new logs from MWBAM and SAS.

Mike
EDIT Ignore CA for the time being!

 

[roman090109]

Ok, here are the logs after scaninng.

 

[mflynn]

See you are online.

5 minutes for next post.

Mike

 

[roman090109]

yes i'm online. i think everything's all right now, but im not exactly sure.

 

[mflynn]

Run HJT Scan only select and remove all the below.

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL zyqbvc.dll
O18 - Filter hijack: text/html - {8b2f7558-6566-4816-bb78-e5b9703e64c5} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

MWBAM log was not clean.

Update it again then run again attach log.

Reboot immediatly post new HJT log!

Mike

 

[roman090109]

ok, here are the new logs.

 

[roman090109]

i think (and hope) everything's ok now,....CA isnt showing it anymore,......

 

[mflynn]

Looks good except for the below.

Run HJT Scan only select for removal the below.

O2 - BHO: (no name) - Software - (no file)
O18 - Filter hijack: text/html - {8b2f7558-6566-4816-bb78-e5b9703e64c5} - (no file)
O20 - Winlogon Notify: gebbbax - gebbbax.dll (file missing)

Reboot and 1 more HJT log, I think the last.

Mike

 

[roman090109]

ok here is the new log.

 

[mflynn]

Hi Roman

I think you are in good shape.

But there is one more item

O18 - Filter hijack: text/html - {8b2f7558-6566-4816-bb78-e5b9703e64c5} - (no file)

That did not clear and if we assume it may come back to bite us.

And by now you know I am thorough don't you. I hope that is what you wanted and expected.

The below is way easier than it looks but we need to do it.

The below looks big and complex but just step thru my steps.

Reboot clean run no Apps!

Download SDFix to Desktop among other things it runs GMER and Catchme to look for RootKits.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into regular Safe Mode (not with networking)

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SDFix. Double-click to enter SDFix.

Double-click to execute RunThis.bat. Type Y to begin.

SDFix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished, hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.

Attach the Report.txt file to your next post.

=========================================
Immediately without executing other Apps do the following

Download OTScanIt:

http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe

Close all Apps and Browsers

Download and save to Desktop and Dbl Click to extract the files to an OTScanIt Folder.

If Firewall or other Security or Malware protections pop you should allow them to let OTScanit to run.

Enter the OTScanit folder and run OTScanit.exe.

In Additional Scans select BotCheck, Disabled MS Config Items and Eventviewer Errors/Warnings

Top Left click Run Scan.

The scan can take some time so allow it time.

Then finished a log will open, save log, post back as an Attachment.

Mike