TechSpot

Issues with internet, programs wouldn't open

By Dannolis
Sep 28, 2010
  1. Hello, recently it has become apparent to me that my computer's been infected- unfortanately I can't locate the source of this problem, however I do know that my antivirus spotted a couple of Trojans 1-2 days ago.

    At that stage, I was unable to open google chrome, microsoft word, task manager, windows media player, MS paint and a number of other programs. Before coming across the techspot forums (which I did a year or two ago to fix my computer then- to great success), I used Malwarebytes' Anti-Malware, and am pretty conviced that the trojans are gone- however, while I can open the other programs now, I still cannot open google chrome (after uninstalling and reinstalling- yet chrome.exe often shows up multiple times on the task manager) and my internet explorer often crashes over the smallest things.
    For the sake of this post, I'll post the initial Malwarebytes' Anti-Malware log, as the second (when I was working through the 8-step removal process) shows only clean results.

    Thanks for the help.
     

    Attached Files:

  2. crunchie

    crunchie Malware Helper Posts: 728

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
     
  3. Dannolis

    Dannolis TS Rookie Topic Starter

    Combofix log attached.
     

    Attached Files:

  4. crunchie

    crunchie Malware Helper Posts: 728

    Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

    c:\windows\Lkufob.exe
     
  5. Dannolis

    Dannolis TS Rookie Topic Starter

    http://virusscan.jotti.org/en/scanresult/f5772de11a61f96f0420f90f65a0ca26151ebfec

    Filename: Lkufob.exe
    Status: Scan finished. 12 out of 19 scanners reported malware.
    Scan taken on: Wed 29 Sep 2010 02:22:12 (CET)


    2010-09-29 Heur.W32 2010-09-28 Trojan:W32/Agent.DONP
    2010-09-28 Win32:Trojan-gen 2010-09-29 Gen:Variant.Kazy.904
    2010-09-28 Downloader.Generic10.UPN 2010-09-28 Found nothing
    2010-09-28 TR/Zlob.228352.A 2010-09-28 Win32/TrojanDownloader.FakeAlert.AQI
    2010-09-28 Gen:Variant.Kazy.904 2010-09-28 Found nothing
    2010-09-28 Found nothing 2010-09-28 Found nothing
    2010-09-29 Found nothing 2010-09-28 Mal/FakeAV-CX
    2010-09-29 Trojan.DownLoader1.22695 2010-09-28 Malware-Cryptor.Grygoryi.3
    2010-09-28 W32/Renos.A!Generic 2010-09-28 Found nothing
     
  6. crunchie

    crunchie Malware Helper Posts: 728

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad.exe in the Run Box.
    2. Now copy/paste the entire content of the codebox below into the Notepad window:
    Code:
    KillAll::
    
    File::
    c:\windows\Lkufob.exe
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Save the above as CFScript.txt

    4. Physically disconnect from the internet.

    5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

    6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
    • Combofix.txt
    Please take note:

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  7. Dannolis

    Dannolis TS Rookie Topic Starter

    2nd Combofix log attached.
     

    Attached Files:

  8. crunchie

    crunchie Malware Helper Posts: 728

    Sorry but I missed one :(.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad.exe in the Run Box.
    2. Now copy/paste the entire content of the codebox below into the Notepad window:
    Code:
    KillAll::
    
    File::
    c:\windows\Lkufoa.exe
    
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Save the above as CFScript.txt

    4. Physically disconnect from the internet.

    5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

    6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
    • Combofix.txt
    Please take note:

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    ==============

    Let me know how things are please.
     
  9. Dannolis

    Dannolis TS Rookie Topic Starter

    Ahh heh yeah I was wondering about that.
    Log attached.

    Everything seems to be running smoothly- are there any abnormalities remaining?
     

    Attached Files:

  10. crunchie

    crunchie Malware Helper Posts: 728

    Not seeing anything else there, but I wouldn't mind you doing an on-line scan to be sure.

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

     
  11. Dannolis

    Dannolis TS Rookie Topic Starter

    Log attached.
     

    Attached Files:

  12. crunchie

    crunchie Malware Helper Posts: 728

    Ok. Eset is able to also remove those files if you run it again and check the box.

    I know nothing of that Fruity thing it found. Do you know what it is?
     
  13. Dannolis

    Dannolis TS Rookie Topic Starter

    Well FLstudio is FruityLoops, a digital audio workstation for mixing and recording (etc) audio.
    Considering I have a more professional (albeit harder to use) piece of audio editing software, I won't have a problem having Eset clear it.

    Thanks for all your help, you guys are saviors.
     
  14. crunchie

    crunchie Malware Helper Posts: 728

    No worries :).

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC by OldTimer:
    Save it to your Desktop.
    Double click OTC.exe.
    Click the CleanUp! button.
    If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
     
  15. Dannolis

    Dannolis TS Rookie Topic Starter

    Thank you very much.
     
  16. crunchie

    crunchie Malware Helper Posts: 728

    You're welcome :).
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...