Got infected on 9/1 and have tried SDFIX, MBAM, Spybot S&D, HJThis fixes among others but to no avail. What seems like success has ended with reinfection when connecting internet cable to PC. Hopefully I haven't created a huge mess, and your trained eyes can still provide support.
I saved combofix as "alg.exe". And ran ComboFix, which appeared to be working fine until running into a problem at the very end when attempting to generate a log file. Notepad pops up and a window says "Cannot find the \ComboFix.txt file. Do you want to create a new file?" When I click yes nothing happens and I am left with a blank notepad. Also interestingly, the Combofix which i had saved as "alg.exe" reverts back to "Combofix" on the desktop.
Ps. I clicked no for installing the Microsoft windows recovery console part, is that the issue?
Thank you in advance for helping me. I am hopeful and looking forward to your guidance.
1. With my network cable disconnected, I ran combofix in SafeMode and it was quickly interrupted by a pop up window stating "ComboFix is uninstalled". I click "Ok" and the file is removed from the desktop
2. I tried downloading combofix again. But this time I saved is as "alg1". Previously, I had saved as combofix and renamed file to alg when dragging to desktop. The 2nd try worked! Unfortunately, the computer restarted in normal mode, and gets snagged by the "Cannot find the \ComboFix.txt file. Do you want to create a new file?" when combofix tries to create log file. >__< I will try to force a safemode load after combofix restarts system to see if that will resolve issue.
3. From what I saw on the screen, it looks like my infections consist of braviax/cru629/beep/wisd* something.
4. As it is getting late, I will post this update for now, and the combofix log shortly if the safe mode restart method is successful.
5. I will be likely home tomorrow at 5-6pm PST for more thorough updates/investigation if you happen to be available as well.
Ack, so this time in safe mode it didn't restart but met the same error when attempting to create a log at the end of the scan. "Cannot find the \ComboFix.txt file. Do you want to create a new file?" Clicking yes/no/cancel all ends up with a blank opened txt file titled ComboFix. I tried pasting (control V) but nothing on the clipboard.
I did see an odd directory C:\Qoobox which had the following files: Folder: BackEnv Folder: Quarantine txt: Add-remove Programs txt: ComboFix-quarantined-files file: LogA Dat: SnapShot@2009-09-04_08.02.18
The timestamps on these files seem to match a few minutes after I completed scan so I think they are related. Here is what was in the combofix quarantined files txt:
Back home. Current update is that I still have a red suspicious icon "You computer is infected!" as well as PC Antispyware 2010 pop ups; i think the reason is i connected back to the internet to post this log.
Posted DDS as well as attached Attached as a RAR (I don't think i have winzip, hope that is ok) file.
DDS (Ver_09-07-30.01) - NTFSx86 Run by Roger Yei at 12:37:23.18 on Fri 09/04/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.620 [GMT -7:00]
Begin copying here: Files to delete: c:\windows\system32\dllcache\figaro.sys c:\windows\braviax.exe c:\windows\system32\cru629.dat c:\windows\cru629.dat c:\windows\system32\wisdstr.exe c:\windows\system32\dllcache\beep.sys c:\windows\system32\braviax.exe c:\windows\powe.dat c:\windows\yfoqe.db c:\program files\common files\ofovono.dat c:\windows\amobucypu.db c:\windows\Jyowocixaf.dat c:\windows\system32\sys32_nov.exe Folders to delete: C:\TEMP Registry keys to replace with dummy: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs
Copy/Paste all the textin the above codebox into the main window
Click Execute
The Avenger will automatically do the following:
It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions.
This log file will be located atC:\avenger.txt
Please download Malwarebytes' Anti-Malware: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html to your desktop. Save it as - smss.exe Double-click smss.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform full scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
NB. If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Please post malwarebyte log, along with C:\avenger.txt
Currently it is Wednesday, March 17, 2010 8:52 PM (GMT +1) There are a total of 76.277 posts in 17.610 threads. In the last 3 days there were 11 new threads and 60 reply posts. View Active Threads
Who's Online
This forum has 31151 registered members. Please welcome our newest member, kas. 27 Guest(s), 2 Registered Member(s) are currently online. Details taty03, booboo1
|