TechSpot

Malware help: 8 step done, logs inside

By ArmyGTO
Dec 14, 2009
  1. So I just bought this laptop used and am working out a few of the kinks, this being one of the major ones. Its running Vista SP2, the main problem im noticing is whenever I use google to search for anything, the results will come up fine but if I click on the link it sends me to a completely random webpage making it nearly impossible for me to use google.

    Ive done the 8 steps and will post up my logs, I appreciate any help you guys can give me
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Hi ArmyGTO,

    Which Antivirus are you using? None :confused:
    Free Avira is recommended in the 8-Step Guide ;)
     
  3. ArmyGTO

    ArmyGTO TS Rookie Topic Starter

    Another one of the weird problems this computer has..

    Someone botched a Norton uninstall, Im stick with a few stubborn .dll files from symantec that prevent me from installing any kind of antivirus program because it still reads that theres an active program in play, so it makes my try to uninstall through the add/remove menu, of course norton is no longer there, I tried to remove them using the norton uninstaller and it also led me to the add/remove programs menu, Right now Im trying to work that problem and will be installing AVG9 as soon as I can figure it out
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    AVG9 is not in the 8-Step Removal guide :confused:
    I know because I partitioned to get rid of it originally ;)

    As requested install >>>>>> Free Avira

    Otherwise you will also need to do an online scan
     
  5. ArmyGTO

    ArmyGTO TS Rookie Topic Starter

    Ok took your advice, fixed the problem and installed avira free, starting a scan after the updates load
     
  6. ArmyGTO

    ArmyGTO TS Rookie Topic Starter

    Ran virus scan, it found 3 faults but the problem is still there, any advice?
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks for completing our preliminary 8 step removal guide


    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.
    -- If you encounter any problems, try running GMER in Safe Mode.
     
  8. ArmyGTO

    ArmyGTO TS Rookie Topic Starter

    Ok it took forever but heres the log, it found something
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Run GMER again.

    Right click these found entries:

    C:\Windows\System32\Drivers\uvklezrv.SYS
    C:\Windows\system32\winupdate86.exe
    C:\Windows\TEMP\avp.exe
    C:\Windows\TEMP\login.exe
    C:\Windows\TEMP\winlogon.exe

    Click Disable Service. Answer yes to any prompts. Click Delete Service and answer yes to any prompts. Click Kill File and press yes to any prompts.

    ---------------------------

    • Download The Avenger by Swandog46 from HERE.
    • Unzip/extract it to a folder on your desktop.
    • Double click on avenger.exe to run The Avenger.
    • Click OK.
    • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
    • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
    • In the avenger window, click the Paste Script from Clipboard, [​IMG] button.
    • You will be asked Are you sure you want to execute the current script?.
    • Click Yes.
    • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
    • Click Yes.
    • Your PC will now be rebooted.
    • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
    • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
    • Please attach[​IMG] this log, along with a new HijackThis log in your next reply.

    -------------------
    We also need to remove the registry entry: HKLM\SYSTEM\CurrentControlSet\Services\uvklezrv
     
  10. ArmyGTO

    ArmyGTO TS Rookie Topic Starter

    Im having a ton of problems now, GMER wont run all the way without errors.

    C:\Windows\System32\Drivers\uvklezrv.SYS wont let me disable it/kill it etc. etc. Im going to restart from step 1 and try this again
     
  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...