Can't complete the 8 steps

[Calinks]

Hello fellas. Don't know what happened over the past couple of days but my PC is a mess. I got serious pop up issues and problems and nothing seems to work. I decided to seek you guys out and I started the 8 steps earlier today.

After about an hour into the Malwarebytes' Anti-Malware and SuperAntiSpyware programs my screen goes all blue and I get a message saying that Windows is shutting down and dumping memory or something. The screen is locked on this and there is nothing can do but restart my PC. I can't even finish the 8 steps right now it seems. What should I do?

Ok I got an update. I decided to try running all of my programs offline. I wasn't sure if that message was bogus or not because it only popped up when I was running anti-virus programs. I unplug all Internet connectionsions and ran AMalwareware and Super ASpywareware again and they went through. I'm going to try and complete the other steps offline as well.

Ok I was able to complete everything. I see some improvements already but I am sure there is some craziness lurking around my PC somewhere. Earlier I couldn't navigate the internet, it was as if I was being blocked. Here are the attached scans.

Anti-Spyware didn't detect anything on it's last run but I have had it run before that, it was just never able to complete. I canceled once about 40 minutes in to delete what I could before my computer told me to restart. I can find attach one of those older logs as well if they will help.

 

[cubyong]

ow, nasty vundo trojan you got there. well, you did not take any actions with MBAM which you should. Remove those threats, run scans again and then post logs. After that, you just need to wait before someone more professional will help you using combofix and sdfix.

 

[Calinks]

Do I have to run MBAM and scan again to take action?

Thanks for the help, this thing has been pretty bad!

Ok I have run everything again. I did it offline and it worked again. Here are my logs.

 

[kimsland]

How attached are you to Norton Antivirus?
I ask this because some users say they just paid up their subscription.
But sadly this Antiirus is not one of the better ones, and generally slows users computers down
Think of it this way, it didn't even protect you this time. (not uncommon, for the worst Antivirus ever made)

Anyway, here's what I'd suggest


Uninstall Symantec (Norton) Antivirus
Run the Norton Removal tool

Run Startup Control Panel and remove any not required startups: (should be most!)

Install Avira free AntiVirus

* Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
You need to run this multiple times, until all hidden Malwares are uncovered and removed

* Now I say Malwarebytes again (3rd time) only because, whilst Avira Antivirus is protecting you it is likely that during the Malwarebytes scan, Avira will also detect and remove Viruses as well (the ones that Norton missed )

Anyway, how does that sound

 

[Calinks]

I got Norton for free through school but I have never really been a huge fan of it. I'm not attached, if you guys suggest something else and its free I'll move on. I'm going to bed now but I'll follow your suggestions tomorrow. Thanks again for the help. I hope to nip this in the bud!

 

[cubyong]

well for me, i'm using avast! for my anti-virus. i also have SAS, MBAM, ad-aware anniversary ed. and threatfire. avira is good as well but don't bother with avg, it's not as good. had one before and i didn't like it at all.

 

[Calinks]

OK so I dumped Norton and got avira. I ran avira and Malwarebytes again. My malwarebytes seems to have exited out? Avira found some threats, I didn't know what I should have done with them. Delete? Deny access? What should I choose? I denied most and deleted some. Here is the report.

 

[kimsland]

Quarantine would be the word

Well among the ones removed, here was one of them:

C:\WINDOWS\system32\userinit.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!

Incredible that Norton would miss such a big one as that.

Anyway, how does it seem to be performing now?

 

[Calinks]

Well things are certainly better. My Malwarebytes just popped up out of nowhere with a finished scan. I started running it earlier today and didn't know where it went but here it is. I attached the log. It found 3 more so I assume I should scan again?

Also, my PC has been much better since the initial scans but I can still tell something is amiss. Some google links take me to different sites, I haven't seen any of this since I got home today after these two latest scans but I haven't tried anything online.

And yes, Norton is looking pretty sorry right now. It missed a bunch a stuff. It's like having Yao Ming try to defend Tony Parker on the perimeter, everything gets by.

I just got a message saying that some Windows files have been deleted and that I should insert Window XP again. Should I do it?

 

[kimsland]

sorry for the wait -> Yes

 

[Calinks]

Ok for some reason the XP CD seems to have vansihed so I am having trouble locating it. I'll post again after I have found it and run the programs again.

Ok if I can't find the cd would a system restore work?

 

[kimsland]

Try pressing ok to allowing Windows setup CD to be run (which you don't have)
Then try ok again, and you then might be able to browse

Browse to either:

C:\WINDOWS\Driver Cache
or
C:\WINDOWS\ServicePackFiles

Both these folders contain the i386 folder, where hopefully the missing Windows files exist

 

[Calinks]

Try pressing ok to allowing Windows setup CD to be run (which you don't have)
Then try ok again, and you then might be able to browse

Browse to either:

C:\WINDOWS\Driver Cache
or
C:\WINDOWS\ServicePackFiles

Both these folders contain the i386 folder, where hopefully the missing Windows files exist

Ok well my options right now are retry/More information/cancel

and I can get to the i386 folder right now.

