TechSpot

Virus Troubles - Am I virus free?

By JuliusCaesar
Oct 18, 2009
  1. Today I got a virus, it was some sort of fake security virus.I don't recall the name, but it was pretty serious. It completely shut down MBAM, wouldn't let me use Spybot S&D, and made avast be sluggish. SuperAntiSpyware didn't detect anything. The first thing I did was disable my wireless connection, so the virus couldn't download anything more (I'm not sure how to re-enable it, but that could be dealt with once I am virus free.) I found some handy advice on the internet (different computer), started in safe mode, deleted a few files, rebooted and got rid of the program. SpyBot S&D now works (good thing I updated it just last night) and it got rid of 7 or so trojans, the usual suspects, FireWall Bypasser, ect. There's one virus that I can't seem to get rid of though. It is Virtumonde.sdn. I deleted it, ran another S&D scan, which took about an hour, but then I pressed something and it started a new scan. I don't want to wait another hour or so, although I will run another scan tomorrow. I just want to know, where is this virus? How do I remove it manually? Avast didn't detect anything, neither did SuperAntiSpyware. I think Malwarebytes was completely gutted by the first virus. I can't use it at all. I will run CC cleaner before I go to bed. Attached is the Hijack this log. Many thanks to whoever helps me.

    -Edit: I remember, the phony antivirus was called Security Tool. -
     
  2. JuliusCaesar

    JuliusCaesar TS Rookie Topic Starter Posts: 73

    I think I may have gotten rid of it by moving it to my flash drive, the trouble is that I believe the flash drive to be infected now...I used a micro SD card to transport the latest Hijackthis log, the computer is still not connected to the internet. Attached is the latest Hijackthis log, I would really appreciate some help.
     
  3. JuliusCaesar

    JuliusCaesar TS Rookie Topic Starter Posts: 73

    I connected to the internet, and then Avast caught a virus. I don't know why Avast isn't cathing whatever is causing the virus. I can't download MBAM either. Please someone help!
     
  4. JuliusCaesar

    JuliusCaesar TS Rookie Topic Starter Posts: 73

    The name of the file in which the virus is stored is called "geyozesa" I can't delete it, I have tried many things but it just comes back. S and D deletes it, it comes back. Super Anti Spyware says it's clean, and Avast! won't scan it for some reason. Again, I cannot use or download MBAM. This is the latest Hijack this log (attached)
     
  5. WinXPert

    WinXPert TS Guru Posts: 445

    Ok I have read the logs. I'll review it in-depth later. I'll see what I can do.

    [add'l]

    Launch Explorer
    Type this at the address bar:
    C:\Documents and Settings\All Users\Application Data\17603421

    E-mail me a copy of 17603421.exe. This is how you do it. ZIp it with a password 1234 and attach it.
     
  6. momok

    momok TS Rookie Posts: 2,265

    I suggest fixing these; they're all bad:

    O2 - BHO: (no name) - {2fc01d2a-bd29-44b0-bb3a-5b8b45054743} - rizepato.dll (file missing)
    O4 - HKLM\..\Run: [17603421] C:\DOCUME~1\ALLUSE~1\APPLIC~1\17603421\17603421.exe
    O4 - HKLM\..\Run: [hopepubisu] Rundll32.exe "lotakine.dll",s
    O20 - AppInit_DLLs: GRA~1\Google\GOOGLE~1\GOEC62~1.DLL sumonibe.dll c:\windows\system32\barihuye.dll,wavenimu.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O21 - SSODL: ruyayeyew - {33d38132-5d08-428d-b216-54aec7e1d936} - c:\windows\system32\barihuye.dll (file missing)
    O22 - SharedTaskScheduler: kupuhivus - {33d38132-5d08-428d-b216-54aec7e1d936} - c:\windows\system32\barihuye.dll (file missing)

    Are you able to run mbam and SAS after that?
     
  7. kritius

    kritius TS Guru Posts: 2,084

    @ WinXPert

    Get rid of your e mail address.

    @ momok

    There will be a patched windows file that may be blocking MBAM.
     
  8. momok

    momok TS Rookie Posts: 2,265

    Julius:

    Please download Combofix from HERE and save it to your desktop.

    Rename it to "momok.exe" and run it. Don't do anything else on your system during the scan.

