PC infected with something

Status
Not open for further replies.
Hi guys im having a problem with my pc.Every now and then i get popups about trojandonloader.xs and abebot these come as security warnings and when i click the popup it takes to a page of recommended antispyware programs.i have tried various apps to remove it but nothing seems work.I have read a few posts on your forum and as a result have added my hijackthis log

I would really appeciate your help with this..anything else you need let me no and ill get it

Thx for ya time
 
Hello Neonfxp, and welcome to the forums.

My name is kritius and I'll be glad to help you with your malware and virus problems.

First you must understand that working a HijackThis log can take some time to research, so please be patient. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
 
Please follow these tasks in the order they are given,

Fix entries using HiJackThis
  • Launch HiJackThis
  • Click the Do a system scan only button
  • Put a check next to the entries listed below
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [jarkekoc] C:\Windows\system32\jifwlkrk.exe
O4 - HKCU\..\Run: [lajkxitf] C:\Windows\system32\jwfuhknk.exe
O4 - HKLM\..\Policies\Explorer\Run: [yKSVmdiGm4] C:\ProgramData\zixyxwpq\hcdarmlc.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis
  • Reboot HijackThis if necessary

Delete Files and Folders

Delete these files form safe mode. See how to boot into Safe mode HERE.
***DO NOT USE MSCONFIG TO BOOT INTO SAFE MODE***

  • Right Click on the start button and chose explore
  • Show all hidden files and folders, see how HERE
  • Navigate to the following files and folders and delete them(if still present)
C:\Windows\system\wcdvtray.exe<---------This File
C:\Windows\System32\jifwlkrk.exe<---------This File
C:\ProgramData\zixyxwpq<---------This Folder

  • Empty the recycle bin.

Let me know if they cannont be deleted.

Reboot into Normal mode for the remaining tasks.

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please attach the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Create an uninstall list
  • Launch Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager button.
  • Click the Save list button.
  • Copy and paste this log into your next reply

Run HijackThis again and post a fresh log.

So in your next post you should have,
1)malwarebytes log
2)HijackThis uninstall list
3)Fresh HijackThis log


This thread is for the use of Neonfxp only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back