Meh, got it. I ran Hijackthis and this is the logfile. So far no major damage, although I cannot load security websites and forums (like this one) and not even run the mbam-setup.exe, SUPERAntiSpyware.exe and HijackThisInstaller.exe unless I change the filename. I can use explorer because I disabled a bunch of add-ons but that might not be the reason. Help please?
Infected by the Spyware Protect 2009
- Thread starter Manolo
- Start date
- Status
FOUND this:
http://www.2-spyware.com/remove-spyware-protect-2009.html
Or if you can't:
Download this:
http://www.pctools.com/downloads/afl_2-spyware/sdsetup.exe
Or do it manually:
Kill processes:
c:\\WINDOWS\\aazalirt.exe
c:\\WINDOWS\\dkekkrkska.exe
c:\\WINDOWS\\dkewiizkjdks.exe
c:\\WINDOWS\\iddqdops.exe
c:\\WINDOWS\\ienotas.exe
c:\\WINDOWS\\iqmcnoeqz.exe
c:\\WINDOWS\\irprokwks.exe
c:\\WINDOWS\\jikglond.exe
c:\\WINDOWS\\jiklagka.exe
c:\\WINDOWS\\jrjakdsd.exe
c:\\WINDOWS\\jungertab.exe
c:\\WINDOWS\\kitiiwhaas.exe
c:\\WINDOWS\\kkwknrbsggeg.exe
c:\\WINDOWS\\klopnidret.exe
c:\\WINDOWS\\krkdkdkee.exe
c:\\WINDOWS\\krkmahejdk.exe
c:\\WINDOWS\\krtawefg.exe
c:\\WINDOWS\\krujmmwlrra.exe
c:\\WINDOWS\\ktknamwerr.exe
c:\\WINDOWS\\kuruhccdsdd.exe
c:\\WINDOWS\\ooorjaas.exe
c:\\WINDOWS\\oranerkka.exe
c:\\WINDOWS\\oropbbsee.exe
c:\\WINDOWS\\otnnbektre.exe
c:\\WINDOWS\\otowjdseww.exe
c:\\WINDOWS\\otpeppggq.exe
c:\\WINDOWS\\rkaskssd.exe
c:\\WINDOWS\\ronitfst.exe
c:\\WINDOWS\\seeukluba.exe
c:\\WINDOWS\\skaaanret.exe
c:\\WINDOWS\\sysguardn.exe
c:\\WINDOWS\\tobmygers.exe
c:\\WINDOWS\\tobykke.exe
c:\\WINDOWS\\zibaglertz.exe
Delete registry values:
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "sysguardn"
Delete files:
Spyware Protect 2009.lnk Uninstall Spyware Protect 2009.lnk
Hope it helps...
peace
han
http://www.2-spyware.com/remove-spyware-protect-2009.html
Or if you can't:
Download this:
http://www.pctools.com/downloads/afl_2-spyware/sdsetup.exe
Or do it manually:
Kill processes:
c:\\WINDOWS\\aazalirt.exe
c:\\WINDOWS\\dkekkrkska.exe
c:\\WINDOWS\\dkewiizkjdks.exe
c:\\WINDOWS\\iddqdops.exe
c:\\WINDOWS\\ienotas.exe
c:\\WINDOWS\\iqmcnoeqz.exe
c:\\WINDOWS\\irprokwks.exe
c:\\WINDOWS\\jikglond.exe
c:\\WINDOWS\\jiklagka.exe
c:\\WINDOWS\\jrjakdsd.exe
c:\\WINDOWS\\jungertab.exe
c:\\WINDOWS\\kitiiwhaas.exe
c:\\WINDOWS\\kkwknrbsggeg.exe
c:\\WINDOWS\\klopnidret.exe
c:\\WINDOWS\\krkdkdkee.exe
c:\\WINDOWS\\krkmahejdk.exe
c:\\WINDOWS\\krtawefg.exe
c:\\WINDOWS\\krujmmwlrra.exe
c:\\WINDOWS\\ktknamwerr.exe
c:\\WINDOWS\\kuruhccdsdd.exe
c:\\WINDOWS\\ooorjaas.exe
c:\\WINDOWS\\oranerkka.exe
c:\\WINDOWS\\oropbbsee.exe
c:\\WINDOWS\\otnnbektre.exe
c:\\WINDOWS\\otowjdseww.exe
c:\\WINDOWS\\otpeppggq.exe
c:\\WINDOWS\\rkaskssd.exe
c:\\WINDOWS\\ronitfst.exe
c:\\WINDOWS\\seeukluba.exe
c:\\WINDOWS\\skaaanret.exe
c:\\WINDOWS\\sysguardn.exe
c:\\WINDOWS\\tobmygers.exe
c:\\WINDOWS\\tobykke.exe
c:\\WINDOWS\\zibaglertz.exe
Delete registry values:
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "sysguardn"
Delete files:
Spyware Protect 2009.lnk Uninstall Spyware Protect 2009.lnk
Hope it helps...
