hjt help!
- Thread starter gabodire
- Start date
- Status
momok
Posts: 2,127 +6
Hi gabodire and welcome to techspot. =)
Important: Please read this thread HERE before you decide whether to clean or reformat your system.
Should you decide to clean your computer, do the following.
You are running an outdated version of HijackThis.
You can obtain the latest version from the link in my signature.
You may wish to copy and paste these instructions on notepad for easier reference later.
Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE
Go to start > run and type services.msc. Press the enter key.
Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
GPLv3
NI.UWA6P_0001_N91M1807
Go to start > Control Panel > Add and Remove Programs.
Remove anything related to the following:
Winantiviruspro 2006
After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\mtncoiab.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {F12DC648-1FF0-4814-A6E7-0A681D4E0C09} - C:\WINDOWS\system32\weurevei.dll (file missing)
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\iwuueccv.dll",realset
O4 - HKLM\..\Run: [NI.UWA6P_0001_N91M1807] "C:\Documents and Settings\Padreic\Desktop\WinAntiVirusPro2006FreeInstall.exe" -nag
Close HJT.
Navigate in Windows Explorer and delete the following files and folders in bold.
C:\WINDOWS\system32\mtncoiab.dll
C:\WINDOWS\system32\iwuueccv.dll
C:\Documents and Settings\Padreic\Desktop\WinAntiVirusPro2006FreeInstall.exe
Reboot into normal mode and rehide your protected OS files.
Please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.
Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.
Also, please let me know the results of the AVG Antirootkit scan
Regards,
Your friendly momok =)
This thread is for the use of gabodire only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Important: Please read this thread HERE before you decide whether to clean or reformat your system.
Should you decide to clean your computer, do the following.
You are running an outdated version of HijackThis.
You can obtain the latest version from the link in my signature.
You may wish to copy and paste these instructions on notepad for easier reference later.
Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE
Go to start > run and type services.msc. Press the enter key.
Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
GPLv3
NI.UWA6P_0001_N91M1807
Go to start > Control Panel > Add and Remove Programs.
Remove anything related to the following:
Winantiviruspro 2006
After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\mtncoiab.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {F12DC648-1FF0-4814-A6E7-0A681D4E0C09} - C:\WINDOWS\system32\weurevei.dll (file missing)
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\iwuueccv.dll",realset
O4 - HKLM\..\Run: [NI.UWA6P_0001_N91M1807] "C:\Documents and Settings\Padreic\Desktop\WinAntiVirusPro2006FreeInstall.exe" -nag
Close HJT.
Navigate in Windows Explorer and delete the following files and folders in bold.
C:\WINDOWS\system32\mtncoiab.dll
C:\WINDOWS\system32\iwuueccv.dll
C:\Documents and Settings\Padreic\Desktop\WinAntiVirusPro2006FreeInstall.exe
Reboot into normal mode and rehide your protected OS files.
Please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.
Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.
Also, please let me know the results of the AVG Antirootkit scan
Regards,
Your friendly momok =)
This thread is for the use of gabodire only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
kitty500cat
Posts: 1,391 +6
Please navigate to virusscan.jotti.org.
Copy and paste the following into the text box at the top of the page.
C:\WINDOWS\system32\mjcrost.dll
Click the Submit button.
Please let me know the results.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.
Search your system for the filename adober.exe and delete all instances found.
Then post back here with the results of the Jotti virus scan, as well as fresh HJT and ComboFix logs.
Regards
This thread is for the use of gabodire only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Copy and paste the following into the text box at the top of the page.
C:\WINDOWS\system32\mjcrost.dll
Click the Submit button.
Please let me know the results.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.
Search your system for the filename adober.exe and delete all instances found.
Then post back here with the results of the Jotti virus scan, as well as fresh HJT and ComboFix logs.
Regards
This thread is for the use of gabodire only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
momok
Posts: 2,127 +6
Hi,
Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.
Drag the Combofix-Do.txt over on to Combofix.exe and release.
This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.
Question: What do you have as your F:\ ? Is it your CD Drive or portable hard drive? Please let us know the contents of this drive and what you use it for.
Regards,
Your friendly momok =)
This thread is for the use of gabodire only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.
Drag the Combofix-Do.txt over on to Combofix.exe and release.
This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.
Question: What do you have as your F:\ ? Is it your CD Drive or portable hard drive? Please let us know the contents of this drive and what you use it for.
Regards,
Your friendly momok =)
This thread is for the use of gabodire only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
momok
Posts: 2,127 +6
Hi,
Sorry for the delay in response.
Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.
Drag the Combofix-Do.txt that you downloaded earlier over on to Combofix.exe and release.
This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.
I suggest you run AVG antispyware scan and include your usb drive in the scan. Plug it in before starting the scan so it appears for you to include for scanning.
Thereafter, please post fresh gabodire HJT and AVG Antispyware logs from normal mode and the ComboFix log from the safe mode instructions as attachments into this thread.
Sorry for the delay in response.
Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.
Drag the Combofix-Do.txt that you downloaded earlier over on to Combofix.exe and release.
This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.
I suggest you run AVG antispyware scan and include your usb drive in the scan. Plug it in before starting the scan so it appears for you to include for scanning.
Thereafter, please post fresh gabodire HJT and AVG Antispyware logs from normal mode and the ComboFix log from the safe mode instructions as attachments into this thread.
momok
Posts: 2,127 +6
Hi,
Please download and run CCleaner via step 9 of the instructions HERE.
Have HijackThis fix this entry:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
After this you're good to go.
Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)
You may also delete the C:\VundoFix Backups folder and its contents.
Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.
After that turn system restore back on.
This would have created a new safe and clean restore point for your system.
Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.
Should you have any further problems, please post in this thread.
Regards,
Your friendly momok =)
This thread is for the use of gabodire only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Please download and run CCleaner via step 9 of the instructions HERE.
Have HijackThis fix this entry:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
After this you're good to go.
Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)
You may also delete the C:\VundoFix Backups folder and its contents.
Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.
After that turn system restore back on.
This would have created a new safe and clean restore point for your system.
Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.
Should you have any further problems, please post in this thread.
Regards,
Your friendly momok =)
This thread is for the use of gabodire only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Latest posts
-
"CPUs Don't Matter For 4K Gaming"... Wrong!- hwertz replied
