Solved Issues with internet, programs wouldn't open

Status
Not open for further replies.

Dannolis

Posts: 8   +0
Hello, recently it has become apparent to me that my computer's been infected- unfortanately I can't locate the source of this problem, however I do know that my antivirus spotted a couple of Trojans 1-2 days ago.

At that stage, I was unable to open google chrome, microsoft word, task manager, windows media player, MS paint and a number of other programs. Before coming across the techspot forums (which I did a year or two ago to fix my computer then- to great success), I used Malwarebytes' Anti-Malware, and am pretty conviced that the trojans are gone- however, while I can open the other programs now, I still cannot open google chrome (after uninstalling and reinstalling- yet chrome.exe often shows up multiple times on the task manager) and my internet explorer often crashes over the smallest things.
For the sake of this post, I'll post the initial Malwarebytes' Anti-Malware log, as the second (when I was working through the 8-step removal process) shows only clean results.

Thanks for the help.
 

Attachments

  • mbam-log-2010-09-27 (02-29-17).txt
    4.7 KB · Views: 2
  • gmer.log
    22.1 KB · Views: 1
  • DDS.txt
    9 KB · Views: 1
  • Attach.txt
    16.7 KB · Views: 0
Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!
 
http://virusscan.jotti.org/en/scanresult/f5772de11a61f96f0420f90f65a0ca26151ebfec

Filename: Lkufob.exe
Status: Scan finished. 12 out of 19 scanners reported malware.
Scan taken on: Wed 29 Sep 2010 02:22:12 (CET)


2010-09-29 Heur.W32 2010-09-28 Trojan:W32/Agent.DONP
2010-09-28 Win32:Trojan-gen 2010-09-29 Gen:Variant.Kazy.904
2010-09-28 Downloader.Generic10.UPN 2010-09-28 Found nothing
2010-09-28 TR/Zlob.228352.A 2010-09-28 Win32/TrojanDownloader.FakeAlert.AQI
2010-09-28 Gen:Variant.Kazy.904 2010-09-28 Found nothing
2010-09-28 Found nothing 2010-09-28 Found nothing
2010-09-29 Found nothing 2010-09-28 Mal/FakeAV-CX
2010-09-29 Trojan.DownLoader1.22695 2010-09-28 Malware-Cryptor.Grygoryi.3
2010-09-28 W32/Renos.A!Generic 2010-09-28 Found nothing
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
KillAll::

File::
c:\windows\Lkufob.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
  • Combofix.txt
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
Sorry but I missed one :(.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
KillAll::

File::
c:\windows\Lkufoa.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
  • Combofix.txt
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

==============

Let me know how things are please.
 
Ahh heh yeah I was wondering about that.
Log attached.

Everything seems to be running smoothly- are there any abnormalities remaining?
 

Attachments

  • combofix log3.txt
    12.4 KB · Views: 1
Not seeing anything else there, but I wouldn't mind you doing an on-line scan to be sure.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

 
Ok. Eset is able to also remove those files if you run it again and check the box.

I know nothing of that Fruity thing it found. Do you know what it is?
 
Well FLstudio is FruityLoops, a digital audio workstation for mixing and recording (etc) audio.
Considering I have a more professional (albeit harder to use) piece of audio editing software, I won't have a problem having Eset clear it.

Thanks for all your help, you guys are saviors.
 
No worries :).

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
 
Status
Not open for further replies.
Back