Sign in to follow this  
Ultrad321

My browser has been hijacked by search-daily.com! HELP!

Recommended Posts

Hey.Ultrad321

 

I would like to ask you, Do you have and know how to use the Recovery console? Give me this feedback so I may look for info on this for you. The problem here is that a lot of these great tools! we use can't will not work on your OS I've also had problems getting them to work on Vista as well.

 

Gogo ;)

Share this post


Link to post
Share on other sites

Hi.Ultrad321

 

An update here I have a number of other members looking into this for us both. So if you can hold on till I get an OK on what to do or not do next. Sorry about this but sometime an OS comes along and things go yahoo on fixes.

 

Gogo ;)

Share this post


Link to post
Share on other sites

I don't mind waiting, i have a paper to finish writing anyway ;)

 

by recovery console do you mean system restore? if not then I'm not sure what your talking about.

 

System restore is no option because the thing erased all my restore points prior to infection once it got on.

 

Yeah I have had problems before with this, microsoft is pretty crappy about supporting it well or trying to do anything about compatibility, even though it is supposed to run anything 32 bit as well due to the WOW/(x86) stuff, but sometimes people jsut dont write programs considering us 64 bit people and stuff just doesnt work.

 

I'll hang on till you find something new.

Share this post


Link to post
Share on other sites

One thing I have noticed is that my internet has become VERY slow, and my page file usage keeps increasing every day. could any of that have to do with all the fixer programs we have been using? a re they leaving processes going that are slowing things down? Or is that possibly the doings of ylcgcuoc.dat?

 

any suggestions? made any progress?

Share this post


Link to post
Share on other sites

Hi.Ultrad321

 

Sorry for having you standing around for a fix here. But we are trying to find one for you.

 

Download gmer.zip and save to your desktop.

alternate download site 1

alternate download site 2

  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.

Run Gmer again and click on the Rootkit tab.

  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"

Important! Please do not select the "Show all" checkbox during the scan..

 

Gogo :)

Share this post


Link to post
Share on other sites

sorry its taking me so long to reply but i have my last paper of the semester due wednesday after noon (today as of 2 hours ago) so i cant free up my compter to scan til then prolly like 3 or so. dont give up on me, just hang on till i can finish this paper :)

Edited by Ultrad321

Share this post


Link to post
Share on other sites

Hey.Ultrad321

 

No it's the other way around don't you.Give up on me, also best of luck with last paper for this semester. Take your time I or someone will always be here.

 

Gogo ;)

Share this post


Link to post
Share on other sites

i pretty much have tonight only for a while to work on the computer, cuz after that i will be gone on christmas break for pretty much almost 2 months. so if we cant get it fixed tonight i will just come back here the next time i can, i hope i am not all forgotten by then.

 

anyway, gmer gives me a message:

 

Loaded GMER's driver version is incompatible with the currently running GMER application. you need to stop the driver with the command "net stop gmer" or restart your computer

 

i have tried both, restarting jsust brings the messsage up again,

 

and i checked the boxes you said after clicking away that messsage, and for some reason the firs box comes unchecked,

the only way i have the option to scan is to do it on the first messsage that pops up. so i will try that. it is detecting a hidden process though.

Share this post


Link to post
Share on other sites

ran the scan from the first menu popup asking me to scan.

 

it warned it found rootkit activity. it found a hidden process that it labeled red.

 

it does not specifify the process, but i think it is our old friend ylcgquoc.

 

i will await futher instructions. here is the log of the scan that i was able to run, even though i dont thinkis the full scan or exactly the one you wanted, but its all i could get. if that hidden process is ylcquoc i hope this program can kill it.

 

GMER 1.0.13.12551 - http://www.gmer.net

Rootkit scan 2007-12-13 23:26:10

Windows 5.2.3790 Service Pack 2

 

 

---- Kernel code sections - GMER 1.0.13 ----

 

? \WINDOWS\system32\BOOTVID.dll The system cannot find the file specified.

? \WINDOWS\system32\DRIVERS\1394BUS.SYS The system cannot find the file specified.

? \WINDOWS\system32\DRIVERS\CLASSPNP.SYS The system cannot find the file specified.

? \WINDOWS\system32\DRIVERS\PCIIDEX.SYS The system cannot find the file specified.

? \WINDOWS\system32\DRIVERS\WMILIB.SYS The system cannot find the file specified.

