Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Malware Infection  (Read 3328 times)

0 Members and 1 Guest are viewing this topic.

Michael

    Topic Starter


    Adviser
    • Experience: Experienced
    • OS: Windows 7
    Malware Infection
    « on: February 09, 2007, 08:07:29 AM »
    My system is infected by malwares which could not be fixed by either Ewido / Spybot / NAV.

    Attached is my Hijackthis log file.

    Anyone can help?

    Thanks a lot !!!

    oddjob

    • Moderator


    • Hopeful

      Thanked: 4
      • Experience: Beginner
      • OS: Windows 7
      Re: Malware Infection
      « Reply #1 on: February 09, 2007, 08:53:54 AM »
      Hi Michael

      Your log is rather a disaster (but I assume you know this). You have many Trojans, your java is out of date and I can't see any active antivirus or firewall.

      You need to do several things to fix this OR do a clean install with a new AV and firewall.

      If you want to try and fix this start here.

      First ..... print his out to help you follow my advice.

      Second .... go here ......

      http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html

      Run through all the stages in the tutorial INCLUDING installing antivirus and firewall.


      Third .... run through steps 1 to 4 ONLY of this .....

      http://www.help2go.com/Tutorials/Protect_Your_PC/Get_Rid_of_Spyware%2C_Adware%2C_and_Web_Browser_Hijackers.html


      Fourth .... update your AVG AntiSpyware to the latest defifintions.


      Fifth .... download and install the fully working trial version of Trojanhunter from here ....

      http://www.misec.net/

      Sixth .... reboot to safe mode and scan with AVG AS and Trojanhunter. Let the programs fix anything they finds. Remember to save the AVG AS scan repost and remember WHERE you saved it.

      REBOOT to normal mode as use the compter as you would usually do.


      Lastly .... if this doesn't fix the problems (which will be likely) .... still in normal mode ....download HijackThis from here ...

      http://www.majorgeeks.com/download3155.html

      unzip & install it ...
      open the program ...
      from the menu click on "Do a system scan and save a logfile".

      Copy and paste both the AVG AS scan report and the HJT logfile to this thread. More specific removal instructions will follow for whatever it is that's causing the problem.


      OJ
      « Last Edit: February 09, 2007, 08:58:05 AM by oddjob »

      Michael

        Topic Starter


        Adviser
        • Experience: Experienced
        • OS: Windows 7
        Re: Malware Infection
        « Reply #2 on: February 13, 2007, 12:36:03 PM »
        Dear OJ,

        I've tried all you mentioned above, but none of them seems to settle the issue.

        Attached are the log file of AVG AS & HJT.

        For AVG AS, everytime time I run the scan it will detect quite a number of threats, and even I deleted them, it seems to be endless. And some tracking cookies cannot be deleted.

        For HJT, although I tried to delete some suspicious entries, but those entries reappear again and again.

        On the other hand, I notice that System Restore has been missing from my Windows - both Safe Mode and Normal mode.

        Please advise. Thanks!!!

        dl65

        • R.I.P.


        • Prodigy

          Thanked: 18
          Re: Malware Infection
          « Reply #3 on: February 13, 2007, 02:51:07 PM »
          Michael ...... I have just looked at the latest log you posted ....and it's still very bad.........

          I'm a little curious as to why you don't have NAV or AVG antispyware showing up in your running processes ? Do you have them shut down for some reason ....( because I see referance to them elsehere in your log ) Is NAV outdated ?

          In any event , I have just been looking back at you previous posts going back into Nov ....... and it seems that you have been infected for a long time.

          [highlight]Why don't you simply wipe the hard drive [/highlight]and [highlight]do a clean install [/highlight]and save yourself all this grief.

          I can only conclude that you haven't followed all the steps that oddjob has offered or you didn't understand them.

          Good luck

          dl65  ::)
          If you don't know the answer, it isn't a dumb question.

          Michael

            Topic Starter


            Adviser
            • Experience: Experienced
            • OS: Windows 7
            Re: Malware Infection
            « Reply #4 on: February 14, 2007, 06:24:47 AM »
            The previous infection back in Nov is solved by just deleting the Autorun.ini file, which is much more simple than the current situation.

            The HJT log file is generated in Safe Mode, so I guess that is the reason why it doesn't show NAV or AVG running.

            I have followed and done ALL the steps described in the links provided. Please advise if I didn't.

            I know that a clean format will settle anything, but I prefer understanding the situation and solving through the corresponding solution, unless no one know how to solve it.

            Thanks.

            GX1_Man

            • Guest
            Re: Malware Infection
            « Reply #5 on: February 14, 2007, 07:33:06 AM »
            Quote
            I know that a clean format will settle anything, but I prefer understanding the situation and solving through the corresponding solution, unless no one know how to solve it.
             

            The situation is caused by lack of proper protection, and unsafe practices as the log demonstrated. The solution has already been given (format and reinstall). Your point is like not wanting to empty a swimming pool with a pump, preferring a small bucket to get a little at a time to fully understand the process.  ;)


            Are you doing all of these fixes with System Restore turned off?
            « Last Edit: February 14, 2007, 07:34:18 AM by GX1_Man »

            Michael

              Topic Starter


              Adviser
              • Experience: Experienced
              • OS: Windows 7
              Re: Malware Infection
              « Reply #6 on: February 14, 2007, 08:35:08 AM »
              Actually all these mess up was caused by a simple mistake.
              I am using TVAnt to watch P2P satellite TV program.
              Anyway, the program is ad-supported, that I have to choose not to show ad everytime I start the program. By mistake, I didn't made the option at one time last week, and I ended up by all the trojans/spywares/adwares.

              Before this, I would consider my system is well protected by most major program frequently mentioned here in ComputerHope.

              I'm not trying to be stubborn to do a format and reinstall, I am just curious (and always want to know) what these stuffs do to the system and how to reverse their actions.
              But it seems like this time the infection is too bad to solve by simple way.
              Anyway, I would need a new second HDD tomorrow to back up my things before formatting.
               
              As for System Restore, as I mentioned in earlier reply, the System Restore feature is missing from Windows.

              Thanks.
              « Last Edit: February 14, 2007, 09:20:40 AM by Michael »

              oddjob

              • Moderator


              • Hopeful

                Thanked: 4
                • Experience: Beginner
                • OS: Windows 7
                Re: Malware Infection
                « Reply #7 on: February 14, 2007, 10:24:35 AM »
                Quote
                Anyway, I would need a new second HDD tomorrow to back up my things before formatting.
                Do we assume from this remark you are going for the "reformat/reinstall" option?

                If so we will not need to proceed any further with advice on how to fix your computer.

                On HJT ... you must run this in normal mode NOT safe mode.

                If you want us to help more please post a fresh HJT scan with an update on how your machine is behaving at the moment.


                OJ
                « Last Edit: February 14, 2007, 10:25:16 AM by oddjob »

                Michael

                  Topic Starter


                  Adviser
                  • Experience: Experienced
                  • OS: Windows 7
                  Re: Malware Infection
                  « Reply #8 on: February 16, 2007, 01:10:46 PM »
                  Quote
                  Do we assume from this remark you are going for the "reformat/reinstall" option?
                  If so we will not need to proceed any further with advice on how to fix your computer.

                  I thought this is what suggested by the gentlemen above?
                  Anyway, while I think probably it might be the time to format the drive since I'm free tomorrow, I'm still curious to learn the alternative way to solve the issue.

                  Attached is the HJT log file run in normal mode (sorry for the mistake to run in Safe Mode)

                  By the way, after trying to clean the system for many time these few days, I only manage to clear certain malwares from the system, with a few more issues left:

                  1. During start up, after the welcome screen, I get the below dialogue boxes:
                      
                      a. RUNDLL
                          Error loading C:\WINDOWS\system32\koed_w.dll
                          The specified module could not be found.

                      b. RUNDLL
                          Error loading C:\WINDOWS\system32\dnky_k.dll
                          The specified module could not be found.
                      
                      c. RUNDLL
                          Error loading C:\program files\internet explorer\user15.dll
                          The specified module could not be found.

                  2. Norton's virus protection is turned off:
                      
                      
                      And this keeps poping up never endingly.

                      I've checked the Norton's status and it cannot be turned on.
                      

                      I tried to uninstall and reinstall Norton but get stucked by messages that there are setup to be completed and the system need to be restarted.

                  3. System Restore is not working:

                      There is no System Restore tab in system properties, and if excess through System Tools or Help & Support, it is not responding i.e. nothing happen.

                  4. Cannot show hidden files and folders:

                      In Normal mode, even I check "Show hidden files and folders", nothing happen, and when check back, it set itseft back to "Do not show hidden files and folders".

                  5. Trojan detected:

                      When starting up in Normal mode, Trojan Hunter will prompt that it found a trojan, but when click clean, it cannot be fixed even after restart, and it repeat every time the system starts.
                      
                      

                  6. Trojan / Suspicious files cannot be cleaned:

                      When scanning with Trojan Hunter, it detects some trojan and suspicious files, but cannot be cleaned.
                      
                      

                  7. Suspicious files loaded during startup:

                     When running into Safe Mode from the list of sys file loaded, I can see a few suspicious files that are loaded everytime the system runs even I deleted them.
                     These files are:
                     C:\WINDOWS\system32\drivers\dnky_k.sys
                     C:\WINDOWS\system32\drivers\fikvavw.sys  
                     C:\WINDOWS\system32\drivers\gxrbsbd.sys      
                     C:\WINDOWS\system32\drivers\klfrkw.sys
                     C:\WINDOWS\system32\drivers\koed_w.sys
                     C:\WINDOWS\system32\drivers\lrxd_h.sys
                     C:\WINDOWS\system32\drivers\pczq_b.sys
                     C:\WINDOWS\system32\drivers\ytoe_n.sys


                  Hope this makes it clearer regarding the status of my system.

                  Thanks.
                  « Last Edit: February 16, 2007, 01:16:01 PM by Michael »

                  oddjob

                  • Moderator


                  • Hopeful

                    Thanked: 4
                    • Experience: Beginner
                    • OS: Windows 7
                    Re: Malware Infection
                    « Reply #9 on: February 16, 2007, 03:26:24 PM »
                    Quote
                    I'm still curious to learn the alternative way to solve the issue.
                    Sorry Michael but this log is still a complete disaster. You have many, many infections. A fix would take a very long time and, to be honest, trying to fix this would probably not be completely successful.

                    Your best bet would be just to reformat & reinstall. It would take me far too long to explain how to fix it all.

                    After you have reformatted and are certain you are now clear of all infections you should clear out all System Restore points then immediately create a new one so you have something to fall back on should anything go awry again. Also remember to make SR points on a regular basis.

                    More on System Restore ...

                    http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx


                    What may have lead up to your infection and help keep your computer free of malware

                    http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html

                    http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html

                    There is a little duplication but these tutorials are both well worth reading.

                    If you do suffer an infection again you should run first Ccleaner to clean out your system. Get Ccleaner here but ensure you install it WITHOUT the optional Yahoo Toolbar download (you must untick/uncheck the relevant box on download)

                    http://www.ccleaner.com/


                    Also run through this before posting another HijackThis log

                    http://www.help2go.com/Tutorials/Protect_Your_PC/Get_Rid_of_Spyware%2C_Adware%2C_and_Web_Browser_Hijackers.html


                    [If you are still wanting to learn more about how to fix malware infections usuing HJT and related tools I can point you in the direction of various online training schools that willl teach you. Let me know if you need links.]


                    Best wishes.


                    OJ
                    « Last Edit: February 16, 2007, 09:10:30 PM by oddjob »