peace
han
We request that all members follow this guide and attach the logs:
UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
Note there is no need to purchase software and I would not recommend SpywareDoctor for that reason
Also killing "processes" does not remove the infection
Personally I would recommend that you also uninstall AVG Antivirus and then run the AVG Removal Tool, and then install the better Avira Antivirus. (ie AVG didn't save you this time - as per normal)
UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
Note there is no need to purchase software and I would not recommend SpywareDoctor for that reason
Also killing "processes" does not remove the infection
Personally I would recommend that you also uninstall AVG Antivirus and then run the AVG Removal Tool, and then install the better Avira Antivirus. (ie AVG didn't save you this time - as per normal)
No, of course killing processes would not remove the infection, but it may give the user a "leg-up" when having this issue. I also recommend viewing:
UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
The only other addition I could offer is do a system restore from Safe Mode w/Command Prompt.
UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
The only other addition I could offer is do a system restore from Safe Mode w/Command Prompt.
My email Server has gone on the blink so please excuse the late reply. (presently just checking threads)
Anyway "system restore" is not advised on a possible Malware infected computer
As System Restore is usually the first place where infection is hit, therefore if run Windows itself may corrupt.
I refer you to this ruling that states the 8-Step guide must be followed and the the logs checked:
Special governing rules for the Virus & Malware removal board
Anyway "system restore" is not advised on a possible Malware infected computer
As System Restore is usually the first place where infection is hit, therefore if run Windows itself may corrupt.
I refer you to this ruling that states the 8-Step guide must be followed and the the logs checked:
Special governing rules for the Virus & Malware removal board
Ok, I ran Malwarebytes and found a bunch of stuff, but advised that I had to reboot to delete some of the files. Of course when I reboot I get the blue screen of death. After restarting I run HijackThis again. Attached are the logfiles. Btw, I had to rename the executable of Malwarebytes because the whatever I have avoids its execution.
Meh, definitely AVG did not save me. Why do I need the AVG Removal Tool?
Meh, definitely AVG did not save me. Why do I need the AVG Removal Tool?
Well do this.
Uninstall your AVG Antivirus
Then run the removal tool
Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe
Install Avira free AntiVirus
Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
You need to run this multiple times, until all hidden Malwares are uncovered and removed
And this time also run SuperAntispyware (which will now likely work from doing the above) and provide that log too.
By the way if you have any P2P software as recently discussed h e r e
Please remove that too.
Uninstall your AVG Antivirus
Then run the removal tool
Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe
Install Avira free AntiVirus
Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
You need to run this multiple times, until all hidden Malwares are uncovered and removed
And this time also run SuperAntispyware (which will now likely work from doing the above) and provide that log too.
By the way if you have any P2P software as recently discussed h e r e
Please remove that too.
Ah huh.
And you decided to keep AVG even though it, well, it didn't help before
That's sad
Nono, i'm going to remove AVG as soon as I get rid of this trojan. I'm actually removing AVG right now in my laptop.
I'm just going to post in Red a couple of results from the Avira scan (after AVG scan)
Anyway, back to the issue at hand
Combofix Instructions
Combofix will automatically save the log file to C:\combofix.txt
Also attach a fresh HiJackThis scan ran afterwards
This is highlighted because constantly other support members state I shouldn't say remove the useless AVG Antivirus
Anyway, back to the issue at hand
Combofix Instructions
- Download
Combofix to your desktop. - Double click Combofix & follow the prompts.
- A window will open with a warning.
- When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Combofix will automatically save the log file to C:\combofix.txt
Also attach a fresh HiJackThis scan ran afterwards
Repair HijackThis entries
Please run HijackThis scan and put a check beside the following entries. • Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.
I found that it is related to: University of California
Remove ComboFix
Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK
Restart
Have a nice day
Please run HijackThis scan and put a check beside the following entries. • Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.
I have highlighted one (DNS) entry "017" above if this entry is not provided by your ISP then it can be safely removed.
I found that it is related to: University of California
Remove ComboFix
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
-
- When shown the disclaimer, Select "2"
Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK
Restart
Have a nice day
Do me a BIG favor.
Reply on this thread with your findings and general thoughts on AVG8 and Avira https://www.techspot.com/vb/topic124174.html
Basically "support" don't believe me
And I'm fighting a one man show! ie me against the rest
Reply on this thread with your findings and general thoughts on AVG8 and Avira https://www.techspot.com/vb/topic124174.html
Basically "support" don't believe me
And I'm fighting a one man show! ie me against the rest
- Status
