PDA

View Full Version : [Closed] mixidj+conduit fragments+spywarehunter4 hoaxware fragments



aeiouy
2013-09-10, 07:41
My browsers and probably privacy are infected with conduit and mixidj and whatever if the files are now absent they still persist. I made a patch to zero-+read_only all mixidj and conduit files... (some are detected many are not) and i make constant efforts to zero-k-lock the mixidj files but it's recurring. My computer became very unstable because of spywarehunter4 that claims to clean conduit but that not only fails to but also ask to pay at the end of a long scan, and after taking system ownership and removing admin rights. Creating a virtual partition with boot files called sh4ldr that i also kicked off and zero-k-lock and even if i managed to kind of i-wish remove it, windows 8 is more unstable and some metro applications fails.
There also has been a dilem with any of them all trying to replace winlogon.exe and or it was something trying to restore it, or it was something trying to override it. I decided to check the correct registry values and found a microsoft utility to restore the correct values but i doubt my system is safe and mixidj relapses and find its way into appdata/somewhere/somewhere windows search can't acces/chrome/chrome extensions stuff...
I packed the patch i made.
-------------------------------------------------------
Edit
Removed self fix information and links. :)




Note that all instructions given are customized for that member's personal computer only, the tools used may cause damage if run on a machine with different specs/infections. Please do not take fixes given to another user and apply to your own machine.



If someone posts instructions in their own topic, "this worked for me", it will be removed, possibly without notice. Just so you know. http://forums.spybot.info/images/smilies/smile.png

http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-%28Please-read-this-Procedure-Before-Requesting-Assistance%29

tashi
2013-09-10, 08:12
Hello aeiouy,


My browsers and probably privacy are infected with conduit and mixidj and whatever if the files are now absent they still persist.

In case you missed it please see the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) FAQ which shows the procedure for requesting assistance in this forum. :)

http://forums.spybot.info/showthread.php?t=288

Or, to ask for Requests for additions to Spybot's detections (http://forums.spybot.info/forumdisplay.php?17-Requests-for-additions-to-Spybot-s-detections)

Best regards.

aeiouy
2013-09-11, 00:59
http://forums.spybot.info/showthread.php?69312-mixidj-conduit-fragments-spywarehunter4-hoaxware-fragments
I've been asked to move topic and add DDS and aswMBR but i am currently clueless... I'll check in spybot for both entries.
copy of my original message:

My browsers and probably privacy are infected with conduit and mixidj and whatever if the files are now absent they still persist. I made a patch to zero-+read_only all mixidj and conduit files... (some are detected many are not) and i make constant efforts to zero-k-lock the mixidj files but it's recurring. My computer became very unstable because of spywarehunter4 that claims to clean conduit but that not only fails to but also ask to pay at the end of a long scan, and after taking system ownership and removing admin rights. Creating a virtual partition with boot files called sh4ldr that i also kicked off and zero-k-lock and even if i managed to kind of i-wish remove it, windows 8 is more unstable and some metro applications fails.
There also has been a dilem with any of them all trying to replace winlogon.exe and or it was something trying to restore it, or it was something trying to override it. I decided to check the correct registry values and found a microsoft utility to restore the correct values but i doubt my system is safe and mixidj relapses and find its way into appdata/somewhere/somewhere windows search can't acces/chrome/chrome extensions stuff...
I packed the patch i made.
Furthermore, i had to remove conduit entry in one of the 3 user profiles from chrome after i thought it removed.
Also, the origin of both source malwares are mario bros 2.5D that has a malicious installer that canot be cancelled, that canot be exited, that will install spywares whatever the choice user may make, and freegate. To reproduce and observe the infection's behaviors, both plus spywarehunter4 are required.

So, i don't know what DDS and sswMBR logs are. I will include them in the next reply so please do not lock or edit this thread. :)
It would only slow down the cleaning process and maybe discourage me of posting again and get my windows installation disk useful.
Mixidj infections are really intrusive and is worth countering. And spywarehunter4 makes radical system changes and has to be countered too.
Yet here is spybot's log.


--- Search result list ---
Félicitations!: Aucun mouchard n'a été trouvé. (Status)

I'd join the rest of the log but it's too long for your forum's max string length.

tashi
2013-09-11, 01:33
Hello aeiouy,

Sorry for the confusion, the Requests for additions to Spybot's detections forum is to ask for malware that isn't yet detected to be added to the detections. :)

To seek malware removal for an active infection please see the FAQ which also includes guidelines for this forum and instructions in post #2 on how to provide the preliminary DDS and aswMBR logs used for analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic here in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) providing the DDS and aswMBR logs so a volunteer analyst can advise when available. :)

Best regards.

tashi
2013-09-11, 06:15
Log split off to new topic: http://forums.spybot.info/showthread.php?69321-mixidj-conduit-fragments-spywarehunter4-hoaxware-fragments&p=444935#post444935

To e-mail the zero-k patch you'd like detectives to look at it can be sent to: http://forums.spybot.info/misc.php?do=email_dev&email=ZGV0ZWN0aW9uc0BzcHlib3QuaW5mbw== Please provide a link back to your forum topic. :)