 [Closed] Malwarebytes Targeted, Same problem as before despite new har, Seriously not playing a joke |
Welcome to What the Tech! Register for a free account, or login > How does it work? We specialize in the removal of malicious software (malware),but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn.
Spyware, Virus, Trojan, Rootkit? Remove malware -> Read this before posting a hijackthis log • Need help starting a new topic?
To avoid confusion, please do not post your question in someone else's topic. Start your own. Stay with your original topic when posting a follow up.  |
 Oct 17 2009, 10:45 AM
Post
#31
|
|
|
Authentic Member  Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP  |
|
 |
 
|
|
Oct 17 2009, 10:48 AM
Post
#32
|
|
 Classroom Administrator  Group: Classroom Admin Posts: 12,733 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3 
|
OK,
no problem, thanks for letting me know |
|
|
|
|
Oct 25 2009, 02:27 AM
Post
#33
|
|
|
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP |
This past week has been hell for me. Just incredibly busy with school and family stuff that popped up. I'm not going to bore you with the details of why I was busy though.
Everything looked fine on the computer and everything was working properly until three days ago. The computer started siplaying the pop up windows again and at first, I just thought it was a "normal" virus and I ran Malwarebytes which was still there. I say still there, because now the .exe doesn't display, just like before, and the pop ups have become worse. |
|
|
|
|
Oct 25 2009, 06:32 AM
Post
#34
|
|
|
Classroom Administrator Group: Classroom Admin Posts: 12,733 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3
|
Hi,
Were you ever able to find out how to disable / remove mcAfee from your system. While it is still enabled it is probably interfering in the fixes we are doing: Please do the following: Download OTS to your Desktop
Please attach the log in your next post. To attach a file, do the following:
|
|
|
|
to insert the attachment into your post|
Oct 25 2009, 07:00 AM
Post
#35
|
|
 Forum God Group: Root Admin Posts: 51,696 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276
|
QUOTE This is a school computer, QUOTE C:\Documents and Settings\jmart366\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe Sorry to butt in here but as Technician at a school district, I need ask a few questions. Are you allowed to work on the schools computers? Do you have domain / network administrators? This type of infection should have been prevented at the server / domain level. You had this infection before and replaced the hard drive. It's possible your network is infected. Have you reported this? Why would a P2P program like LimeWire be allowed on your computers? |
|
|
|
|
Oct 25 2009, 03:24 PM
Post
#36
|
|
|
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP |
I attempted the scan, but part way through it, I got blue screened and was forced to restart the computer. I'll attempt it again once I finish this post.
LDTate: We are allowed to download and use whatever programs we wish on the computer. I have Windows Live Messenger on this computer as well as AIM, which didn't come with the computer. We're allowed to use what we wish. The campus' network somehow has limewire or any P2P/torrent download program blocked, so its impossible to use them on campus. |
|
|
|
|
Oct 25 2009, 05:42 PM
Post
#37
|
|
|
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP |
OTS.txt is attached. After the scan was completed, it displayed the OTS.txt. Then the computer forced a reboot on me, but so far, nothing seems to be worse.
