Hello and help with malware problem.

[wendall]

Hello all,

yesterday i seem to have gotten an infection on my computer and i tried my best to follow your removal instructions.

two specific things that were happening was i was getting pop-ups galore as if my computer was possessed. i googled a ufc 68 fight and while watching the video stuff started to get downloaded and since i couldn't do anything to stop it i pulled the cable. then i would hear clicks as if folders and websites were being opened and accessed but i wouldn't see anything on screen.

also when i shut down my computer i kept getting a messeage to end program brdr.

after going through your steps both of these went away. i no longer get popups and no more program brdr but i'm concerned that there may be more than what i could obviously observe. the only thing that effects me now is that i can no longer access my vanguard (mmo) game anymore

here are the attachments for you to see. i'll be looking foward to any help. i forgot to save the avg antispyware log and there were no results for antiroot kit. i can post my antispyware log if need.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your HJT log is from safe mode. I need to see a HJT log from normal mode please.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply.

Also attach fresh HJT, Combofix and AVG Antispyware logs from Normal mode.

Regards Howard :wave: :wave:

This thread is for the use of wendall only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[wendall]

thanks for the response howard.

quick question. my main harddrive is label H: and i just installed a second one which is labeled C:. the avenger script is

------------------
Files to delete:
H:\WINDOWS\system32\wcpigokr.exe



Folders to delete:
C:\VundoFix Backups
C:\qoobox
-----------------
do i need to alter the folders to delete from c: to h:? after the boot the notes said it could not fide the folders to delete because the path says c: but the folder qoobox does exist in h:

 

[howard_hopkinso]

My mistake, fixed now.

All files and folders should have said H and not C.

Regards Howard

 

[wendall]

here are those files in normal mode.

 

[howard_hopkinso]

Your system looks pretty clean.

All items in your AVG Antispyware log say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {0620C079-8A71-470A-59BB-D03BA5F2E97F} - H:\Program Files\WindowsUpdate\sahuxonu.dll (file missing)

O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)

O24 - Desktop Component 0: (no name) - H:\Program Files\WindowsUpdate\wuoqymihde.html

Click on the fix checked button.

Close HJT and reboot your system.

Post fresh a fresh HJT log and a fresh AVG Antispyware log, only if it finds anything.

Regards Howard

This thread is for the use of wendall only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[wendall]

thanks a lot for your help.

i fixed the 3 files with hjt and they were no longer there after reboot. on my previous avg antispyware log, i saved the report before i quarantined/deleted the tracking cookies.

attached is the last hgt and avg antispyware log.

two questions.

1. even after i delete the tracking cookies, they will keep returning. is there something that i'm missing that is causing this? i can delete them and then reboot my computer and will still find more on my next scan.

2. would you have any idea why my launcher for my mmo game vanguard no longer works? well it will launch but will be extremely slow. it used to take 2 minutes but now 45mins and will error out. somewhere between steps13 (where i logged into safe mode) and now was when it stopped working. step13 was also where i noticed my 2 main problems had gone away, the brdr ending program and the extreme unsolicited popups. any idea?

 

[howard_hopkinso]

Your log files are clean.

However it appears you`re not running any antivirus or firewall software. This is a huge security risk.

Instructions for installing antivirus and firewall programmes are in this thread HERE.

Once installed and updated, you should run a full system scan and delete whatever is found, including anything in the virus vault/quarantine.

Your tracking cookie problems could be greatly reduced by using an alternative browser, rather than IE.

Firefox or Opera are both extremely good and safe browsers.

Also, the use of Cleaner as in step9 of these instructions, will help to clear out cookies.

I`m not sure what the problem is with your mmo game vanguard. Perhaps a reinstall of the game would solve the problem.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of wendall only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.