Malware help: 8 step done, logs inside

Status
Not open for further replies.

ArmyGTO

Posts: 6   +0
So I just bought this laptop used and am working out a few of the kinks, this being one of the major ones. Its running Vista SP2, the main problem im noticing is whenever I use google to search for anything, the results will come up fine but if I click on the link it sends me to a completely random webpage making it nearly impossible for me to use google.

Ive done the 8 steps and will post up my logs, I appreciate any help you guys can give me
 
Another one of the weird problems this computer has..

Someone botched a Norton uninstall, Im stick with a few stubborn .dll files from symantec that prevent me from installing any kind of antivirus program because it still reads that theres an active program in play, so it makes my try to uninstall through the add/remove menu, of course norton is no longer there, I tried to remove them using the norton uninstaller and it also led me to the add/remove programs menu, Right now Im trying to work that problem and will be installing AVG9 as soon as I can figure it out
 
AVG9 is not in the 8-Step Removal guide :confused:
I know because I partitioned to get rid of it originally ;)

As requested install >>>>>> Free Avira

Otherwise you will also need to do an online scan
 
Ok took your advice, fixed the problem and installed avira free, starting a scan after the updates load
 
Thanks for completing our preliminary 8 step removal guide


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
 
Run GMER again.

Right click these found entries:

C:\Windows\System32\Drivers\uvklezrv.SYS
C:\Windows\system32\winupdate86.exe
C:\Windows\TEMP\avp.exe
C:\Windows\TEMP\login.exe
C:\Windows\TEMP\winlogon.exe

Click Disable Service. Answer yes to any prompts. Click Delete Service and answer yes to any prompts. Click Kill File and press yes to any prompts.

---------------------------

  • Download The Avenger by Swandog46 from HERE.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
Files to move:
C:\Windows\System32\Drivers\uvklezrv.SYS
  • In the avenger window, click the Paste Script from Clipboard,
    pastets4.png
    button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please attach
    attach.gif
    this log, along with a new HijackThis log in your next reply.

-------------------
We also need to remove the registry entry: HKLM\SYSTEM\CurrentControlSet\Services\uvklezrv
 
Im having a ton of problems now, GMER wont run all the way without errors.

C:\Windows\System32\Drivers\uvklezrv.SYS wont let me disable it/kill it etc. etc. Im going to restart from step 1 and try this again
 
Status
Not open for further replies.
Back