Autorun of outlook mail

[jessa_jr]

My outlook mail client is keep running whenever I open any application, it keeps poping-up. I know there's a malware autorun virus on my pc kindly help me.

Kindly help me attached is all the logs u needed I already finished all the instruction.

No rootkit found in the panda rootkit scan.

 

[Blind Dragon]

Interesting. Looks like an infection that could have been picked up from a removable drive. I would recommend scanning any removable drives that you have with Virus Scanners/ Anti spyware. Let's get this off your system though.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.

Download the file & save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

 

[jessa_jr]

combo fix log

Here's the log you've needed I hope you can reply to me asap thanks, I just want to ask is what is for the sp2 software boot disk that I've dowload.

 

[Blind Dragon]

Most likely you will never use it, but it is a good precaution to install it on machines that don't already have it.

How come you have already run Combofix 5 times Please attach here:
C:\ComboFix-quarantined-files.txt

I also noticed you started working on this problem the 26th of last month. Are you receiving help on another forum? If so we need to know so that our instructions don't conflict with each other.
----------------------------------------------------------------

Run CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)

File::
F:\krag.exe
F:\noteped.exe
F:\Recycled/dllcache32.exe
F:\3bqqnkd.bat
G:\3bqqnkd.bat
H:\3bqqnkd.bat
H:\SSCVIHOST.exe
C:\Windows\System32\bar311.exe
C:\Windows\System32\3bqqnkd.bat
C:\Windows\System32\tomskype.exe
C:\Windows\System32\krag.exe
C:\Windows\System32\SilentSoftech.exe
C:\WINDOWS\system32\affv208325p1now.sys

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{398dc92a-203d-11d7-8bac-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{572e273d-1dda-11d7-8b46-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76384f64-2e9f-11dd-8bda-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77604434-37b2-11dd-8bec-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78c81cac-26d7-11dd-8bc5-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c2ef5a7-d889-11dc-8b24-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9abfae3e-2695-11dd-8bc3-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a54f4fce-14c7-11dd-8b98-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a54f4fcf-14c7-11dd-8b98-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af91a0cc-1d74-11d7-8b44-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee6f3930-21b6-11d7-8bb7-00142a22f1fe}]

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

 

[jessa_jr]

re run combo fix

This is the fresh hjt and combo fix log.

I already run combo fix 5 times just because to get ease of the virus, I solve it on my own first and if the virus is still there I only ask in this forum.

Thanks for the reply... More power

 

[Blind Dragon]

We need to disable Teatimer function of Spybot or this won't work.

Disable Teatimer

• Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
• Open Spybot S&D
• Click on Mode at the top and make sure that Advanced is checked
• Expand the Tools tab in the left pane
• Single click on the Resident Icon also in the left pane
• Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
• Close spybot

-------------------------------------------------------

Only after you have disabled Tea timer can you proceed

Run CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)

File::
C:\WINDOWS\unins000.exe
C:\WINDOWS\unins000.dat
C:\WINDOWS\wintcpmngr.exe
C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\m ountpoints2\{398dc92a-203d-11d7-8bac-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\m ountpoints2\{572e273d-1dda-11d7-8b46-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\m ountpoints2\{76384f64-2e9f-11dd-8bda-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\m ountpoints2\{77604434-37b2-11dd-8bec-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\m ountpoints2\{78c81cac-26d7-11dd-8bc5-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\m ountpoints2\{7c2ef5a7-d889-11dc-8b24-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\m ountpoints2\{9abfae3e-2695-11dd-8bc3-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\m ountpoints2\{a54f4fce-14c7-11dd-8b98-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\m ountpoints2\{a54f4fcf-14c7-11dd-8b98-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\m ountpoints2\{af91a0cc-1d74-11d7-8b44-00142a22f1fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\m ountpoints2\{ee6f3930-21b6-11d7-8bb7-00142a22f1fe}]

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

 

[jessa_jr]

combo fix log

attached is the cflog

 

[Blind Dragon]

Backup your regsitry
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

• regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.


Making a .reg file
Open notepad and copy and paste the text in the quotebox below in it: Remove the space in the word mountpoints before saving

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{572e273d-1dda-11d7-8b46-00142a22f1fe}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{584b7609-d31d-11dc-8b09-00142a22f1fe}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76384f64-2e9f-11dd-8bda-00142a22f1fe}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77604434-37b2-11dd-8bec-00142a22f1fe}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78c81cac-26d7-11dd-8bc5-00142a22f1fe}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c2ef5a7-d889-11dc-8b24-00142a22f1fe}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9abfae3e-2695-11dd-8bc3-00142a22f1fe}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a54f4fce-14c7-11dd-8b98-00142a22f1fe}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a54f4fcf-14c7-11dd-8b98-00142a22f1fe}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af91a0cc-1d74-11d7-8b44-00142a22f1fe}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee6f3930-21b6-11d7-8bb7-00142a22f1fe}]

Name the file as Fix.reg

Change the "Save As" type to "All Files" and save it on the desktop.

It should look like this:

Double-click on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

 

[jessa_jr]

what will i do next

What will I do next I just finished your instructions.

 

[Blind Dragon]

Run me another log with combofix, so that I can check if we successfully moved those entries

 

[jessa_jr]

cflog

attached is the log

 

[Blind Dragon]

Looking much better, are you still having issues with outlook?

Please follow up with kaspersky

Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply