Software > Computer viruses and spyware
Need to get rid of the Malware again (Outerinfo, Internet speed monitor, etc)
green tea:
Hi Broni, it's the same computer/problem. But Evilfantasy closed that thread since it got off topic and told me to start a new one.
This is the main thread now. Please delete the other one if needed. Thanks
Broni:
No problem, I just wanted to clarify :)
evilfantasy:
Go to Start > Run and copy then past sc stop MsSecurity1.209.4 then click OK
Now again go to Start > Run and copy and paste sc delete MsSecurity1.209.4 then click OK
----------
Open Hijackthis and select Do a system scan only then place a check mark next to (if there)
- O4 - HKLM\..\Run: [ynupuhwb] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ynupuhwb.dll"
- O4 - HKLM\..\Run: [1cbf3279] rundll32.exe "C:\WINDOWS\system32\tedpyuln.dll",b
- O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\COMMON~1\ASKS~1\arpa.exe" -vt yazb
- O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe (file missing)
Now click Fix checked
----------
Download OTMoveIt2 by OldTimer[*] Save it to your desktop.
[*]Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
--- Code: ---C:\WINDOWS\winself.exe
C:\PROGRA~1\COMMON~1\ASKS~1\arpa.exe
C:\WINDOWS\system32\tedpyuln.dll
C:\Documents and Settings\All Users\Application Data\ynupuhwb.dll
--- End code ---
[/list][*] Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the Yellow bar) and choose Paste.
[*]Click the red Moveit! button.[/list][*]Copy everything in the Results window (under the Green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt2[/list]Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
----------
Post the OTMoveIt log and run a new Hijackthis scan and post that log.
If you are still stuck in safe mode then try to run SDFix again and get a log from that.
green tea:
Ok, did ran the "sc delete MsSecurity1.209.4"
Ran HJT and selected the first 3 line items (HKLM and HKCU). But didn't see O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe (file missing)
Ran OTMoveIt but it keeps freezing whenever it's looking for the last file "ynupuhwb.dll" Under the Green result bar, it also shows some of the files as not found.
So as of now, I can't create a log for OTMoveIt. Here's the current HJT log if you need to see it.
[recovering space - attachment deleted by admin]
evilfantasy:
You will need to go in and manually delete these files (in bold)
they may not all be there.
C:\PROGRA~1\COMMON~1\ASKS~1\arpa.exe
C:\WINDOWS\system32\tedpyuln.dll
C:\Documents and Settings\All Users\Application Data\ynupuhwb.dll
Have you tried SDFix again?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version