Hello!
Thanks for you help. I hope your real life problems were easier to fix then this piece of malware has been.
You are welcome. I am truly sorry for the delay. Yes it was easily solved.
The system is running mostly normal. The restore from backup utilities won't load anymore. I don't know if that was the virus or something that got hosed while trying to remove it.
That could be the case.
I noticed that you had combofix send a sample of the infected file out for analysis. Who exactly gets the file and which utility will be updated to kill it in the future? It is a bit unnerving that at least three different antivirus programs failed to detect this thing.
Thes files will go to the author of Combofix so he can add them to Combofix. Some files also be shared with antivirus companies. Well no antivirus program is 100% secure unfornately.
I'm ready to format and start over.
If you want to do this i fully understand. Sometimes it is best way. let me know what you want to do?
Run CFScript
- Close any open browsers.
- Open Notepad by click start
- Click Run
- Type notepad into the box and click enter
- Notepad will open
- Copy and Paste everything from the Code box into Notepad:
Code:
File::
C:\FOUND.007
c:\windows\system32\geyekrjwmeoxta.dll
c:\windows\system32\geyekrornmbpxe.dll
c:\windows\system32\geyekrnrndxrqt.dat
c:\windows\system32\geyekrxfenxvmc.dll
c:\windows\system32\geyekrapjdskvl.dat
c:\windows\system32\geyekrbuhylhmn.dll
c:\windows\system32\drivers\geyekrtivmlkya.sys
Driver::
geyekrttvogrql
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrttvogrql]
RegLockDel::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrttvogrql]
- Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)
- Refering to the picture below, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.
Next Reply
Please reply with:
- ComboFix log (found at C:\Combofix.txt)
- New HijackThis log