TCPIPMON.exe final steps of removal

Status
Not open for further replies.
G

Gateway3018

My laptop got infected with the tcpipmon.exe with all normal symptoms (http://www.adwareaway.net/tcpipmon.htm.

Followed the Viruses/Spyware/Malware, preliminary removal instructions-steps, and it looks like i got rid of a lot of stuff. Here are four logs, and I would apreciate it if someone could take a look.

-Gateway.
 
Hello and welcome to Techspot.

Unfortunately, I have removed your .doc files due to the risk of viruses.

Please read this thread HERE, then post the logfiles as either .log or .txt files.

Regards Howard :wave: :wave:

This thread is for the use of Gateway3018 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Haha, my bad.. Didn't see the "not" in the instructions.. (Please note: HJT and any other logs must not be posted as .doc files. This is due to the risk of viruses etc.)

Here they are as .txt
 
Hi,

I noticed that your AVG log displays 'No Action Taken' for all the files detected.

I suggest you run AVG again and quarantine the files. Pictorial instructions HERE.

Also, you are running an outdated version of HijackThis.

Please go to this thread HERE.

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

mmemilon.dll
PictureViewerEXE.scr
PictureViewer .EXE

After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\mmemilon.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close HJT.

Navigate in Windows Explorer and delete the following files and folders in bold.
C:\WINDOWS\system32\mmemilon.dll
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\hhkmp.bak2
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\pmkhh.dll.vir
C:\WINDOWS\system32\nnnlmkl.dll.vir
C:\WINDOWS\PictureViewerEXE.scr
C:\Programfiler\PictureViewer .EXE

Reboot into normal mode and rehide your protected OS files.

Thereafter, please post a fresh updated HJT, ComboFix and AVG Antispyware log from normal mode as an attachment into this thread.


Regards,
Your friendly Momok =)
 
I have now done the following (my actions in purple):

mmemilon.dll NOT FOUND
PictureViewerEXE.scr UNINSTALLED
PictureViewer .EXE UNINSTALLED
(pictureviewer was a hopeless program i uninstalled recently)

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\mmemilon.dll (file missing) FIXED
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) FIXED

C:\WINDOWS\system32\mmemilon.dll NOT FOUND
C:\WINDOWS\system32\tmp.reg DELETED
C:\WINDOWS\system32\hhkmp.bak2 DELETED
C:\WINDOWS\system32\hhkmp.ini2 DELETED
C:\WINDOWS\system32\hhkmp.bak1 DELETED
C:\WINDOWS\system32\pmkhh.dll.vir DELETED
C:\WINDOWS\system32\nnnlmkl.dll.vir DELETED
C:\WINDOWS\PictureViewerEXE.scr NOT FOUND
C:\Programfiler\PictureViewer.EXE NOT FOUND

I also found hhkmp.ini2 and hhkmp.tmp. What do I do with theese?

(didnt understand if you wanted the hjt-log from safemode or normal, so I made two.)
 
Hi,

Please delete those two files too. (from safe mode with all files and folders shown. Don't forget to rehide them after that.)

Your logs look pretty clean now.

Turn off system restore (XP/ME only). Learn how to do that HERE.

This will remove all the remaining nasties from your old restore points.
After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly Momok =)
 
thanks a bundle..

(yes, I know how I got into this mess.. i was looking for serial keys for a game, and I found them.. ..and a little "something" from the person who put them up)

I promise to behave from now on. again, thank you for your help.
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
A security firm hacked malware operators, locking them out of their own C&C servers
Replies
1
Views
509
Tran Bronstein
Tran Bronstein
S
Solved Windows Task Manager crashes after opening
2
Replies
32
Views
10K
Broni
Broni
apsts004
Solved My laptops got infected ?
Replies
6
Views
6K
Broni
Broni

Latest posts

Back