bamajim

Volunteer Security Advisor
  • Content Count

    339
  • Joined

  • Last visited

Community Reputation

0 Neutral

3 Followers

About bamajim

  • Rank
    Advanced Member
  1. indy666 The CFScript file didn't work. Did you save the CFScript file to your Desktop and drag it into Combofix? Please doulble check the name it was saved as, and check to make sure the items were copied and pasted into Notepad. 2. Are you fimilar with that program ProtectService ?
  2. indy666 2 Things: 1. Open NotePad (not wordpad). Copy and paste the following into Notepad File:: C:\WINDOWS\fmark2.dat C:\WINDOWS\f49f4daa.dat Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b2fbbc-a8ff-11d9-bd06-000ce581fb3b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9db6d614-708e-11d9-bc5a-f037e038276d}] Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop Using the Image as a reference, drag CFScript into ComboFix.exe You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply 2. You have a suspicious program and file Iwould like to look at Please go HERE Put Your Name, and LavaSoft HJT forum and In the file to submit box, click Browse. Locate the file C:\Program Files\ProtectService\ProtectService.exe In the comments tell them that I asked you to upload the file Then Select Send File.
  3. guskusy You may now remove/delete/uninstall the tools we used to clean your PC Now that your log is clean There are some final notes: Lets create a clean System Restore point the instructions are here Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6.u7. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u7-windowsi586-p.exe to install the newest version. Update your Anti Virus Software Use and maintain a Firewall Visit Microsoft's Windows Update Site Frequently for critical updates Backup your Important Documents and Files on a regular basis To a disc or a USB key, not your Hardrive You may want to read this article"So how did I get infected in the first place" by Tony Klein surf safe
  4. indy666 Please download Combofix and save to your desktop: Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.
  5. quskusy It is possible, some of these infections can damage legit files. Once we are finished you mat want to address that issue with Firfox support Here. One more check Please perform an Ewido Online Malware Scan When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download. Click on Start Scan. after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread If any infections are found, (After you save the logfile), Click on Remove Infections.
  6. indy666 1. We are going to use Killbox again 1) Double Click Killbox.exe to run it 2)Select "Delete on Reboot", and then select "All files". 3) Copy the file names below to the clipboard by highlighting them and pressing Control-C: c:\windows\kenny16.exe C:\WINDOWS\system32\846888\846888.dll C:\WINDOWS\system32\846888 4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard". 5) Click the red-and-white "Delete File" button.  Click "Yes" at the Delete on Reboot prompt. 2. Untill you decide on the purchase of an Anti Virus program, lets download and use this one. Its free. Go HERE and download and install AVG8 (Free version) Update it, and do a full system scan. Allow it to fix what ever it finds. Once Done; Reboot your PC ->> Rerun Hiajckthis and post a fresh Hijackthis log.
  7. indy666 We have a few new things to deal with here. Do you still have Killbox that we used earlier ? What are you using for a resident Anti Virus program ?
  8. indy666 You may now remove/delete/uninstall the tools we used to clean your PC Now that your log is clean There are some final notes: Lets create a clean System Restore point the instructions are here Update your Anti Virus Software Use and maintain a Firewall Visit Microsoft's Windows Update Site Frequently for critical updates Backup your Important Documents and Files on a regular basis To a disc or a USB key, not your Hardrive You may want to read this article"So how did I get infected in the first place" by Tony Klein surf safe
  9. indy666 How's your PC running now? One more check and I thinbk we are there Please perform an Ewido Online Malware Scan When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download. Click on Start Scan. after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread If any infections are found, (After you save the logfile), Click on Remove Infections.
