TechSpot

The first problem was "personal security" malware

By marygg
Feb 28, 2010
Topic Status:
Not open for further replies.
  1. Then I discovered a problem with IE. Today I managed to get that fixed, downloaded the scans and here they are. Please help.
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I wish you had given more of a description.

    You have Adware.180solutions/Seekmo.Process active on the system.
    4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.431.0\SeekmoSA.exe"
    C:\Program Files\Seekmo\bin\10.0.431.0\OEAddOn.exe ]

    You have some unknown processes running which need to be identified.
    O23 - Service: Sukoku Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku125.exe (file missing)

    You have the Foistware named AskBar which we recommend being removal
    You have O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Owner\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.431.0\SeekmoSA.exe"


    Rather than remove them individualls now, please do the following:

    • [1]. Please download ComboFix HERE:

      • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
        Important! Save the renamed download to your desktop.
      • Please disable all security programs, such as antiviruses, antispywares, and firewalls.
      • Double click on the setup file on the desktop to run
      • If prompted to download and install the Microsoft Recovery Console, Please allow.
        (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
      • If prompted to update, please allow.
      • Click on Yes, to continue scanning for malware.
      • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
      Notes:

      • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
        2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
        3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
        4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.
      Follow with: Run Eset NOD32 Online AntiVirus Scanner HERE
      • Tick the box next to YES, I accept the Terms of Use.
      • Click Start
      • When asked, allow the Active X control to install
      • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
      • Click Start
      • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
      • Click Scan
      • Wait for the scan to finish
      • Re-enable your Antivirus software.
      • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
      Run a new scan with HJT when finished and include the Combofix report, the Eset Scan log and new HJT log
     
  3. marygg

    marygg TS Enthusiast Topic Starter Posts: 135

    Thank you so much for the help. The required logs are attached to this note.
     

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Mary, in order to help you, I need for you to describe:
    1. What is/was the ""personal security" malware" issue?
    2. You got 'that' fixed- what was 'that' and how did you fix it.
    3. And you state that this is 'the first problem.'
    4. Then there was a problem with IE. What?

    I can do this at this point:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Processes	
      
      :Services
      Sukoku
      
      :Reg
      
      :Files 
      c:\program files\AskSBar
      c:\documents and settings\All Users\Application Data\Sukoku\sukoku125.exe
      c:\program files\Sukoku\sukoku.dll
      
      :Commands
      [purity]
      emptytemppp]
      [start explorer]
      [Reboot]
    • ReturtoOTMoveItt3t3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the redbMoveitttt![/b] button.
    • A log of files and folders moved will be created in the _OTMoveIttMovedFilessss folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • ClosebOTMoveItt3t3[/b]
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
     
  5. marygg

    marygg TS Enthusiast Topic Starter Posts: 135

    The "personal security" malware was popping up causing internet problems so I ran malwarebytes antimalware which got rid of it. Then I did the eight steps and tried to start a thread. I couldn't get the attachments page to open. I spent several hours trying to find the problem. I searched techspot and other sites. I did not do the obvious and google it. When I finally did, the instruction was to reset ie. After I did that, I could start this thread. I wasted a lot of time and energy. And I felt really dumb.

    The OTM log is attached. Should I have included hjt?
     

    Attached Files:

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Mary, addressing your reply: So the problem with IE was resolved by doing a reset. Please do this:

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the code below into it:

    Code:
    File::
    c:\documents and settings\All Users\Application Data\Sukoku\sukoku125.exe
    c:\program files\Sukoku\sukoku.dll
    
    Folder::
    
    Registry::
    
    Driver::
    
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]
    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at CComboFixitxtxt . Please attach to your next reply.

    Recanan wHijackthisthis and include new log.

    Are you actually experiencing problems now? If so, what.
     
  7. marygg

    marygg TS Enthusiast Topic Starter Posts: 135

    Not experiencing any problems. It's running like new. Scans are attached. Thanks.
     

    Attached Files:

  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, my bad! I left one entry out of the Fix:

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    
    Folder::
    
    Registry::
    
    Driver::
    Sukoku
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    Now you can remove the cleaning tools:

    AFTER doing the above:
    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]

    Remove all of the tools we used and the files and folders they created
    • DownloadOTCleanIt by OldTimer
    • Save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    The tool will delete itself once it finishes. If you are prompted to Reboot during the cleanup, select Yes.

    Remove all of the tools we used and the files and folders they created
    • DownloadOTCleanIt by OldTimer
    • Save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    The tool will delete itself once it finishes. If you are prompted to Reboot during the cleanup, select Yes.

    Let me know if I can be of more help.
     
  9. marygg

    marygg TS Enthusiast Topic Starter Posts: 135

    Thank you so much.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're welcome. I left one thing out- it's important:

    Set a new, clean Restore Point to prevent infection from any previous Restore Points.
    • Go to Start> All Programs > Accessories> System Tools
    • ChooseSystem Restore.
    • Choose "Create a Restore Point" on the first screen> click Next
    • Name the Restore Point> click Create.
    The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    To remove old Restore Points
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    Stay safe.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.