This thing wont go away! I dont know enough to do it without help. I have Combofix, ad-aware 2007, spybot SD, wintools.net professional, and AVG. I ran Combofix and created a log but i didnt fix anything cause i dont know what it will do. Any help?
Generic6.aeph please help
- Thread starter Mr. Invisable
- Start date
- Status
kritius
Posts: 2,077 +0
Hi Mr. Invisable, :wave:
I need you to follow all the steps HERE and then post back with the three requested logs as attachments
Dont forget to make sure that AVG is set to quarantine the results, that HJT is the last step and to let us know the results of the antirootkit scan.
Good luck and welcome to techspot.
This thread is for the use of Mr. Invisable only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I need you to follow all the steps HERE and then post back with the three requested logs as attachments
- AVG antispyware
- ComboFix
- Hijackthis (step 15)
Dont forget to make sure that AVG is set to quarantine the results, that HJT is the last step and to let us know the results of the antirootkit scan.
Good luck and welcome to techspot.
This thread is for the use of Mr. Invisable only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
hmmm
I did most of the steps but ran into problems with 64bit compatability. Also when I ran AVG I set it to qurentine but in the log it still says they were ignored yet they are in my qurentine section. Here are the logs that I could get. The panda antirootkit also would not run on my OS. I also had to use the Combofix alternet because it wouldnt run.
I did most of the steps but ran into problems with 64bit compatability. Also when I ran AVG I set it to qurentine but in the log it still says they were ignored yet they are in my qurentine section. Here are the logs that I could get. The panda antirootkit also would not run on my OS. I also had to use the Combofix alternet because it wouldnt run.
momok
Posts: 2,127 +6
Your system is horribly infected. This what happen when you download cracks. 99.99% out there just get you into trouble like now.
I haven't had much experience in cleaning 64-bit systems either (the last time I cleaned one was last year) but I'll try my best to help anyway. No guarantees from me.
Firstly, please answer the following questions.
Regards,
momok =)
This thread is for the use of Mr. Invisable only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I haven't had much experience in cleaning 64-bit systems either (the last time I cleaned one was last year) but I'll try my best to help anyway. No guarantees from me.
Firstly, please answer the following questions.
- What problems with which programs are you facing the 64bit compatibility with exactly?
- What anti virus are you using?
- Have you run a full system scan with you anti-virus in safe mode?
- Boot into safe mode under your normal user name. See how HERE
- Next turn on "Show all files and folders, including hidden and system". See how HERE
- Run AVG Antispyware again and quarantine all results.
- Go to start > Control Panel > Add and Remove Programs.
Remove anything related to the following:
Deewoo Network Manager removal
Enhancement Browser Tools Targetedbanner
Poser 7
WinSecureAv < A ROGUE program.
- Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:
rwwnw64d.exe
atgban.dll
kcntokwd.exe
ugac.exe
bm.exe
kcntokwd.exe
- After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: 0 - {09F036CB-1F13-470E-039E-155A52116B94} - C:\Program Files (x86)\Outlook Express\baqu361.dll (file missing)
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\SysWow64\atgban.dll
O2 - BHO: (no name) - {3E14C3C3-0577-71D8-5716-2C00B8B0DDCD} - C:\WINDOWS\SysWow64\suy.dll
O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll (file missing)
O4 - HKLM\..\Run: [{00-04-42-28-DW}] c:\windows\SysWow64\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\SysWow64\Rundll32.exe "C:\WINDOWS\SysWow64\atgban.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\SysWOW64\kcntokwd.exe DWram
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~2\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files (x86)\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - Startup: Deewoo.lnk = C:\WINDOWS\SysWOW64\kcntokwd.exe
Close HJT.
- Navigate to the following folder.
C:\Documents and Settings\Administrator\Application Data
Check to see if there are two folders named "Oracle". If so, arrange your folders in alphabetical order and delete the one that is out of the order.
If not, let me know.
Delete the following files and folders in bold.
C:\Program Files (x86)\Outlook Express\baqu361.dll
C:\WINDOWS\SysWow64\atgban.dll
C:\WINDOWS\SysWow64\suy.dll
C:\WINDOWS\TinyBHO.dll
c:\windows\SysWow64\rwwnw64d.exe
C:\WINDOWS\SysWOW64\kcntokwd.exe
C:\WINDOWS\system32\substpntx8.dll
C:\WINDOWS\system32\winpfz37.sys
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\unvise32.exe
C:\WINDOWS\unins000.exe
C:\WINDOWS\unins000.dat
C:\Program Files (x86)\Common Files\AVSystemCare
C:\AVSystemCare
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\Documents and Settings\Administrator\Application Data\Poser 7
C:\WINDOWS\TXIuSW52aXNhYmxl
C:\WINDOWS\system32\xTmp
C:\WINDOWS\system32\winz1
C:\WINDOWS\system32\usnv
C:\WINDOWS\system32\IDME
C:\WINDOWS\system32\aqVreo01
- Reboot into normal mode and rehide your protected OS files.
Regards,
momok =)
This thread is for the use of Mr. Invisable only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I cant get the combofix or the panda antiroot to work. Instead of combofix I used the DSS. Im running AVG 2007, AVG antivirus 7.5, Spybot and Ad-Aware 2007. As far as the cracks go.... well lets just say im not trusting my friend when he says "Try this program". I also didnt know my computer was this infected, I only knew about the generic6.aeph. One last thing before I follow all your instructions, all my shields are turned off because when i turn them back on they wig out and keep asking me to heal the !update.exe and the antivirus asks me to quarintine the virus. (this happens every ten seconds Gerrrr) so they are off for right now till i get some advise. Thank you very much and i will be posting results soon....
My computer is starting to lagg really bad now hmmmm. I would consider formating but its a pain in the neck to do to get it all back and set up. I hope your able to help .
Fixed the lagging problem and the Generic6.aeph seems to be inactive but it still gets picked up by the scanner. Now this is the only thing the scanners pick up. So after i get rid of the generic6.aeph ill be good to go
- Status
Similar threads
Latest posts
-
Microsoft VASA tech can create realistic deepfakes using a single photo and one audio track- Squid Surprise replied
-
Amazon denies reports it started a business just to spy on rivals- nitebird replied
-
Nvidia GeForce RTX 3050 6GB Review: Quiet Release, Dodgy Name- captaincranky replied