? \WINDOWS\system32\hal.dll The system cannot find the file specified.

? \WINDOWS\system32\KDCOM.DLL The system cannot find the file specified.

? \WINDOWS\system32\ntoskrnl.exe The system cannot find the file specified.

? ACPI.sys The system cannot find the file specified.

? atapi.sys The system cannot find the file specified.

? crcdisk.sys The system cannot find the file specified.

? disk.sys The system cannot find the file specified.

? dmio.sys The system cannot find the file specified.

? dmload.sys The system cannot find the file specified.

? fltmgr.sys The system cannot find the file specified.

? ftdisk.sys The system cannot find the file specified.

 

---- Processes - GMER 1.0.13 ----

 

Process hidden process (*** hidden *** ) 16781312

 

---- Kernel code sections - GMER 1.0.13 ----

 

? isapnp.sys The system cannot find the file specified.

? KSecDD.sys The system cannot find the file specified.

? MountMgr.sys The system cannot find the file specified.

? Mup.sys The system cannot find the file specified.

? NDIS.sys The system cannot find the file specified.

? Ntfs.sys The system cannot find the file specified.

? nvata64.sys The system cannot find the file specified.

? nvatabus.sys The system cannot find the file specified.

? ohci1394.sys The system cannot find the file specified.

? PartMgr.sys The system cannot find the file specified.

? pci.sys The system cannot find the file specified.

? pciide.sys The system cannot find the file specified.

? sr.sys The system cannot find the file specified.

? System32\ati2cqag.dll The system cannot find the file specified.

? System32\ati2dvag.dll The system cannot find the file specified.

? System32\ati3duag.dll The system cannot find the file specified.

? System32\atikvmag.dll The system cannot find the file specified.

? System32\atiokax2.dll The system cannot find the file specified.

? System32\ativvaxx.dll The system cannot find the file specified.

? System32\drivers\afd.sys The system cannot find the file specified.

? system32\DRIVERS\amdk8.sys The system cannot find the file specified.

? system32\DRIVERS\arp1394.sys The system cannot find the file specified.

? system32\DRIVERS\atinavt2.sys The system cannot find the file specified.

? system32\DRIVERS\audstub.sys The system cannot find the file specified.

? system32\DRIVERS\BdaSup.SYS The system cannot find the file specified.

? System32\Drivers\Beep.SYS The system cannot find the file specified.

? system32\DRIVERS\CdaC15BA.sys The system cannot find the file specified.

? system32\DRIVERS\CdaD10BA.sys The system cannot find the file specified.

? System32\Drivers\Cdfs.SYS The system cannot find the file specified.

? system32\DRIVERS\cdrom.sys The system cannot find the file specified.

? System32\drivers\Dxapi.sys The system cannot find the file specified.

? System32\drivers\dxg.sys The system cannot find the file specified.

? system32\DRIVERS\fdc.sys The system cannot find the file specified.

? System32\Drivers\Fips.SYS The system cannot find the file specified.

? System32\Drivers\Fs_Rec.SYS The system cannot find the file specified.

? System32\Drivers\HTTP.sys The system cannot find the file specified.

? system32\DRIVERS\i8042prt.sys The system cannot find the file specified.

? system32\DRIVERS\imapi.sys The system cannot find the file specified.

? system32\DRIVERS\ipnat.sys The system cannot find the file specified.

? system32\DRIVERS\ipsec.sys The system cannot find the file specified.

? system32\DRIVERS\kbdclass.sys The system cannot find the file specified.

? system32\drivers\kmixer.sys The system cannot find the file specified.

? system32\drivers\ks.sys The system cannot find the file specified.

? system32\drivers\ksthunk.sys The system cannot find the file specified.

? System32\Drivers\mnmdd.SYS The system cannot find the file specified.

? system32\DRIVERS\mouclass.sys The system cannot find the file specified.

? system32\DRIVERS\mrxdav.sys The system cannot find the file specified.

? system32\DRIVERS\mrxsmb.sys The system cannot find the file specified.

? System32\Drivers\Msfs.SYS The system cannot find the file specified.

? system32\DRIVERS\msgpc.sys The system cannot find the file specified.

? system32\DRIVERS\mssmbios.sys The system cannot find the file specified.

? system32\DRIVERS\ndistapi.sys The system cannot find the file specified.

