How to get and run virus scans w/ popups

[jstwstngtime]

I think I have cyberlog-x or some variation thereof (it seems linked to wanting me to buy Kaspersky). What's the best way to run virus scans and download virus software when I keep having popups that slow everything down or stop everything?
Can I run these in safe mode? Will that prohibit some of the popups?

Will purchasing a Norton or Panda take care of it without going through a long process of online scans etc.?

 

[Jase123]

Will purchasing a Norton or Panda take care of it without going through a long process of online scans etc.?

If your infected they won't just help you. As for Norton thats a waste of money - it creates more problems than it solves.

Lets have a look for anything nasty - please follow my instructions below:

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Jason

This thread is for the use of jstwstngtime ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.

 

[jstwstngtime]

yes, I despise Norton... my dad use to install it all the time and it was a ROYAL pain. In fact, that's why I don't have protection now. This is only the second time I've had something like this, but this one seems quite bad. Is there a way to get the pop-ups to stop long enough to get online to get the stuff I need to run the scans? I'll probably try and start running some this afternoon around 4 central time and then work on it more on Wednesday. I have a feeling this will take a few days to get through. Thanks for your willingness to help. Any other words of wisdom?

 

[Jase123]

In fact, that's why I don't have protection now.

This is a huge security risk.

I recommend you do the following immediately;

Download one of the antivirus;

avast! 4 Home Edition

AVG Antivirus 7.5

Followed by one of the free firewalls;

Zone Alarm

Outpost

Comodo

Run any updates and reboot the required number of times.

Run a virus scan with your virus scanner and delete all browsing history - browsers cache ect.. Then go through the instructions.

Regards Jason

 

[jstwstngtime]

I will download those as soon as i get home and start working on the other steps as well. Does it help me that I delete all of my history, cookies, and auto complete forms on a regular basis? I don't think I've done anything with any high security clearances since I've last deleted those. Or does the virus go beyond those measures to find passwords etc? I've already changed my banking password and I'll have my wife do the same. Are there other things they often go after besides bank accounts and pay pal? I don't have any credit cards other than my bank/ATM card.

 

[Jase123]

Well for an example - if you were to have a backdoor.trojan lurking - then it wouldn't matter if you changed your password as the new one would be sent to the attacker. Once I see your logs I can take a further look at your system and advise you what to do.

Does it help me that I delete all of my history, cookies, and auto complete forms on a regular basis?

It can help yes.

Will look our for you logs later.

Regards Jason

This thread is for the use of jstwstngtime ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.

 

[jstwstngtime]

log update

Here is my HJT. Everything appears to be working okay. My computer is quite slow still. I am also getting an error message when I start windows. It's a ckxnnojs.dll error?
Do you want my AVG and Combofix too? I've got to run, but I can post those later. The Panda antiroot didn't find anything.
Thanks for your help!
justin

 

[momok]

Hi,

Your system is definitely not clean.
You may wish to copy and paste these instructions on notepad for easier reference later.

1. Boot into safe mode under your normal user name. See how HERE
   
2. Next turn on "Show all files and folders, including hidden and system". See how HERE
   
   
3. Go to start > run and type msconfig. Press the enter key.
   Search for the following entries. Uncheck them to stop them from starting up. Click Ok but do not restart your system yet.
   
   Fkzje
   349b97a5
   
   
4. Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:
   
   C:\WINDOWS\System32\ckxnnojs.dll
   
   
5. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
   
   O2 - BHO: {fa4a99ab-0915-7c4a-4b04-1df71da8ec1f} - {f1ce8ad1-7fd1-40b4-a4c7-5190ba99a4af} - C:\WINDOWS\System32\nlgrscdu.dll (file missing)
   O4 - HKLM\..\Run: [349b97a5] rundll32.exe "C:\WINDOWS\System32\ckxnnojs.dll",b
   O4 - HKCU\..\Run: [Fkzje] "C:\Program Files\S?mantec\l?***.exe"
   
   Close HJT.
   
   
6. Navigate in Windows Explorer and delete the following files and folders in bold.
   C:\WINDOWS\System32\ckxnnojs.dll
   C:\Program Files\S?mantec\ < note: this folder would probably be displayed as Symantec, or some random character in place of the "?". Delete the entire folder and its contents.
   
   
7. Reboot into normal mode and rehide your protected OS files.

Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread. Do not copy and paste the logs.


Regards,
momok =)

This thread is for the use of jstwstngtime only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jstwstngtime]

Okay, I followed the steps above. I didn't find anything in step 3. I did find the .dll file when looking at step three so I stopped it.
Step4 - Nothing found
Step 5 - all found all deleted
Step 6 - nothing found

Here's the HJT log from these six steps. Is there an order I need to run AVG, Combofix, and HJT now that I'm done with these steps?

Here are all three final logs. Let me know if you see anything else. Thanks!
(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.

 

[momok]

Hi,

1. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):
   
   

   File::
   C:\WINDOWS\system32\sjonnxkc.ini
   C:\WINDOWS\system32\mvqraghi.ini
   C:\WINDOWS\system32\kryjpokr.ini
   C:\WINDOWS\system32\ntalfhfl.ini
   C:\WINDOWS\iun6002.exe

2. Save this as CFScript on the desktop.
3. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
   
   
   
   
4. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
   
   Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

Thereafter, please post a fresh HJT log and the resultant ComboFix log from the above instructions as attachments into this thread.


Regards,
momok =)

This thread is for the use of jstwstngtime only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.

 

[jstwstngtime]

update

Here are the logs. What's next...???

are we there yet?

 

[momok]

Hi,

Your logs look clean now.

1. Please download and run CCleaner via step 9 of the instructions HERE.
   
   
2. Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)
   
   
3. Turn off system restore (XP/ME only). Learn how to do that HERE.
   This will remove all the remaining nasties from your old restore points.
   
   
4. After that turn system restore back on.
   This would have created a new safe and clean restore point for your system.
   
   
5. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
   May I recommend you to read this article.
   This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
momok =)

This thread is for the use of jstwstngtime only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.