TechSpot

PC infected with something

By Neonfxp
Mar 29, 2008
  1. Hi guys im having a problem with my pc.Every now and then i get popups about trojandonloader.xs and abebot these come as security warnings and when i click the popup it takes to a page of recommended antispyware programs.i have tried various apps to remove it but nothing seems work.I have read a few posts on your forum and as a result have added my hijackthis log

    I would really appeciate your help with this..anything else you need let me no and ill get it

    Thx for ya time
     
  2. kritius

    kritius TS Guru Posts: 2,084

    Hello Neonfxp, and welcome to the forums.

    My name is kritius and I'll be glad to help you with your malware and virus problems.

    First you must understand that working a HijackThis log can take some time to research, so please be patient. I know that you need
    your computer working as quickly as possible, and I will work hard to help see that happen.

    Please be patient and I'd be grateful if you would note the following:
    • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.
     
  3. Neonfxp

    Neonfxp TS Rookie Topic Starter

    Great thx for taking the time to help.
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Please follow these tasks in the order they are given,

    Fix entries using HiJackThis
    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKCU\..\Run: [jarkekoc] C:\Windows\system32\jifwlkrk.exe
    O4 - HKCU\..\Run: [lajkxitf] C:\Windows\system32\jwfuhknk.exe
    O4 - HKLM\..\Policies\Explorer\Run: [yKSVmdiGm4] C:\ProgramData\zixyxwpq\hcdarmlc.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    Delete Files and Folders

    Delete these files form safe mode. See how to boot into Safe mode HERE.
    ***DO NOT USE MSCONFIG TO BOOT INTO SAFE MODE***

    • Right Click on the start button and chose explore
    • Show all hidden files and folders, see how HERE
    • Navigate to the following files and folders and delete them(if still present)
    C:\Windows\system\wcdvtray.exe<---------This File
    C:\Windows\System32\jifwlkrk.exe<---------This File
    C:\ProgramData\zixyxwpq<---------This Folder

    • Empty the recycle bin.

    Let me know if they cannont be deleted.

    Reboot into Normal mode for the remaining tasks.

    Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach the log into your next reply.
    • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Create an uninstall list
    • Launch Hijackthis
    • Click the Open the Misc Tools section button
    • Click the Open Uninstall Manager button.
    • Click the Save list button.
    • Copy and paste this log into your next reply

    Run HijackThis again and post a fresh log.

    So in your next post you should have,
    1)malwarebytes log
    2)HijackThis uninstall list
    3)Fresh HijackThis log


    This thread is for the use of Neonfxp only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Neonfxp

    Neonfxp TS Rookie Topic Starter

    thank you kritius for the reply i have followed your instructions and heres the logs you requested
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...