? system32\DRIVERS\ndisuio.sys The system cannot find the file specified.

? system32\DRIVERS\ndiswan.sys The system cannot find the file specified.

? System32\Drivers\NDProxy.SYS The system cannot find the file specified.

? system32\DRIVERS\netbios.sys The system cannot find the file specified.

? system32\DRIVERS\netbt.sys The system cannot find the file specified.

? system32\DRIVERS\nic1394.sys The system cannot find the file specified.

? System32\Drivers\Npfs.SYS The system cannot find the file specified.

? System32\Drivers\Null.SYS The system cannot find the file specified.

? system32\drivers\nvapu64.sys The system cannot find the file specified.

? system32\drivers\nvarm64.sys The system cannot find the file specified.

? system32\drivers\nvax64.sys The system cannot find the file specified.

? system32\DRIVERS\NVENETFD.sys The system cannot find the file specified.

? system32\drivers\nvmcp64.sys The system cannot find the file specified.

? system32\DRIVERS\nvnetbus.sys The system cannot find the file specified.

? system32\DRIVERS\NVNRM.SYS The system cannot find the file specified.

? system32\DRIVERS\NVSNPU.SYS The system cannot find the file specified.

? system32\drivers\portcls.sys The system cannot find the file specified.

? system32\DRIVERS\psched.sys The system cannot find the file specified.

? system32\DRIVERS\ptilink.sys The system cannot find the file specified.

? system32\DRIVERS\rasacd.sys The system cannot find the file specified.

? system32\DRIVERS\rasl2tp.sys The system cannot find the file specified.

? system32\DRIVERS\raspppoe.sys The system cannot find the file specified.

? system32\DRIVERS\raspptp.sys The system cannot find the file specified.

? system32\DRIVERS\raspti.sys The system cannot find the file specified.

? system32\DRIVERS\rdbss.sys The system cannot find the file specified.

? System32\DRIVERS\RDPCDD.sys The system cannot find the file specified.

? system32\DRIVERS\rdpdr.sys The system cannot find the file specified.

? system32\DRIVERS\redbook.sys The system cannot find the file specified.

? system32\DRIVERS\secdrv.sys The system cannot find the file specified.

? system32\DRIVERS\srv.sys The system cannot find the file specified.

? system32\DRIVERS\swenum.sys The system cannot find the file specified.

? system32\drivers\sysaudio.sys The system cannot find the file specified.

? system32\DRIVERS\tcpip.sys The system cannot find the file specified.

? system32\DRIVERS\TDI.SYS The system cannot find the file specified.

? system32\DRIVERS\termdd.sys The system cannot find the file specified.

? system32\DRIVERS\USBD.SYS The system cannot find the file specified.

? system32\DRIVERS\usbehci.sys The system cannot find the file specified.

? system32\DRIVERS\usbhub.sys The system cannot find the file specified.

? system32\DRIVERS\usbohci.sys The system cannot find the file specified.

? system32\DRIVERS\USBPORT.SYS The system cannot find the file specified.

? System32\drivers\vga.sys The system cannot find the file specified.

? system32\DRIVERS\VIDEOPRT.SYS The system cannot find the file specified.

? system32\DRIVERS\wanarp.sys The system cannot find the file specified.

? system32\DRIVERS\watchdog.sys The system cannot find the file specified.

? system32\drivers\wdmaud.sys The system cannot find the file specified.

? System32\win32k.sys The system cannot find the file specified.

? volsnap.sys The system cannot find the file specified.

 

---- EOF - GMER 1.0.13 ----

Share this post


Link to post
Share on other sites

Hi.Ultrad321

 

Nope sorry to say looks like this thing does not want to go. All I can think about right now is this tool. But make sure when you go to upload the results that you place it in a zip file or folder, or you will not be able to upload for me.

 

* Download avz4en.zip from here

* Save it to your desktop and unzip it to a folder on your desktop

* Double click on AVZ.exe to run it.

* Choose from the menu "File" => "System Investigation"

* Close all windows except for AVZ

* Click on "Start" and save the report to your desktop.

* Let the scan run and click "No" on the right when it asks you if you want to view it.

* Upload the report you saved on your desktop onto this site in your next reply.

 

Gogo :D

Share this post


Link to post
Share on other sites
Sign in to follow this