    Post your log C:\combofix.txt back here after you're done with the scan.
     
  9. JuliusCaesar

    JuliusCaesar TS Rookie Topic Starter Posts: 73

    thanks, I will download it when I get home tonight. I will download the exe to a diff comp, and save it to my flash drive, which I will open on the computer, to avoid connecting that computer to the internet.

    note: When I turn on my computer, it displays a message that says something like "lotakine.dll has failed to initialize." I know that lotakine is a virus. Here is the combofix log:
     

    Attached Files:

  10. momok

    momok TS Rookie Posts: 2,265

    hi sorry for the late reply. your log is looking alot cleaner. are you facing any peculiar problems?

    Please download and run ATF Cleaner from HERE to clear your temp files.

    Next, run mbam again to let me see your fresh log.

    Then, please update your Java Run time environment here.

    Finally, please run an online scan with Kasperspy here and post back with the results.
     
  11. JuliusCaesar

    JuliusCaesar TS Rookie Topic Starter Posts: 73

    Hi, I will download the AFT Cleaner, but MBAM still isn't working, although I will try downloading it again. Do you think its safe to connect to the internet? Last time I did my comp downloaded a whole bunch of malware.

    -Edit- The "geyozesa" file still won't leave, and Spybot says that that is a trojan.

    ReEdit: After running AFT, I don't see geyozesa :) I will run a spybot s and d while I wait for your response.
     
  12. momok

    momok TS Rookie Posts: 2,265

    Are you able to run mbam after ATF?
     
  13. JuliusCaesar

    JuliusCaesar TS Rookie Topic Starter Posts: 73

    yay! I was able to install the file. I am still not connected to the internet, but I am running a full scan.
     
  14. momok

    momok TS Rookie Posts: 2,265

    Alright, thats good to hear. Do follow through with the steps i provided earlier before posting back with your results.
     
  15. JuliusCaesar

    JuliusCaesar TS Rookie Topic Starter Posts: 73

    here's the mbam log...
     

    Attached Files:

  16. JuliusCaesar

    JuliusCaesar TS Rookie Topic Starter Posts: 73

    the kapersky link isn't working, I get this message (I am of course online) :

    Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Key is expired]

    That was with internet explorer, it doesn't seem to work with Google chrome.

    Edit: grr... I thought I was virus free. See MBAM log

    edit: I think that got all of the viruses though.
     

    Attached Files:

  17. kritius

    kritius TS Guru Posts: 2,084

    Both those entries in MBAM are fine
     
  18. WinXPert

    WinXPert TS Guru Posts: 445

    Hi JC logs looks clean to me.
     
  19. JuliusCaesar

    JuliusCaesar TS Rookie Topic Starter Posts: 73

    I ran another scan, it's clean and I am virus free. Thank you so much for your help momok. Your suggestions really helped, thanks to everyone else as well. I will in turn try to help others with computer problems on this site (the more simple problems.)
     
  20. momok

    momok TS Rookie Posts: 2,265

    Kritius is right on the 2 files in your mbam. One belongs to the quarantine folder from combofix, and the other is your system restore point.

    Your looking good to go, please go to start>run> combofix /u
    Then go to system restore, disable then enable it again. This will clear your previous restore points and the nasties residing in them.
     
  21. kritius

    kritius TS Guru Posts: 2,084

    ComboFix /Uninstall

    This is the new switch
     
  22. momok

    momok TS Rookie Posts: 2,265

    ah ok thanks for the heads up!
     
  23. JuliusCaesar

    JuliusCaesar TS Rookie Topic Starter Posts: 73

    Thanks, I followed your instructions. Thanks for all your help, I will try to help with some of the more simple problems on this site if I can. Can you recommend a good firewall? I was using Windows Firewall, which isn't so good.
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Here are two software firewall recommendations> both good, both free> use only one!:wave:

    I recommend either of these software firewalls.- both are free:
    You should have only one software firewall. You may also use a router. Most routers have a hardware firewall in them. You can use both hardware and software firewalls together, but use only one software firewall.
     
  25. JuliusCaesar

    JuliusCaesar TS Rookie Topic Starter Posts: 73

    Avast Keeps detecting viruses, I am installing comodo, I will then run MBAM and attach log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...