Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 32

Thread: Help please!

  1. #11
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    There may be more so lets check


    Please download ATF Cleaner by Atribune to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
    Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  2. #12
    Member
    Join Date
    Jul 2008
    Posts
    36

    Default

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6491

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    02/05/2011 07:15:33
    mbam-log-2011-05-02 (07-15-33).txt

    Scan type: Quick scan
    Objects scanned: 156076
    Time elapsed: 3 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 5
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 22

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Srixiku (Trojan.Hiloti) -> Value: Srixiku -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tr700lqqcore.exe (Trojan.FakeAlert) -> Value: tr700lqqcore.exe -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Value: AntiVirus AntiSpyware 2011 -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus AntiSpyware 2011 Security (Trojan.FakeAlert) -> Value: AntiVirus AntiSpyware 2011 Security -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\documents and settings\Ash\start menu\Programs\antivirus antispyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\application data\antivirus antispyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    Files Infected:
    c:\WINDOWS\mfig32.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\application data\c3b7cc607230956ca4ae70e68afe1d84\tr700lqqcore.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\application data\antivirus antispyware 2011\antivirus antispyware.exe (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\application data\antivirus antispyware 2011\securitymanager.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\local settings\Temp\GLB1A2Br.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\start menu\Programs\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\start menu\Programs\antivirus antispyware 2011\help antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\start menu\Programs\antivirus antispyware 2011\activate antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\start menu\Programs\antivirus antispyware 2011\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\start menu\Programs\antivirus antispyware 2011\how to activate antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\Desktop\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\application data\microsoft\internet explorer\quick launch\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\application data\Adobe\plugs\kb10401562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\local settings\Temp\ppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\local settings\Temp\w32rim_mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\local settings\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\local settings\Temp\dffuck.exe (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\local settings\Temp\dwl_bqz.exe (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\application data\antivirus antispyware 2011\icoactivate.ico (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\application data\antivirus antispyware 2011\IcoHelp.ico (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\application data\antivirus antispyware 2011\icouninstall.ico (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
    c:\documents and settings\Ash\application data\antivirus antispyware 2011\securityhelper.exe (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

  3. #13
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Open Malwarebytes, check for updates and run it again to make sure its all clean

    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #14
    Member
    Join Date
    Jul 2008
    Posts
    36

    Default 2 infections found

    C:\Documents and Settings\Ash\Application Data\C3B7CC607230956CA4AE70E68AFE1D84\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
    C:\Documents and Settings\Ash\Application Data\C3B7CC607230956CA4AE70E68AFE1D84\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application

  5. #15
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You need to enable windows to Show all Files and Folders
    Instructions for your Operating System HERE

    See if you can delete this directory, if so leave it in the Recycle Bin for a few days and then if no problems you can empty it

    C:\Documents and Settings\Ash\Application Data\C3B7CC607230956CA4AE70E68AFE1D84
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #16
    Member
    Join Date
    Jul 2008
    Posts
    36

    Default

    Thank you Performance so far has been back to normal, with the exception of when I start up I get the following error message:

    Error loading: C:\WINDOWS\oyavipej.dll
    Specified file can not be found


    Though once I click 'okay' I have no issues.. so far anyways.

    (this was before removing the requested directory). The specified directory is now in recycle bin, I will see if there are any issues over the next few days. Thanks again for the help!

    Ash

  7. #17
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello Ash,

    That file was deleted but the registry run key is still trying to load it. Are you sure you spelled the name of the file correctly ?

    Download and Run SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :regfind
      oyavipej.dll
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #18
    Member
    Join Date
    Jul 2008
    Posts
    36

    Default

    Thank you again. Here is the log,

    SystemLook 04.09.10 by jpshortstuff
    Log created at 19:21 on 04/05/2011 by Ash
    Administrator - Elevation successful

    ========== regfind ==========

    Searching for "oyavipej.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dfemesiyo"="rundll32.exe "C:\WINDOWS\oyavipej.dll",Startup"

    -= EOF =-

  9. #19
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    This should stop that start up message, let me know if it did not

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dfemesiyo"=-
    Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

    If you saved the file correctly it should look like this
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #20
    Member
    Join Date
    Jul 2008
    Posts
    36

    Default

    Awesome, that worked and the error message is now gone. Thank you!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •