Jump to content

trojan malware problems


ntizzie
 Share

Recommended Posts

i did what i was told to do by the instructions i have the win32diag txt on my destop but i dont know how to get the asquared log i made a deep skan and didnt quarantine anything but dont know where to get the asquared log from and i did the i see you scan and dont know where to get the log from that either it didnt save it anywhere

Link to comment
Share on other sites

ok im saving the report from the asquared scan and i click on save and it just wont i dont know if its the virus making it or what but it wont attatch it i dont know what to do

like im saving it everywhere my documents puplit and its not there it wont save it anywhere on my computer

Link to comment
Share on other sites

Hi ntizzie, and welcome to the forum

If you cannot save a-squared report after the Deep Scan was finished by pressing <<Save Report>> button and using "Save report As..." dialogue

and you cannot run ISeeYouXP and/or HiJackFree it means that the infection is preventing those Tools from running

Can you find the report by a2 in ...\My Documents\a-squared Free\Reports folder (if that is free edition)?

or what is happening precisely when you are using "Save As..." dialogue?

Please wait for the advices from malware fighter(s). They will review Win32Diag.txt and post further instructions

My regards

Link to comment
Share on other sites

Your Win32kDiag report is incomplete.

Go to start > run and copy and paste the following command in the field:

"C:\Documents and Settings\Natalia\Pulpit\win32kdiag.exe" -f -r

This should restore permissions on locked files.

It will save a report on the Desktop (Win32kDiag.txt).

Attach that report on your next reply.

Link to comment
Share on other sites

i am scared more and more programs wont work as the time goes by an hour ago my mozilla was working now i cant because it says its infected i dont know what to do should i just run asquared and delete the trojan or virus because it may be too late what if it infects all the programs and my compouter wont even turn on?

Link to comment
Share on other sites

i am scared more and more programs wont work as the time goes by an hour ago my mozilla was working now i cant because it says its infected i dont know what to do should i just run asquared and delete the trojan or virus because it may be too late what if it infects all the programs and my compouter wont even turn on?

can somebody tell me what to do?? my stuff wont work the win32 wont open its infected like are you guys even able to help me? before my compouter is totally crushed.

Link to comment
Share on other sites

This may not work, but we are going to try anyway.

-----------------------------------------------------------

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop.

Link 1

Link 2

Link 3

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

Post fresh logs for:

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

Download -->> OTL <<-- to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Attach both logs with your next reply.

Link to comment
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Files
    C:\WINDOWS\ywujohedum.db
    C:\WINDOWS\System32\pazubidobe.dat
    C:\Documents and Settings\Natalia\Dane aplikacji\ubojapipo.dat
    C:\Documents and Settings\Natalia\Ustawienia lokalne\Dane aplikacji\iqom.db
    C:\Documents and Settings\All Users\Dokumenty\uwunolin.dat
    C:\KSoP.exe
    C:\Documents and Settings\Natalia\Pulpit\R227558.exe
    C:\WINDOWS\wp4.dat
    C:\WINDOWS\wp3.dat
    C:\WINDOWS\System32\wwp.htm
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Link to comment
Share on other sites

i dont know what happened my screen went blue and all icons from the destop vanished i dont know how to find the OTL

it was all fine till like an hour ago i cant cun the OTL.exe it says its infected like the othe rprogram WTF is this happening again?? i thought it was ok now its even worse

Link to comment
Share on other sites

it was all fine till like an hour ago i cant cun the OTL.exe it says its infected like the othe rprogram WTF is this happening again?? i thought it was ok now its even worse

there is a weird program that i have never installed on my computer that is called security tool and it tell me my stuff is infected i think its bullshit im freaking out i thought it was all good what happened?

Link to comment
Share on other sites

im scared i read all about the security tool and it can steal my identity information sociacl security and credit card numbers and such i need to get rid of this how?!?!?!? it wont let me run combofix. there is that website that claims if i download some spyware doctor it will remove the security tool but im not sure what if it makes it worse?

Link to comment
Share on other sites

Download -->> OTL <<-- to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Attach both logs with your next reply.

Link to comment
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
    
    :Files
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\*.tmp
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Link to comment
Share on other sites

Your logs look fine.

Unless you are having problems from Malware it is time to do the final steps.

If you used ComboFix, uninstall ComboFix:

  • Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.)
  • AvoidTDSS /u or combofix /u
    Note: The space before /u, must be there.
    This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  • Delete the C:\AvoidTDSS or C:\ComboFix folder from combofix.
    Delete everything in C:\!KillBox

Delete the following from your Desktop (If they exist)

Avenger.exe

Avenger.txt

Avenger.zip

DisableAutoRuns.reg

FixMe.reg

FixReg.reg

ISeeYouXP.exe

ISeeYouXP.lnk

ISeeYouXP.txt

Anything else I had you use

Delete the following: (If they exist)

C:\Avenger.txt

C:\Avenger

C:\ComboFix.txt

C:\ComboFix

C:\SDFix

C:\Qoobox

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Empty the Recycle Bin

Run ATF Cleaner

In the ISeeYouXP folder double-click HideIT.bat.

Turn off System restore to flush all your restore points then turn system restore back on.

To manually turn off System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

4 Click Yes when you receive the prompt to the turn off System Restore.

To turn on System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Delete C:\ISeeYouXP

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

That should take care of everything.

Safe Surfing!

Link to comment
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...