My daughter got this Antivirus 2009 infection on her machine. I ran the latest spybot and adaware programs. Adware appeared to have cleaned the infection, however, the machine can barely connect to the internet and when it does it cycles for a long time without ever reaching various sites. I was unable to install the latest windows security updates. I can ping certain sites but not others. The real odd part of this is that the PCI wireless adapter went down and would not find any ssid's so I installed a new one that connects but I still have the same internet connection problems. The connection was working fine before this spyware infection. I am running the latest internet explorer version.
My main computer also went down when the new adapter (usb connected) was installed in my daughters computer(not sure if this issue is connected to this). It is hardwired....I am getting a new router from verizon.
I downloaded hijack this for the above infection and have posting the log. Could someone please help. I am somewhat computer savvy but not enough interpret all of the results.
Thank you for the help.
Full Version: Anitvirus 2009 Spyware Infection
Help!! Can anyone take a look at my hijack this file? I would greatly appreciate it!!
Hello ZZT,
Welcome to Gladiator Security Forum
Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe
Double Click mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Thanks,
tea
Welcome to Gladiator Security Forum
Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe
Double Click mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Thanks,
tea
Hello Tea,
I followed your instructions below and thank you kindly. The Malware program identified 54 infections that Adaware, Spybot and AVG could not including 20 in the registry keys. The internet now works great on her machine! The only thing that concerns me is that there is a boatload of activity on her hard drive when there are really no programs in use.
With your recommendation I have posted both the Malware and the Hijack This logs. Now I have to work on swapping out my router for my main computer that still won't connect. Would you recommend running this Malware program on my main machine as well? I suppose it is possible there is an infection present on this machine as well, that the other programs could not detect.
ZZT
I followed your instructions below and thank you kindly. The Malware program identified 54 infections that Adaware, Spybot and AVG could not including 20 in the registry keys. The internet now works great on her machine! The only thing that concerns me is that there is a boatload of activity on her hard drive when there are really no programs in use.
With your recommendation I have posted both the Malware and the Hijack This logs. Now I have to work on swapping out my router for my main computer that still won't connect. Would you recommend running this Malware program on my main machine as well? I suppose it is possible there is an infection present on this machine as well, that the other programs could not detect.
ZZT
Hello,
You're welcome kindly.
Yes, you can run MBAM on your computer as well, but not this next tool!
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {0D03588A-BC34-4E6E-AF5F-C88CEC8AD5DD} - C:\WINDOWS\system32\efcYRKCU.dll (file missing)
O2 - BHO: (no name) - {4DEABE3F-4A61-47C2-A64D-90453DC01542} - C:\WINDOWS\system32\qoMfdBuv.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [206e133c] rundll32.exe "C:\WINDOWS\system32\ujqndxnv.dll",b
O4 - HKCU\..\Run: [86562695022578184574850239969578] C:\Program Files\AV9\av2009.exe
O20 - Winlogon Notify: qoMfdBuv - qoMfdBuv.dll (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Close all browsers and other windows except for HijackThis!, and click "Fix checked".
I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :)
This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.
Thanks,
tea
You're welcome kindly.
Yes, you can run MBAM on your computer as well, but not this next tool!
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {0D03588A-BC34-4E6E-AF5F-C88CEC8AD5DD} - C:\WINDOWS\system32\efcYRKCU.dll (file missing)
O2 - BHO: (no name) - {4DEABE3F-4A61-47C2-A64D-90453DC01542} - C:\WINDOWS\system32\qoMfdBuv.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [206e133c] rundll32.exe "C:\WINDOWS\system32\ujqndxnv.dll",b
O4 - HKCU\..\Run: [86562695022578184574850239969578] C:\Program Files\AV9\av2009.exe
O20 - Winlogon Notify: qoMfdBuv - qoMfdBuv.dll (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Close all browsers and other windows except for HijackThis!, and click "Fix checked".
I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :)
This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.