  10. indy666 1. Rerun Killbox At the main window Select Tools ->> Delete Temp Files At the next window uncheck XP Prefetch Leave the other boxes checked Select "Delete Selected Temp Files" Allow the tool to run. When it is finished (You will know that it is finished because the checks will disappear from the location boxes) Select "Exit" Then Select "Exit" again to close Killbox 2. Reset the desktop components Click Start ->> Control Panel ->> Display. Another window will open Under the Desktop tab Select Customize Desktop Another window will open Under the Web tab delete everything in the Web pages box except "My current Home Page" Then Select O.k.->> Then Apply ->> Then O.K. 3. Rerun Hijackthis (scan only) and place checks beside the following entries O21 - SSODL: fGjlXx - {34A88298-9E02-2832-6050-50B063EA441E} - C:\WINDOWS\system32\ycjkg.dll (file missing) Close all other open windows except Hijackthis and Select "Fix checked" Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log
  11. indy666 We have a stubborn file there. 1. Please download the Killbox. 1)Save it to the desktop 2) Rt Click->>Extract all->.Extract it to your Desktop 3) Double Click Killbox.exe to run it 4)Select "Delete on Reboot", and then select "All files". 5) Copy the file names below to the clipboard by highlighting them and pressing Control-C: C:\WINDOWS\system32\ycjkg.dll 6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard". 7) Click the red-and-white "Delete File" button.  Click "Yes" at the Delete on Reboot prompt. 2. Reboot your PC ->> Rerun Hijackthis and post a fresh Hiajckthis log
  12. guskusky You are mwelcome. 1. Rerun Hijackthis (scan only) and place checks beside the following entries R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdhda.exe] C:\WINDOWS\system32\kdhda.exe O4 - HKCU\..\Run: [braviax] "C:\WINDOWS\system32\braviax.exe" O20 - AppInit_DLLs: karina.dat Close all other open windows except Hijackthis and Select "Fix checked" Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log
  13. indy666 Again, with AdWatch disabled 1. Please download HostsXpert 4.0 - Hosts File Manager And Save it to your Desktop Rt Click Hoster.zip->>Extract all->>Extract it to your Desktop (or your C:\ drive) Open The Hoster folder->>Double Click HostsXpert.exe When the program Opens Click The "Restore MS Hosts File" button in the left pane. Then select "Restore Original Hosts" when prompted. Close the Hoster program when complete Note: If you were using a custom Hosts file you will need to replace any of those entries yourself. 2. Rerun Hijackthis (scan only) and place checks beside the following entries R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.srhqnvxmtgzzbwmqbnycax.biz/CL/s...nHhvFiaZ6Yv.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...www.yahoo.co.uk R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet O1 - Hosts: xJþ ˆþ O1 - Hosts: þ  O1 - Hosts: à I0ˆ>000˜0˜0 0 0¨0¨0°0°0¸0¸0À0À0È0 È0Ð0Ð0Ø0Ø0à 0à 0è0è0ð0ð0ø0ø0 ˆ000˜0˜0 0 0¨0¨0°0°0¸0¸0À0À0È0 È0Ð0Ð0Ø0Ø0à 0à 0è0è0ð0ð0ø0ø0 O1 - Hosts: 0˜0˜0 0 0¨0¨0°0°0¸0¸0À0À0È0È0Ð0 Ð0Ø0Ø0à 0à 0è0è0ð0ð0ø0ø0 O2 - BHO: QXK Olive - {067E8B3C-B42B-401C-AC59-6A5E1C119E4D} - C:\WINDOWS\twmxbsqrotm.dll (file missing) O2 - BHO: (no name) - {1EC87554-ADF2-5994-8301-EA860759C8E7} - C:\PROGRA~1\GREY2C~1\gpl enc.exe (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SuperBar - {DD9ED457-6D9E-4084-B6EE-F7C56EB06F23} - C:\Program Files\SuperBar\SuperBar.Dll (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: rafbsvnx - {55393806-FF55-4D17-A1A5-4549B8ECFCB1} - C:\WINDOWS\rafbsvnx.dll (file missing) O4 - HKLM\..\Run: [seekCdromTwoLong] C:\Documents and Settings\All Users.WINDOWS\Application Data\Bend camp seek cdrom\build show.exe O4 - HKLM\..\Run: [WindowsXP Module] C:\WINDOWS\DirectX3D.exe O4 - HKLM\..\Policies\Explorer\Run: [systemManager] C:\WINDOWS\system32\settecalphadisc.exe O21 - SSODL: fGjlXx - {34A88298-9E02-2832-6050-50B063EA441E} - C:\WINDOWS\system32\ycjkg.dll Close all other open windows except Hijackthis and Select "Fix checked" Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log
  14. jerojero We have a hidden loader. The file appears under a different name every time you reboot is why you cannot find it. Please download Combofix and save to your desktop: Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.