UTCSinfonian
Posts: 8 +0
Panda Antiroot Kit found no problems. Here are the logs.
Fotomoto problems
- Thread starter UTCSinfonian
- Start date
- Status
evilfantasy
Posts: 425 +0
Download ViewpointKiller
* Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop.
* Double click the ViewpointKiller icon to run ViewpointKiller.exe. Select the "File" menu, and select "Check to see if you have Viewpoint installed".
* If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper "Kill" option in the File menu.
Follow the prompts and instructions very carefully, answering "Yes" or "No" depending on which option you are most comfortable with. The MsConfig instructions are very important, so be sure to read them carefully.
Note: When done with ViewpointKiller, simply right click and delete all files that were unzipped.
----------
Open HijackThis and select Do a system scan only then place a check mark next to:
O2 - BHO: {d5878220-4625-efa8-ff04-e3e748a41133} - {33114a84-7e3e-40ff-8afe-52640228785d} - C:\WINDOWS\system32\ritcubls.dll (file missing)
O2 - BHO: (no name) - {3A9EB43B-EE10-4159-8100-C4A3B6435372} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
Close all windows except for HijackThis and click Fix checked
----------
Delete these files/folders, as follows:
* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):
* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang
----------
Next post please attach
combofix log
New HijackThis log
* Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop.
* Double click the ViewpointKiller icon to run ViewpointKiller.exe. Select the "File" menu, and select "Check to see if you have Viewpoint installed".
* If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper "Kill" option in the File menu.
Follow the prompts and instructions very carefully, answering "Yes" or "No" depending on which option you are most comfortable with. The MsConfig instructions are very important, so be sure to read them carefully.
Note: When done with ViewpointKiller, simply right click and delete all files that were unzipped.
----------
Open HijackThis and select Do a system scan only then place a check mark next to:
O2 - BHO: {d5878220-4625-efa8-ff04-e3e748a41133} - {33114a84-7e3e-40ff-8afe-52640228785d} - C:\WINDOWS\system32\ritcubls.dll (file missing)
O2 - BHO: (no name) - {3A9EB43B-EE10-4159-8100-C4A3B6435372} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
Close all windows except for HijackThis and click Fix checked
----------
Delete these files/folders, as follows:
* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):
* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang
----------
Next post please attach
combofix log
New HijackThis log
UTCSinfonian
Posts: 8 +0
Here are the two logs. When I did the viewpoint killer it successfully got rid of one of the components but the other two had errors.
evilfantasy
Posts: 425 +0
Open HijackThis and select Do a system scan only then place a check mark next to:
O4 - HKLM\..\Run: [c00b8f7b] rundll32.exe "C:\WINDOWS\system32\sdfdbxxf.dll",b
O20 - Winlogon Notify: winwly32 - C:\WINDOWS\
Close all windows except for HijackThis and click Fix checked
----------
Now download The Avenger By Swandog46, and save it to your Desktop.
* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Check the Input script manually box.
* Click on the Magnifying Glass Icon which will open a new window titled View/edit script
* Copy everything in the Quote box below, and paste it in the box that opens:
Note: the above quote was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system
* Now click the 'Done' button.
* Click on the Green Light and OK the prompt.
* You will be prompted to restart, click OK at the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt
The Avenger will automatically do the following:
* It will Restart your computer. (In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
* On reboot, it will briefly open a black command window on your desktop, this is normal.
* After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
* The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Please attach the C:\avenger.txt in your next post.
----------
Download SDFix.exe and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard).
* Finally add the contents of the Report.txt in your next post as an Attachment with a new HijackThis log
----------
Next post
avenger.txt
Report.txt
New HijackThis log
O4 - HKLM\..\Run: [c00b8f7b] rundll32.exe "C:\WINDOWS\system32\sdfdbxxf.dll",b
O20 - Winlogon Notify: winwly32 - C:\WINDOWS\
Close all windows except for HijackThis and click Fix checked
----------
Now download The Avenger By Swandog46, and save it to your Desktop.
* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Check the Input script manually box.
* Click on the Magnifying Glass Icon which will open a new window titled View/edit script
* Copy everything in the Quote box below, and paste it in the box that opens:
Note: the above quote was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system
* Now click the 'Done' button.
* Click on the Green Light and OK the prompt.
* You will be prompted to restart, click OK at the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt
The Avenger will automatically do the following:
* It will Restart your computer. (In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
* On reboot, it will briefly open a black command window on your desktop, this is normal.
* After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
* The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Please attach the C:\avenger.txt in your next post.
----------
Download SDFix.exe and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard).
* Finally add the contents of the Report.txt in your next post as an Attachment with a new HijackThis log
----------
Next post
avenger.txt
Report.txt
New HijackThis log
UTCSinfonian
Posts: 8 +0
Did the HijackThis. When I clicked the green light in Avenger I got the message "Error: selected file does not appear to be a valid script." then "Error code: 0" I stopped after that just in case.
evilfantasy
Posts: 425 +0
Enable Viewing Of Hidden System Files & Folders
1. Click Start.
2. Select Control Panel.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide extensions for known file types option.
7. Uncheck the Hide protected operating system files (recommended) option.
8. Click Apply.
9. Click OK.
----------
You may want to copy and paste the files paths into notepad and save it to the desktop. You will not be able to see this page from safe mode.
----------
Starting your computer in safe mode
* If the computer is running, shut down Windows, and then turn off the power.
* Wait 30 seconds, and then turn the computer on.
* Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
* Ensure that the Safe Mode option is selected.
* Press Enter. The computer then begins to start in Safe mode.
* Login on your usual account.
----------
Then locate and delete these files/folders (in bold)
C:\WINDOWS\system32\IEDFix.exe
C:\Program Files\Ycejjkfg
C:\Program Files\Zfwsksos
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\sdfdbxxf.dll
----------
Reboot to normal mode.
Please download ATF Cleaner by Atribune. ATF Cleaner.exe
Make sure that all browser windows are closed.
If you use Firefox browser
If you use Opera browser
Click Exit on the Main ATF Cleaner menu to close the program.
----------
Then run the SDFix and post that log along with a new HijackThis log.
1. Click Start.
2. Select Control Panel.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide extensions for known file types option.
7. Uncheck the Hide protected operating system files (recommended) option.
8. Click Apply.
9. Click OK.
----------
You may want to copy and paste the files paths into notepad and save it to the desktop. You will not be able to see this page from safe mode.
----------
Starting your computer in safe mode
* If the computer is running, shut down Windows, and then turn off the power.
* Wait 30 seconds, and then turn the computer on.
* Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
* Ensure that the Safe Mode option is selected.
* Press Enter. The computer then begins to start in Safe mode.
* Login on your usual account.
----------
Then locate and delete these files/folders (in bold)
C:\WINDOWS\system32\IEDFix.exe
C:\Program Files\Ycejjkfg
C:\Program Files\Zfwsksos
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\sdfdbxxf.dll
----------
Reboot to normal mode.
Please download ATF Cleaner by Atribune. ATF Cleaner.exe
Make sure that all browser windows are closed.
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All and UNCHECK Cookies.
- Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All and UNCHECK Cookies.
- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All and UNCHECK Cookies.
- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main ATF Cleaner menu to close the program.
----------
Then run the SDFix and post that log along with a new HijackThis log.
UTCSinfonian
Posts: 8 +0
Here are the new logs.
evilfantasy
Posts: 425 +0
That looks much better!
How is the computer now?
Your Java is out of date leaving your system vulnerable.
Older versions have vulnerabilities that malware can use to infect your system.
Updating Java:
* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
* Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
** The latest version is Java 6 Update 3. Remove all other entries.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each of the Java versions.
* Reboot your computer once all Java components are removed.
* Download the latest version of Java Runtime Environment (JRE) 6
* Click the Free Java Download button.
* Click the Download Now button.
* When the Software Installation dialog box opens. Click on the Install Now button.
* Follow the prompts to complete installation.
Let us know if anything else comes up.
How is the computer now?
Older versions have vulnerabilities that malware can use to infect your system.
Updating Java:
* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
* Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
** The latest version is Java 6 Update 3. Remove all other entries.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each of the Java versions.
* Reboot your computer once all Java components are removed.
* Download the latest version of Java Runtime Environment (JRE) 6
* Click the Free Java Download button.
* Click the Download Now button.
* When the Software Installation dialog box opens. Click on the Install Now button.
* Follow the prompts to complete installation.
Let us know if anything else comes up.
UTCSinfonian
Posts: 8 +0
The computer seems to be running fine now. What security software would you suggest I turn on and use? I have avast! antivirus, and I was running Windows Defender. Should I keep those or change it? (Or add to it I suppose) Thanks so much.
evilfantasy
Posts: 425 +0
Items to increase security.
Avast and Windows defender are fine to keep. You can also add. (all free)
SpywareBlaster https://www.techspot.com/downloads/568-spywareblaster.html
SpywareGuard https://www.techspot.com/downloads/1337-spywareguard.html
I would suggest using a better firewall then the one built into Windows.
Comodo Personal Firewall https://www.techspot.com/downloads/3702-comodo-personal-firewall-beta.html
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
We also need to do some clean up.
Go to Start > Run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit Enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again
----------
Please download OTMoveIt by OldTimer OTMoveIt.exe and place it on your desktop.
1. Double click OTMoveIt.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. You will be prompted to allow the clean up procedure, click Yes
5. When finished exit out of OTMoveIt
Anything else just ask...
Avast and Windows defender are fine to keep. You can also add. (all free)
SpywareBlaster https://www.techspot.com/downloads/568-spywareblaster.html
SpywareGuard https://www.techspot.com/downloads/1337-spywareguard.html
I would suggest using a better firewall then the one built into Windows.
Comodo Personal Firewall https://www.techspot.com/downloads/3702-comodo-personal-firewall-beta.html
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
We also need to do some clean up.
Go to Start > Run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit Enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again
----------
Please download OTMoveIt by OldTimer OTMoveIt.exe and place it on your desktop.
1. Double click OTMoveIt.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. You will be prompted to allow the clean up procedure, click Yes
5. When finished exit out of OTMoveIt
Anything else just ask...
UTCSinfonian
Posts: 8 +0
So I was installing Comodo and after I restarted to finish setup a message popped up that said "ERROR: Could not load C:\Program Files\COMODO\firewall\cfpres.dll . Please checkif application installation folder has this file. Aborting application." I tried to uninstall Comodo and the same message popped up. I can't access the internet (I'm on a roommate's computer.) Did I mess something up?
UTCSinfonian
Posts: 8 +0
I got it worked out. Everything seems to be up and running. Thanks for all the help.
- Status
Similar threads
Latest posts
-
This Japanese vending machine dispenses Intel Core CPUs for just $3.25 a pop- Squid Surprise replied