Also, McAfee's viruscan found and deleted a "y.exy"
Attached File(s)
|
|
|
|
|
Oct 25 2009, 08:07 PM
Post
#38
|
|
|
Classroom Administrator Group: Classroom Admin Posts: 12,733 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3
|
Hi,
Please do the following: Start OTS Copy/Paste the information inside the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button. QUOTE [Kill All Processes] [Unregister Dlls] [Processes - Safe List] YY -> askupgrade.exe -> C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe YY -> askservice.exe -> C:\Program Files\AskBarDis\bar\bin\AskService.exe [Win32 Services - Safe List] YY -> (ASKUpgrade) ASKUpgrade [Win32_Own | Auto | Running] -> C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe YY -> (ASKService) ASKService [Win32_Own | Auto | Running] -> C:\Program Files\AskBarDis\bar\bin\AskService.exe [Modules - Safe List] YY -> fopihofu.dll -> C:\WINDOWS\System32\fopihofu.dll YY -> siyizene.dll -> C:\WINDOWS\System32\siyizene.dll [Registry - Safe List] < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ YY -> {201f27d4-3704-41d6-89c1-aa35e39143ed} [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [AskBar BHO] YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] YY -> {c2b6d7b0-a02f-48eb-9f08-f1ebbf51fb0a} [HKLM] -> C:\WINDOWS\System32\fetuboji.dll [Reg Error: Value error.] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar YY -> "{3041d03e-fd4b-44e0-b742-2d9b88305f98}" [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YY -> "veluhepoj" -> C:\WINDOWS\System32\fopihofu.DLL [Rundll32.exe "c:\windows\system32\fopihofu.dll",a] YY -> "yojududabo" -> C:\WINDOWS\System32\siyizene.dll [Rundll32.exe "siyizene.dll",s] < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad YY -> "{97cfe1bc-b455-49a0-9195-db27a6de3a21}" [HKLM] -> C:\WINDOWS\System32\fopihofu.dll [mifigakal] < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler YY -> "{97cfe1bc-b455-49a0-9195-db27a6de3a21}" [HKLM] -> C:\WINDOWS\System32\fopihofu.dll [gahurihor] [Files/Folders - Created Within 30 Days] NY -> AskBarDis -> C:\Program Files\AskBarDis NY -> 10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp [Files/Folders - Modified Within 30 Days] NY -> hikuline -> C:\WINDOWS\System32\hikuline NY -> 7 C:\Documents and Settings\jmart366\Local Settings\temp\*.tmp files -> C:\Documents and Settings\jmart366\Local Settings\temp\*.tmp NY -> 5 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp NY -> 10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp [Files - No Company Name] NY -> fopihofu.dll -> C:\WINDOWS\System32\fopihofu.dll NY -> tisawipu.dll -> C:\WINDOWS\System32\tisawipu.dll NY -> yonubima.dll -> C:\WINDOWS\System32\yonubima.dll NY -> defubigo.dll -> C:\WINDOWS\System32\defubigo.dll NY -> votifiwa.dll -> C:\WINDOWS\System32\votifiwa.dll NY -> siyizene.dll -> C:\WINDOWS\System32\siyizene.dll NY -> fetuboji.dll -> C:\WINDOWS\System32\fetuboji.dll NY -> siliyada.dll -> C:\WINDOWS\System32\siliyada.dll NY -> torayowo.dll -> C:\WINDOWS\System32\torayowo.dll [Empty Temp Folders] [Start Explorer] [Reboot] The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply. If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply. |
|
|
|
|
Oct 26 2009, 04:17 PM
Post
#39
|
|
|
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP |
For some reason copy and paste have been disabled, so I have to type it out in the box. I don't know if I should do that or not, there might be some minor thing that I miss that messes up everything, so I'll wait for your input.
This post has been edited by Mirrodin: Oct 26 2009, 04:19 PM |
|
|
|
|
Oct 26 2009, 04:23 PM
Post
#40
|
|
|
Classroom Administrator Group: Classroom Admin Posts: 12,733 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3
|
Hi
Try using the keyboard shortcuts to copy and paste Ctrl +A to select all the text Ctrl +C to copy it Ctrl +V to paste it into OTS |
|
|
|
|
Oct 26 2009, 04:44 PM
Post
#41
|
|
|
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP |
I tried the shortcuts as well. Nothing has worked.
|
|
|
|
|
Oct 26 2009, 04:45 PM
Post
#42
|
|
|
Classroom Administrator Group: Classroom Admin Posts: 12,733 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3
|
Try it in safe mode
|
|
|
|
|
Oct 26 2009, 05:03 PM
Post
#43
|
|
|
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP |
Will do.
|
|
|
|
|
Oct 26 2009, 05:34 PM
Post
#44
|
|
|
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP |
When in safe mode, I can't access the internet so I can't really get to the info. I'm guessing save the page as an HTML page or something?
|
|
|
|
|
Oct 26 2009, 05:48 PM
Post
#45
|
|
|
Classroom Administrator Group: Classroom Admin Posts: 12,733 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3
|
No,
Does your safe mode with networking not allow you to connect? I am uploading a batch fix for you extract it to your desktop, click on the fix.bat icon it will only take a moment to run. A notepad should open when complete. See if your ability to copy./paste returns once it's done. [attachment=5919:fix.zip] |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Time is now: 9th September 2010 - 01:49 AM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
