32788R22FWJFW
#1
Posted 27 February 2012 - 09:31 PM
Register to Remove
#2
Posted 28 February 2012 - 05:48 PM
My name is Richard and I'll be happy to help you with your computer problems.
Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.
Please note the following:
- The cleaning process is not instant as logs can take time to research. Sit tight and please be patient.
- I will be working on your malware issues. This may or may not solve other issues you may have with your system.
- While we are fixing your problems, do NOT install/re-install any programs or run any fixes or scanners unless told to do so.
- Ensure that your anti-virus definitions are up-to-date.
- I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive.
- Do not back up any Applications (programs). These should be re-installed from the original source CD(s) or website(s).
- During the course of our cleanup, please do not do any additional online work or surfing until we have verified that your system is clean.
- I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.
- Be sure to follow the directions and run tools/scans in the order listed.
- If you do not reply to your topic, it will be closed after 3 days.
Regards,
Richard
#3
Posted 01 March 2012 - 07:21 AM
If a ComboFix log was produced, please post that.
ComboFix logs are located at c:\ComboFix.txt, while older logs are at c:\Qoobox\ComboFix2.txt, c:\Qoobox\ComboFix3.txt, etc.
Next
Download DDS by sUBs to your desktop.
Disable any script blocker/antivirus software temporarily.
- Double click DDS.scr to run it and wait for the scan to finish
- When finished DDS.txt will open
- At the next prompt, press Yes
- DDS will continue scanning
- When done, Attach.txt will open
- Save both reports to your Desktop.
- Please post the contents of the logs in your next reply.
GMER Rootkit Scanner
---------------
Download GMER Rootkit Scanner from here to to your Desktop. It will be a randomly named executable.
- Double click the exe file. If asked to allow gmer.sys driver to load, please consent.
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
- In the right panel, you will see several boxes that have been checked. uncheck the following:
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your Desktop, and attach it in reply.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
In your next reply, please provide the following:
- ComboFix log.
- DDS.txt
- attach.txt
- GMER log.
Regards,
Richard
#4
Posted 01 March 2012 - 11:17 PM
#5
Posted 01 March 2012 - 11:34 PM
Attached Files
#6
Posted 02 March 2012 - 10:49 AM
Attached Files
#7
Posted 02 March 2012 - 12:00 PM
Please download DeFogger to your Desktop.
- Double-click DeFogger to run the tool.
- The application window will appear.
- Click the Disable button to disable your CD Emulation drivers.
- Click Yes to continue.
- A 'Finished!' message will appear.
- Click OK.
- DeFogger will now ask to reboot the machine - click OK.
Do not re-enable these drivers until otherwise instructed.
Regards,
Richard
#8
Posted 02 March 2012 - 06:06 PM
COMBOFIX
---------------
Please download ComboFix from one of the following locations:
- Location #1
- Location #2
***IMPORTANT!!! Save the file as Sheriff.exe to your Desktop. It is important you rename ComboFix during the download, but not after. In the event that you already have ComboFix, this is a new version that I need you to download. - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
- Double click on Sheriff.exe and follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a Congratulations!!! message.
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\Sheriff.txt in your next reply.
WARNING: ComboFix will disconnect your machine from the Internet as soon as it starts.
- Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
- If there is no internet connection after running ComboFix, then restart your computer to restore back your connection.
- ComboFix log.
Regards,
Richard
#9
Posted 07 March 2012 - 08:05 AM
#10
Posted 07 March 2012 - 11:50 PM
Attached Files
#11
Posted 09 March 2012 - 08:17 AM
I recommend keeping internet use to a minimum while we work together to reduce the risk of further infection which can worsen the state of the computer.
Next
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
- Double-click the SystemLook and copy/paste the following into the box:
:dir C:\annicka2 :regfind ambuhelper1 :filefind niEJngRwieOhYh.exe *Moozy* :folderfind *Moozy*
- Click the Look button. Let it finish the scan.
- When finished, a notepad window will open with the results of the scan. Post the content of the log here in your next reply.
In your next reply, please provide the following:
- SystemLook log.
- Update on how your PC is running.
Regards,
Richard
#12
Posted 09 March 2012 - 08:59 PM
Attached Files
#13
Posted 10 March 2012 - 09:35 AM
Please do not update the computer at this time. I will tell you when it is safe to update.
It is very important that you install all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and IE up to date will help make you less susceptible to future malware infections.
Before we start: The following steps involve modifying the registry. Modifying the registry can be dangerous (and can render your system unbootable) so it's advisable that you make a backup of the registry before proceeding.
First, please backup your Registry with ERUNT.
- Please go here to download ERUNT.
- For version with the Installer: Use the setup program to install ERUNT on your computer.
- For the zipped version: Unzip all the files into a folder of your choice.
Note: To restore your registry, go to the folder and start ERDNT.exe
Next
Please download OTM by OldTimer.
- Save it to your desktop.
- Please click OTM and then click >> run.
- Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes explorer.exe :Reg [-HKEY_CURRENT_USER\Software\ambuhelper1] [-HKEY_USERS\S-1-5-21-1606980848-1708537768-725345543-1003\Software\ambuhelper1] :Files c:\program files\Moozy :Commands [purity] [emptytemp] [start explorer] [Reboot]
- Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTM
Next
Please post a fresh DDS log so I can review it.
In your next reply, please provide the following:
- OTM log.
- DDS log.
Regards,
Richard
#14
Posted 16 March 2012 - 08:59 AM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users