Need help...again.

Status
Not open for further replies.

sublime487

Posts: 33   +0
I was experiencing some lag and was alt tabbing between windows when I accidently clicked a link that has seemingly infected my computer. I will be posting combofix and hijack this logs shortly, after spybot and AVG are finished.
 
Hi

Very Important: Malware infections can possibly lead to identity theft, loss of funds from bank accounts, misuse of credit card information etc. Therefore I strongly encourage you to please read this thread HERE before deciding what course of action to take regarding your infection.

Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

Also, please let me know the results of the AVG Antirootkit scan


Regards,
Your friendly momok =)

This thread is for the use of sublime487 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Here are the HJT and Combofix logs. I am disconnecting my computer from the internet and running AVG overnight. I will post a fresh AVG antiroot and antispyware log upon relogging. I had to split the Combofix log into two because it was too large. I am also downloading ZoneAlarm and Avast atm, I will run this in the morning and post fresh logs.
 
Ok post them when you are done. I'll provide you the instructions for cleaning at one go.

Regards,
Your friendly momok =)

This thread is for the use of sublime487 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
AVG anti-root keeps finding "C:\WINDOWS\system32\webpnt.exe" and I always have it remove it but it is back every time I reboot. Anyway, here are the rest of the logs, AVG anti-spyware and Spybod S&D are running atm so I can let you know how those turn out shortly.
 
Did you try running the anti-rootkit and anti-spyware utilities in Safe Mode? Some malware hide behind Windows security features to prevent being detected and removed. In Safe Mode these security features are removed or relaxed and then the malware is detected and removed. Try Safe Mode and repost with results.
 
K, I'll run all the anti-spyware and anti-rootkits that I have in Safe Mode. Then shall I repost the logs from HJT/Combofix/AVG immediately, or should I run them in normal mode and repost the new logs?
 
I ran all of the programs in Safe Mode and now my computer won't start up in Normal Mode--it just sits at a black screen until I manually reboot and start in Safe Mode. Also, AVG anti-root would not run in Safe Mode. Here are the logs from the programs that I ran in safe mode.
 
Hi,

Your system is horribly infected.

Very Important: Malware infections can possibly lead to identity theft, loss of funds from bank accounts, misuse of credit card information etc. Therefore I strongly encourage you to please read this thread HERE before deciding what course of action to take regarding your infection. In any case, it would be easier to do a reformat.

If you decide to clean your system, I will try my best to help you. Let me know your decision in your next reply.


Regards,
Your friendly momok =)

This thread is for the use of sublime487 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I will do whatever I can to get my computer to function properly. However, I do not have my original windows xp disc (I'm not sure if this makes a difference) so I don't know if reformatting, without buying a new disc, would be possible. I'd like to try to clean my system w/o a reformat. I use my computer to play video games. I do not do any online banking or online purchasing.

Could I reformat w/o purchasing another windows xp cd?
 
Hi,

I believe it would be possible to contact your manufacturer to obtain a copy of the CD for a small fee. I would still strongly recommend a reformat because of the extent of your infections. If you still wish to try cleaning, please do the following.
Be mentally prepared that this cleaning process may not be able to fully return your system to a healthy state as it is possible some system files have been corrupted or damaged in the process of your infections.

You may wish to copy and paste these instructions on notepad for easier reference later.

Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

Also download my attachment "hjt fixes.txt" and save it on your desktop.

Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE

  1. Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Remote Procedure Call System(kbfz)
    Fax 2Client
    System Event Notification SENSWZCSVC


  2. Go to start > run and type msconfig. Press the enter key.
    Search for the following services and disable them from startup by unchecking them. Click Ok but do not restart your system yet.

    upxdnd
    MsIMMs32
    Microsoft Autorun1
    AVPSrv
    TIMHost
    Kvsc3
    svchost
    System
    runner1
    cmdbcs
    mhsa
    tlsa
    KVP
    MS Reporter(dont disable)
    visin


  3. Go to start > Control Panel > Add and Remove Programs.
    Remove anything related to the following:

    WinPop

  4. After that, run HijackThis and open the "hjt fixes.txt" that you downloaded earlier from my attachment. Fix all the entries listed within that file, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    Close HJT.

  5. Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.

    CFScript.gif


    This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

  6. Reboot into normal mode and rehide your protected OS files.

Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of sublime487 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back