Virus/malware help

Status
Not open for further replies.

lord gore

Posts: 7   +0
I have a problem with my toshiba laptop.
Whenever i connect to the internet, after a few seconds the laptop freezes as in i cannot open any software but the windows that are already open work normally, i think it is some virsu...
Any help will be greatly appreciated!
 
Vundo to be removed - good luck

Hi,
YOUR MBAM file reports several infections with vundo.
Why did you not remove it?
First step to protect your system: Apply 8-steps cleaning procedure.
I did it on my own and it worked very effective
 
suedschwede, I just left a reply to you on another thread telling you to go through the malware removal steps then post your logs for review.

Please don't tell a poster to do this on their own. The logs need to be reviewed, inappropriate entries need to be removed and occasionally, additional program need to be run.

lord gore, your Mbam, log shows this: (Trojan.Vundo) -> No action taken

This means you did not foollow the dirtection in Malwarebytes to * Make sure that everything is checked, and click Remove Selected.

Please update and run Malwarebytes again, with everything checked.
Your HijackThis log also has numerous entries to be removed. But you need to run SuperAntispyware taking care to check for removal also, AFTER MalwareBytes, then scan with HijackThis again.

You should follow the Steps here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Please attach all three logs
 
Okay, we have some work to do!

Please re-open HiJackThis and click on System Scan Only. Check the boxes next to all the entries listed below.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
(NOTE: If you have set up your home page to come up blank, leave this entry. If you have not, check the box for removal)
O2 - BHO: (no name) - {35D021EC-EED3-46B9-892E-BDBF412A4942} - (no file)
O2 - BHO: (no name) - {E49E9F3D-BB3C-4165-BB8C-9DA169A87B69} - (no file)
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - (no file)
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - (no file)
O20 - Winlogon Notify: cbXRIbAp - cbXRIbAp.dll (file missing)
O20 - Winlogon Notify: pnmoylll - pnmoylll.dll (file missing)
O20 - Winlogon Notify: vicsguuy - vicsguuy.dll (file missing)
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\mohsin\My Documents\My Pictures\128157190307_0_BG.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\mohsin\My Documents\My Pictures\262977190307_0_BG.jpg
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\mohsin\My Documents\My Pictures\592977190307_0_BG.jpg
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into Safe Mode.

Stsrt> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK any entries for:
Trend Micro Security Suite and/or any components, in particular Transaction Protector> Apply> OK

Control Panel> Add/remove Programs> UNINSTALL Trend Micro Security Suite and/or components.

To remove the 024 Desktop entries:

Start> Control Panel> Display> Desktop> Customize Desktop> Web tab> uncheck and delete everything you find in there (except for "My current home page")> Also remove the check mark from the the Lock Desktop Items box if it is checked> Apply> OK> Close.[/QUOTE]

Reboot into Normal Mode: NOTE: You will get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup.

Note re Transaction Protector:These entries appear to be left over from Trend Micro PC-cillin Internet Security Pro . They are not configured correctly and the program needs to be completely uninstalled,
O2 - BHO: TransactionProtector BHO> Wi-Fi Advisor: Checks the credibility and legitimacy of Hotspots and Wi-Fi networks.
O3 - Toolbar: Transaction Protector > Keystroke Encryption :scrambles the identity of your keystrokes using Local SSL technology, protects you from keystroke recording programs.
Please download ComboFix from HERE

With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

• Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run HijackThis again and attach new log and ComboFix report.

Please verify the following:
Did you set these proxies up?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.emirates.net.ae:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = proxy1.emirates.net.ae:8080 <local>
Is this your ISP?
O17 - HKLM\System\CCS\Services\Tcpip\..\{23DF50E9-62C1-41A5-9321-514204E2F871}: NameServer = 213.42.20.20,195.229.241.222
netname: ETISALAT-IANDES-EMIRNET
descr: Emirates Telecommunication Corporation
descr: P.O. Box 1150, Dubai, UAE
country: AE
 
It just became worse. After I installed combofix last night, today morning the laptop won't work... At times it gets stuk on the startup screen( user account selection screen) as in if I click on my account it will just keep loading and sometimes it starts but then nothing works, I can't even open notepad, and so I am replying to u via my mobile. Please help me out and keep in mind I can't connect to the internet from my laptop. Thank you very much.
 
Uninstall Combofix
* Click START then RUN
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter.

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

Let me know the status after removing ComboFix.
 
ok its alright now. i rolled back the chnages from system restore and its working normally but i wasnt able to uninstall combofix. if i type combofix /u it just start combofix. i feel there is more virus in this laptop because the laptop freezes randomly whenever i m connected to the internet.
And thanks a lot everyone, greatly appreciated your help.
 
I'm sorry you used System Restore. You will have infected the system all over again and undone what was previously done to clean it! Malware gets in the restore points. they are protected files and the cleaning programs don't remove them. We have people drop all their old restore points after the system is clean.

Would you like to start over> If so, do this:

Download OTCleanIt HERE & save it to your desktop.
Double click on OTCleanIt.exe.
Click on CleanUp!.
It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).
You will receive a prompt that it needs to restart the computer to remove the files>
Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
This will remove the cleaning programs.

Then start HERE.

Attach the new logs when through.
 
Status
Not open for further replies.
Back