TechSpot

Generic6.aeph please help

By Mr. Invisable
Apr 5, 2008
  1. This thing wont go away! I dont know enough to do it without help. I have Combofix, ad-aware 2007, spybot SD, wintools.net professional, and AVG. I ran Combofix and created a log but i didnt fix anything cause i dont know what it will do. Any help?
     
  2. kritius

    kritius TS Guru Posts: 2,084

    Hi Mr. Invisable, :wave:

    I need you to follow all the steps HERE and then post back with the three requested logs as attachments
    • AVG antispyware
    • ComboFix
    • Hijackthis (step 15)

    Dont forget to make sure that AVG is set to quarantine the results, that HJT is the last step and to let us know the results of the antirootkit scan.

    Good luck and welcome to techspot.

    This thread is for the use of Mr. Invisable only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Mr. Invisable

    Mr. Invisable TS Rookie Topic Starter

    hmmm

    I did most of the steps but ran into problems with 64bit compatability. Also when I ran AVG I set it to qurentine but in the log it still says they were ignored yet they are in my qurentine section. Here are the logs that I could get. The panda antirootkit also would not run on my OS. I also had to use the Combofix alternet because it wouldnt run.
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Im going to request some help on this one because 64bit machines are extremely awkward, hopefully they'll get back to you soon.
     
  5. momok

    momok TS Rookie Posts: 2,265

    Your system is horribly infected. This what happen when you download cracks. 99.99% out there just get you into trouble like now.

    I haven't had much experience in cleaning 64-bit systems either (the last time I cleaned one was last year) but I'll try my best to help anyway. No guarantees from me.
    Firstly, please answer the following questions.

    1. What problems with which programs are you facing the 64bit compatibility with exactly?
    2. What anti virus are you using?
    3. Have you run a full system scan with you anti-virus in safe mode?
    You may wish to copy and paste these instructions on notepad for easier reference later.

    1. Boot into safe mode under your normal user name. See how HERE
    2. Next turn on "Show all files and folders, including hidden and system". See how HERE
    3. Run AVG Antispyware again and quarantine all results.

    4. Go to start > Control Panel > Add and Remove Programs.
      Remove anything related to the following:
      Deewoo Network Manager removal
      Enhancement Browser Tools Targetedbanner
      Poser 7
      WinSecureAv
      < A ROGUE program.

    5. Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:
      rwwnw64d.exe
      atgban.dll
      kcntokwd.exe
      ugac.exe
      bm.exe
      kcntokwd.exe


    6. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

      F2 - REG:system.ini: UserInit=userinit
      O2 - BHO: 0 - {09F036CB-1F13-470E-039E-155A52116B94} - C:\Program Files (x86)\Outlook Express\baqu361.dll (file missing)
      O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\SysWow64\atgban.dll
      O2 - BHO: (no name) - {3E14C3C3-0577-71D8-5716-2C00B8B0DDCD} - C:\WINDOWS\SysWow64\suy.dll
      O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll (file missing)

      O4 - HKLM\..\Run: [{00-04-42-28-DW}] c:\windows\SysWow64\rwwnw64d.exe DWram
      O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\SysWow64\Rundll32.exe "C:\WINDOWS\SysWow64\atgban.dll" DllStart
      O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\SysWOW64\kcntokwd.exe DWram
      O4 - HKLM\..\Run: [ugac] "C:\PROGRA~2\COMMON~1\AVSYST~1\ugac.exe" -start
      O4 - HKLM\..\Run: [bm] "C:\Program Files (x86)\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
      O4 - Startup: Deewoo.lnk = C:\WINDOWS\SysWOW64\kcntokwd.exe

      Close HJT.

    7. Navigate to the following folder.
      C:\Documents and Settings\Administrator\Application Data
      Check to see if there are two folders named "Oracle". If so, arrange your folders in alphabetical order and delete the one that is out of the order.
      If not, let me know.

      Delete the following files and folders in bold.
      C:\Program Files (x86)\Outlook Express\baqu361.dll
      C:\WINDOWS\SysWow64\atgban.dll
      C:\WINDOWS\SysWow64\suy.dll
      C:\WINDOWS\TinyBHO.dll
      c:\windows\SysWow64\rwwnw64d.exe
      C:\WINDOWS\SysWOW64\kcntokwd.exe
      C:\WINDOWS\system32\substpntx8.dll
      C:\WINDOWS\system32\winpfz37.sys
      C:\WINDOWS\system32\targetedbanner-uninst.exe
      C:\WINDOWS\unvise32.exe
      C:\WINDOWS\unins000.exe
      C:\WINDOWS\unins000.dat

      C:\Program Files (x86)\Common Files\AVSystemCare
      C:\AVSystemCare
      C:\Documents and Settings\All Users\Application Data\SalesMon
      C:\Documents and Settings\Administrator\Application Data\Poser 7
      C:\WINDOWS\TXIuSW52aXNhYmxl
      C:\WINDOWS\system32\xTmp
      C:\WINDOWS\system32\winz1
      C:\WINDOWS\system32\usnv
      C:\WINDOWS\system32\IDME
      C:\WINDOWS\system32\aqVreo01

    8. Reboot into normal mode and rehide your protected OS files.
    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread. Do not copy and paste the logs.


    Regards,
    momok =)

    This thread is for the use of Mr. Invisable only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. Mr. Invisable

    Mr. Invisable TS Rookie Topic Starter

    I cant get the combofix or the panda antiroot to work. Instead of combofix I used the DSS. Im running AVG 2007, AVG antivirus 7.5, Spybot and Ad-Aware 2007. As far as the cracks go.... well lets just say im not trusting my friend when he says "Try this program". I also didnt know my computer was this infected, I only knew about the generic6.aeph. One last thing before I follow all your instructions, all my shields are turned off because when i turn them back on they wig out and keep asking me to heal the !update.exe and the antivirus asks me to quarintine the virus. (this happens every ten seconds Gerrrr) so they are off for right now till i get some advise. Thank you very much and i will be posting results soon....
     
  7. Mr. Invisable

    Mr. Invisable TS Rookie Topic Starter

    My computer is starting to lagg really bad now hmmmm. I would consider formating but its a pain in the neck to do to get it all back and set up. I hope your able to help .
     
  8. Mr. Invisable

    Mr. Invisable TS Rookie Topic Starter

    Fixed the lagging problem and the Generic6.aeph seems to be inactive but it still gets picked up by the scanner. Now this is the only thing the scanners pick up. So after i get rid of the generic6.aeph ill be good to go
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...