Thanks,
tea
Hi Tea,
I fixed the checked items above on hijackthis, disabled the spyware programs, downloaded and ran combofix. It seemed I could connect to the internet for a brief moment and now I have no connectivity. It appears to want to connect to a different address than my router.
I posted the hijackthis and combofix logs.
Help!! Were you expecting this? It was working great before this.
Thanks,
ZZT
I fixed the checked items above on hijackthis, disabled the spyware programs, downloaded and ran combofix. It seemed I could connect to the internet for a brief moment and now I have no connectivity. It appears to want to connect to a different address than my router.
I posted the hijackthis and combofix logs.
Help!! Were you expecting this? It was working great before this.
Thanks,
ZZT
I renewed the IP address and it is working great again. I posted the logs in the prior post for you to review.
Let me know if I am ok. The background suspicious activity seems to have stopped completely. This should be a good thing I suspect.
Thanks,
ZZT
Let me know if I am ok. The background suspicious activity seems to have stopped completely. This should be a good thing I suspect.
Thanks,
ZZT
Hi again,
Hmmmm.....some things that should have been removed from the HijackThis log are still there. Please do like you did with ComboFix and go offline and disable the protective programs, then run HijackThis:
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {0D03588A-BC34-4E6E-AF5F-C88CEC8AD5DD} - C:\WINDOWS\system32\efcYRKCU.dll (file missing)
O2 - BHO: (no name) - {4DEABE3F-4A61-47C2-A64D-90453DC01542} - C:\WINDOWS\system32\qoMfdBuv.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [206e133c] rundll32.exe "C:\WINDOWS\system32\ujqndxnv.dll",b
O4 - HKCU\..\Run: [86562695022578184574850239969578] C:\Program Files\AV9\av2009.exe
O20 - Winlogon Notify: qoMfdBuv - qoMfdBuv.dll (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Close all browsers and other windows except for HijackThis!, and click "Fix checked".
Reboot your computer.
Please also run MBAM again to be sure there's nothing left.
As far as CF.....it automatically disconnects you from the internet while it's running so nothing can climb on board while it's working. If it's let run all the way, and a reboot, it normally lets you back online. You did good.
Let me know how you come out. :)
Thanks,
tea
Hmmmm.....some things that should have been removed from the HijackThis log are still there. Please do like you did with ComboFix and go offline and disable the protective programs, then run HijackThis:
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {0D03588A-BC34-4E6E-AF5F-C88CEC8AD5DD} - C:\WINDOWS\system32\efcYRKCU.dll (file missing)
O2 - BHO: (no name) - {4DEABE3F-4A61-47C2-A64D-90453DC01542} - C:\WINDOWS\system32\qoMfdBuv.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [206e133c] rundll32.exe "C:\WINDOWS\system32\ujqndxnv.dll",b
O4 - HKCU\..\Run: [86562695022578184574850239969578] C:\Program Files\AV9\av2009.exe
O20 - Winlogon Notify: qoMfdBuv - qoMfdBuv.dll (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Close all browsers and other windows except for HijackThis!, and click "Fix checked".
Reboot your computer.
Please also run MBAM again to be sure there's nothing left.
As far as CF.....it automatically disconnects you from the internet while it's running so nothing can climb on board while it's working. If it's let run all the way, and a reboot, it normally lets you back online. You did good.
Let me know how you come out. :)
Thanks,
tea
Hello Tea,
This computer does not have any of the hijackthis items referred to above (good thing I hope!). I re-ran Malwarebytes and no infections were found. I posted both logs again for your review.
Thank you so much for this help. As I had said in my last post for my main computer issues you are a life saver!
ZZT
This computer does not have any of the hijackthis items referred to above (good thing I hope!). I re-ran Malwarebytes and no infections were found. I posted both logs again for your review.
Thank you so much for this help. As I had said in my last post for my main computer issues you are a life saver!
ZZT
You're most welcome. :) This one still looks good.
tea
tea
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.