I can currently browse anything I want. I don't know which file is missing though.

 

[kimsland]

Well after Retry Retry Retry usually you are given the option to browse (not always (actually I thought it was ok ok, but can't remember, as I have my CD !)

XP Home: http://www.newegg.com/Product/Product.aspx?Item=N82E16832116511
XP Pro: http://www.newegg.com/Product/Product.aspx?Item=N82E16832116515


You can even contact MS and state your CD is damaged or missing, to get a new one
(but you need the authentic key of course, for your specific version).


There is also the possibility that you have a Restore CD (which may not look like the original Xp Setup CD)
Or you could contact your computer hardware manufacture to have this Restore CD replaced (or sold back to you)

Or you could have a hidden partition on your HardDrive holding the "image" of Windows Xp
Usually being accessed by some Function button (best to contact the hardware manufacture on this too)
Or you could download Gparted live BootCd and check if you possibly have this "hidden partition"

 

[Calinks]

Ok, I'm going to keep searching but if I can't find it I have another option. About 7 months ago I bought a discounted Windows vista through my university. I was going to install it but never did because I felt like I didn't need it. Well now sounds like it might be a good time to upgrade lol. But of course with the malware stuff going on I'm not sure if I should or not. What do you think?

Avira also said something like if a file is deleted it can bring it back. I think whatever file my windows is missing got erased when I hit delete on the avira clean. Can I reverse that?

 

[kimsland]

Well I don't want two emails everytime you post
It takes longer for me to reply trying to sort through it, I get about 100 emails a day, so you may be able to respect that. Use Edit if your post is still the last post in the thread

Anyway, what I'd do in your case is backup by using a live boot CD like UBCD (you can back up to USB flash or CD or DVD

Then load the Vista disc and wipe everything

 

[Calinks]

Sorry about that. I thought that maybe you wouldn't see my replies if I simply hit edit. Now that i know you can still see that I posted again I will edit my current post. Ok. I'll let you know when something comes up. Again thank you so much for the help.

Ok, new update.

Someone suggested that i re-install windows SP3 and that should fix the problem. I did and my error message went away so I think that problem is solved now.

I ran the scans again and here are the logs.

 

[kimsland]

Well it didn't fix it exactly. You have "Netsky" infection

Start up HJT scan, and tick the following 3 entries:
Then select Fix

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [riyijohamo] Rundll32.exe "C:\WINDOWS\system32\zejidefu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [riyijohamo] Rundll32.exe "C:\WINDOWS\system32\zejidefu.dll",s (User 'NETWORK SERVICE')

Then restart to Safe Mode and locate: zejidefu.dll
An easy way to find this, Start->Run-> C:\WINDOWS\system32
Then go all the way to the bottom, and find zejidefu.dll and right click on it and select delete

Restart to Normal mode again
Download the Netsky removal tool: http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FxNetsky.exe
More info here: http://www.symantec.com/security_response/writeup.jsp?docid=2004-021816-1759-99

Disable System Restore:
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Then run the removal tool

Report back on findings

 

[Calinks]

Alright, I went into safe mode but the zejidefu.dll file was no where to be found. I even did a search for it and nothing came up. After that I didn't do your next step, I just came back here. Should I still do the next step or do something else?

 

[kimsland]

Yes, please continue on
Also it is possible that file was hidden, ie when doing a Search did you search hidden and system files too? (anyway don't answer this, just run the tool)

Once done (if it finds and removes malware or not) you may need to all Windows Updates, to secure your system better

 

[Calinks]

Ok I ran it and it told me it didn't find anything. I hope it isn't hiding out and alluding the scan? what's this about Windows updates? What should I do next?

 

[kimsland]

Download Combofix
Lots of info on its use h e r e
Direct download h e r e

Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
ComboFix will also restart your computer (eventually) and then (eventually) create a log

Save this log file to be attached to a new reply

Also do another scan with HJT (scan and log file) and attach this to a new reply as well

Whilst waiting for my reply, you may want to re-open Malwarebytes; update it again; and then run another full scan (I'm thinking there may still be more uncovered malwares to remove) I would do this

 

[Calinks]

Alright ran the two scans, here are the results.

 

[kimsland]

ok good :grinthumb

To remove Combofix

Start->Run-> combofix /u


Clear system restore points

• 
  Clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  This will remove all restore points except the new one you just created.

 

[Calinks]

Never mind. Ok I have done that. What's next?