TechSpot

Infected Computer Need Help

By CannonComp
Mar 31, 2008
  1. my computer has been infected with a number of Adware and Malware and it is seriously effecting my computers proformance.

    The main things that show up when i use Spyware Doctor are:

    Application.TrackingCookies
    Adware.Advertising
    Trojan-downloader.conhook(this only sometimes shows up on scan results)

    what to i do?

    Also when i try to open my documents, control panel, my computer ect the computer turns these programs down
     
  2. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    Here is the HJT log

    (old log)
     
  3. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    Please anybody?

    If i dont get any help all i can think of is to reinstal windows
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Next please follow these instructions. Your version of Hijackthis is out of date

    First please go to Start -> Control Panel -> Add/remove programs and uninstall Hijackthis.

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
    • After installing, the program launches automatically, close it.

    Next,

    I need you to follow all the steps HERE and then post back with the three requested logs as attachments
    • AVG antispyware
    • ComboFix
    • Hijackthis (step 15)

    Dont forget to make sure that AVG is set to quarantine the results, that HJT is the last step and to let us know the results of the antirootkit scan.
     
  5. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    Thanks for the post i am just following the instructions now
     
  6. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    This is the DSS log
     
  7. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    This is the New HJT Log

    I couldnt qaurantine the Anti Spyware program so i didnt bother putting a log on for that
     
  8. kritius

    kritius TS Guru Posts: 2,084

    Combofix not work then? You only need to do DSS if you couldnt get combo running.
     
  9. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    You need to clear everything from this folder also ->C:\Users\Peter\AppData\Local\Temp
     
  10. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    i deleted some of i before and now when i boot up it comes up with errors and i dont have a desktop background

    cant delete "low" "~DF7E03" "~ROMFN_000008C4" "qomnm"
     
  11. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    yer combofix didnt work so i just folowed instructions and did tht1 instead
     
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Did you have a custom desktop from somewhere on the web

    Those other files are probably in use, which is fine
     
  13. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    nope i had a desktop that was supplied with the computer
     
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    You should easily be able to set it again. As for the errors what are they referencing?
     
  15. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    it says that a file is missing not sure what 1 it is though

    also i tryed to get it back and i couldnt it might have something to do with the virus/malware
     
  16. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Removed***** Posting Full instructions below
     
  17. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    thanks for the help im going for the night but i will try it again tommorow and see what happens i will then report back
     
  18. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Run Smitfraudfix
    • Download Smitfraudfix by S!ri from HERE
    • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    • Double-click SmitfraudFix.exe
    • Select 2 and hit Enter to delete infected files.
    • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Navigate to C:\Windows\Temp
    Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

    Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
    Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

    -------------------------------------------------------------------------------------------------------------------------------------------
     
  19. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    ok i rebooted after running thoose scans and this time no errors came up however when i try to go into control panel to change my background the task bar disappears and then control panel shuts down

    Also Tea Timer was off before

    edit- when i rebooted a second time it came up with the following messages:

    Error loading C:\users\(name of user)\Appdata\local\Temp\:

    ibgnwwpj.dll
    aunkvdam.dll
    wghdwilg.dll
    qomnm.dll

    The specified module could not be found
     
  20. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Have you ran smitfraudfix yet?
     
  21. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    I have run SmitFraudFix but the log is too big
    what should i do?
     
  22. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    That's what I thought. Can you please click on my name and select send an email to blind dragon. For the subject put Cannoncomp - Smitfraud

    Run Hijackthis again and attach the log in this thread
     
  23. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    Ok E-Mail sent and here is the HJT log that you asked for
     
  24. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Let's see if combofix will work for you. If it does, it should make this a lot easier.
    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
     
  25. CannonComp

    CannonComp TS Rookie Topic Starter Posts: 23

    Malwarebytes' Anti-Malware 1.10
    Database version: 589

    Scan type: Quick Scan
    Objects scanned: 31280
    Time elapsed: 4 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MS Juan (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM25c01fcb (Trojan.Agent) -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...