Trouble with attachments

[familyman14]

I have trojan viruses and malware and ran through all the steps suggested. The problem I am having is everytime I try to upload the HJT, AVG AND COMBOFIX FILES my computer freezes and closes the page. I s there another alternative or should I just keep trying?

 

[howard_hopkinso]

Given that you`re having difficulty with attachments, you can copy and paste them, even if that means making multiple posts. I will delete them once I`ve finished with them.

Regards Howard

This thread is for the use of familyman14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[familyman14]

no rootkits have been found.

Still getting popups and computer freezes. Thank you for your time.

 

[howard_hopkinso]

Delete all files in AVG Antispyware quarantine.

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::
C:\WINDOWS\io43mvuiw4kj.exe
C:\WINDOWS\system32\gvkxnmqd.dll
C:\windows\ALCXMNTR.EXE
C:\WINDOWS\system32\jyoshaym.dll
C:\WINDOWS\system32\oimmaheb.ini
C:\WINDOWS\system32\behammio.dll
C:\WINDOWS\system32\ljjheeb.dll.vir
C:\WINDOWS\system32\dqmnxkvg.ini
C:\WINDOWS\system32\xpiqrtei.dll
C:\WINDOWS\system32\nkuclhgx.dll
C:\WINDOWS\system32\hfcbmsug.dll
C:\WINDOWS\system32\gusmbcfh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\tmp.txt
C:\WINDOWS\system32\ilxiapmq.dll
C:\WINDOWS\system32\dgjiclro.ini
C:\WINDOWS\system32\orlcijgd.dll
C:\WINDOWS\system32\pwjlybbs.exe
C:\WINDOWS\system32\slckqcgg.ini
C:\WINDOWS\system32\gvteyeew.exe
C:\WINDOWS\system32\rkwthjhk.ini
C:\WINDOWS\hg173.exe
C:\WINDOWS\df87173.exe

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BB872B8-B3F3-4F7B-973E-046FAFB7C96D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85C31F31-179E-4CE1-BC89-37DA01558F69}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8d85642d-2673-49b3-bb3c-5a1e84f2c359}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A24718C2-CE0C-4B2B-B8D1-7EA3DAD123E5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDC36AE9-1E46-478A-A9DD-4305284AE344}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
"d836a088"=-

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Please try and post the log files as attachments if you can.

Regards Howard

This thread is for the use of familyman14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[familyman14]

new HJT And combofix

When computer rebooted my antispyware and virus program started up as combofix was preparing log. I dont know know if they screwed up the results at all.

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

io43mvuiw4kj.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)

O4 - HKLM\..\Run: [io43mvuiw4kj] C:\WINDOWS\io43mvuiw4kj.exe

O4 - HKLM\..\Run: [d836a088] "rundll32.exe" "C:\WINDOWS\system32\gvkxnmqd.dll",b

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\WINDOWS\io43mvuiw4kj.exe
C:\WINDOWS\system32\gvkxnmqd.dll
C:\qoobox

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT and Combofix logs.

Regards Howard

This thread is for the use of familyman14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[familyman14]

new hjt and combofix logs

I can feel that big ball of stress in my chest shrinking.

 

[howard_hopkinso]

All clean.

Click start/run and type combofix /u into the run box and hit the enter key. That should delete Combofix and all it`s folders etc.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of familyman14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[familyman14]

Thank You So Much!!!

You ''effin'' rock Bro! Thank you . I wanted to hurt somebody:evil: . Lol.:haha: Now I can breathe easy again. Wow. Have a great holiday.

This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

Only the original thread starter can do this. Anyone else, will be ignored.