Another Trojan Downloader problem

G

generalataris

Posts: 7   +0
OK folks, I'm at my wit's end.

I have the notorious virus that causes all kinds of warnings against Spyware and tries to get me to buy all kinds of software. I also have had my background changed on the desktop.

I have been reading this board as much as I can and run as many of the scans as I could get my hands on.

I've run the Malwarebyte's, I've run the ComboFix, I've run SmitFraud Fix, and several others.

I have yet to get rid of the problem. In fact, just out of curiosity, after using Malwarebyte's and removing all the infected files, I ran it again, and instantaneously there were dozens of more infections.

What can I do folks? A little background here... I'm not exactly computer savvy, so try and be a simple as you can!

thank you SO MUCH for whomever can help me.
 
Bringing this to the top

I know that this has probably been overplayed on this board lately, but could anybody help me?
 
we need the logs please attach the following into this thread using the attach icon above your reply.

1)C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
2)C:\Combofix.txt
3)A Hijackthis log ran after the others
 
OK, here we go

Blind Dragon, thanks for your help, first off.

OK, I first ran MBAM, then tried Combo and Combo would NOT run, despite multiple tries. I then ran HJT.

Here are the logs for BMAM and HJT.

THANKS FOR HELPING ME OUT
 
K, please run MBAM again, as when there are this many infections it will sometimes pick up more on a second run.

Here is the substitute for Combofix:

Please download Deckard's System Scanner (DSS and save it to your Desktop.
DISCONNECT FROM THE INTERNET...REMOVE THE PLUG FROM THE BACK OF THE COMPUTER

Close all other windows before proceeding.

This means TURN OFF ALL other security programmes.
Norton Anti-virus, AVG Anti-spyware or any other security programmes you`re running.

Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please attach the main.txt and extra.txt in your next reply.

Re-enable your security programmes and reconnect to the net.
 
Please don't bump your thread unless you go 24 hours without response, I get an email every time you post, as you may have noticed these forums are extremely busy, I literally get over 100 emails a day, and I am volunteering my time, so please be patient with me.

Your heavily infected and it will take me a little bit of time to go through the logs. Especially since combofix wont work, it is going to take a little long.

Thank you for understanding. I am not ignoring you.
 
I apologize

Wasn't aware of that.

Wasn't trying to be impatient. This is my work computer, so I got a little ancy.

Again, I'm sorry, and I appreciate your help.
 
Greenville

Greenville is a lovely place to live, although there are some things with this district that do bother me.

The district office and administration tends not to be very big on discipline, which causes some problems. It's also a huge district...one of the 50 biggest in the country I believe.

All in all though, I like working here.

Why? Are you from the area? Looking to relocate?
 
Haha, no. I saw in your log that you had a proxy override pointing there, and that you connect through them. Just wanted to be 100% sure that you knew of it.

Go ahead and follow these, then attach the requested logs

OK. First of all only use internet explorer if you absolutely have to: Here are 2 more secure browsers to choose from
1)Firefox -> http://www.mozilla.com/en-US/firefox/
2)Opera -> http://www.opera.com/


Next, these people who write malware love to exploit old versions of Java

Update your Java Runtime Environment
  • First try going to Start -> Control Panel -> double click Java
  • Select the Update Tab at the top of the Java console
  • Click the Check for Updates button at the bottom
  • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
  • After it installs the newest version Go back to Control Panel -> Add/remove programs
  • Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.
  • Click the following link
    Java Runtime Environment 6 Update 5
  • The 4th option down is the one you want (click Download)
  • Check the box to agree to terms of service
  • Check the box for your operating system and click 'Download selected'at the bottom
  • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
  • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder



You might want to copy and paste these instructions into a notepad file, and save it to your desktop. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Run Hijackthis and Select Do A System Scan Only
Put a check mark next to the following entries:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {b1f03258-1dd1-11b2-844a-d95ac99666f6} - C:\WINDOWS\fqzqhcba.dll
O4 - HKLM\..\Run: [wnqnofst] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\wnqnofst.dll"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\mdmoore\LOCALS~1\Temp\ie.exe
O4 - HKCU\..\Run: [oxayylla] C:\WINDOWS\system32\ujwzcfkn.exe
O4 - HKLM\..\Policies\Explorer\Run: [B3p53h54g3] C:\Documents and Settings\All Users\Application Data\abcjivyx\ezaxydkh.exe
O4 - HKCU\..\Policies\Explorer\Run: [B3p53h54g3] C:\Documents and Settings\All Users\Application Data\abcjivyx\ezaxydkh.exe

Select Fix Checked

Close Hijackthis

Show hidden files through windows explorer
  • Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
  • On the Tools menu in Windows Explorer, click Folder Options.
  • Click the View tab.
  • Under Hidden files and folders, click Show hidden files and folders and Turn Hide protected operating system files off.

Use Windows Explorer to navigate to and delete the following files:

Files:
C:\WINDOWS\system32\wmsdkns.exe <-This file only
C:\WINDOWS\fqzqhcba.dll<-This file only
C:\Documents and Settings\All Users\Application Data\wnqnofst.dll<-This file only
C:\Documents and Settings\mdmoore\LOCALS~1\Temp\ie.exe<-This file only
C:\WINDOWS\system32\ujwzcfkn.exe<-This file only

Folders:
C:\Documents and Settings\All Users\Application Data\abcjivyx<-This folder only

Restart your computer into normal mode

Run a new scan with Hijackthis and attach the log




Download and Install SDFix
  • Download SDFix and save it to your Desktop.
  • Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

Run SDFix
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  • Attach Report.txt back here
 

Similar threads

midian182
Report: 19-year-old DOGE team member "Big Balls" provided network support to cybercrime gang
3 4 5
Replies
105
Views
2K
godrilla
godrilla
A
Someone tried, and mostly managed, to run Linux in an Excel spreadsheet
Replies
3
Views
87
Amamoh
A
midian182
Microsoft is introducing AI agents that can change your Windows settings
Replies
16
Views
149
BobHome
B

Latest posts

Back