Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Need to get rid of the Malware again (Outerinfo, Internet speed monitor, etc)  (Read 35353 times)

0 Members and 1 Guest are viewing this topic.

green tea

    Topic Starter


    Intermediate

    Thanked: 1
    No, didn't work. That blue screen showed up again and the 2nd reboot went to safe mode again.

    Have we gotten rid the adwares, etc?

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 489
    • Experience: Familiar
    • OS: Windows 10
    No I don't think the malware is gone yet.

    Please download Combofix by sUBs from one of the below links.
    (Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
    • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
    • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
      • Click this link to see a list of security programs that should be disabled and how to disable them.
      • If yours is not listed and you don't know how to disable it, please ask.
    • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
    • Double click combofix.exe & follow the prompts.
      • Choose Yes to accept the Disclaimers.[
      • When finished, it will produce a log for you.
      • Post that log in your next reply.
      Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
      • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
      • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
      If needed, see this Combofix tutorial with screenshots that will detail the downloading and running of combofix more thoroughly. Still be sure to rename combofix as detailed above.

      green tea

        Topic Starter


        Intermediate

        Thanked: 1
        Sweet!! Combofix ran perfectly this time (passed through all 41 stages, and then rebooted itself). And the best part.. it booted to normal mode without any errors ;D I have to say, after having to stay in safe mode for over a day, the tiny text and icons is a welcome sight.

        And after it produced the log, the time changed back to normal unlike the first time, and the internet works.

        Combofix log attached:

        [recovering space - attachment deleted by admin]

        evilfantasy

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Calm like a bomb
        • Thanked: 489
        • Experience: Familiar
        • OS: Windows 10
        Delete these files/folders, as follows:

        1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
        It must be Notepad, not Wordpad.
        • Click Start , then Run
        • Type notepad.exe in the Run Box.
        2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

        Code: [Select]
        KILLALL::

        Folder::
        C:\Documents and Settings\All Users\Application Data\turczcvk
        C:\WINDOWS\mgwwgmke

        File::
        C:\WINDOWS\QTFont.qfn
        C:\WINDOWS\QTFont.for
        C:\amhE.exe
        C:\WINDOWS\system32\nluypdet.ini
        C:\WINDOWS\system32\iasnvwsp.ini
        C:\WINDOWS\BM1f8c01e5.xml
        C:\WINDOWS\obqfqdgd.dll
        C:\WINDOWS\enunwtiv.dll
        C:\WINDOWS\system32\L5B7C.tmp
        C:\WINDOWS\system32\L4E1E.tmp
        C:\WINDOWS\system32\L4729.tmp
        C:\WINDOWS\system32\L45B2.tmp
        C:\WINDOWS\muotr.so
        C:\WINDOWS\megavid.cdt

        Registry::
        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f}]

        3. Go to the Notepad window and click Edit > Paste
        4. Then click File > Save
        5. Name the file CFScript.txt - Save the file to your Desktop
        6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



        ComboFix will begin to execute, just follow the prompts.
        After reboot (in case it asks to reboot), it will produce a log for you.
        Post that log (Combofix.txt) in your next reply.

        Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

        ----------

        Now run a new Hijackthis scan and post that log also.

        Next post
        Combofix log
        New Hijackthis log

        green tea

          Topic Starter


          Intermediate

          Thanked: 1
          Alrighty,

          here are the new logs

          [recovering space - attachment deleted by admin]

          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 489
          • Experience: Familiar
          • OS: Windows 10
          The logs look good now, how is everything?

          Download and install CleanUp!.exe

          Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
          Set the program up as follows:
          • Click Options...
          • Move the arrow to Standard CleanUp!
          • Uncheck the following: (if checked)
            • Delete Newsgroup cache
            • Delete Newsgroup Subscriptions
          • Click OK
          Click the CleanUp! button to start the program. Reboot/logoff when prompted.

          Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!
          If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility




          green tea

            Topic Starter


            Intermediate

            Thanked: 1
            That's good news.. everything seems to be back to normal.

            How do I know it's a 64 bit OS? Where can I check?

            And does this affect the prefetch (remember how last time, I was using ATF cleaner way too much, and it affected the load time for yahoo.com.)?

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 489
            • Experience: Familiar
            • OS: Windows 10
            Pretty sure you don't have a 64bit so it is safe to run.

            I remember the prefetch problem. Just running Cleanup once won't hurt anything.

            Final steps.

            Let's clear out the programs we've been using to clean up your computer, they are not suitable for
            general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.
            .
            • Click START then RUN
            • Now type Combofix /u in the runbox
            • Make sure there's a space between Combofix and /u
            • Then hit Enter.
            .
            .
            The above procedure will:
            • Delete:
              • ComboFix and its associated files and folders.
              • VundoFix backups, if present
              • The C:\Deckard folder, if present
              • The C:_OtMoveIt folder, if present
              • Reset the clock settings.
              • Hide file extensions, if required.
              • Hide System/Hidden files, if required.
              • Set a new, clean Restore Point.
              .
              Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed)

              1. Double click OTMoveIt2.exe to launch it.
              Vista users right click and choose Run As Administrator
              2. Click on the CleanUp! button.
              3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
              4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
              5. Once complete exit out of OTMoveIt2

              Set a New Restore Point to prevent possible reinfection from an old one
              Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
              • Go to Start > Programs > Accessories > System Tools and click System Restore
              • Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
              • The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
              • Next go to Start > Run and type Cleanmgr
              • Click OK
              • Click the More Options Tab.
              • Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
              .
              Use the Secunia Software Inspector to check for out of date software.
              • Click Start Now
              • Check the box next to Enable thorough system inspection.
              • Click Start
              • Allow the scan to finish and scroll down to see if any updates are needed.
              • Update anything listed.
              .
              Here are some great tools to help you keep from getting infected again.

              To prevent unknown applications from being installed on your computer install WinPatrol 2007
              .

              Let me know how everything went.

              green tea

                Topic Starter


                Intermediate

                Thanked: 1
                Ok, so I should still use Cleanup before going to the Final Steps, correct?

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 489
                • Experience: Familiar
                • OS: Windows 10
                Yep, it will remove any of the malicious files that are in temp. folders.

                green tea

                  Topic Starter


                  Intermediate

                  Thanked: 1
                  Ok, did everything including Secunia.

                  I need to update my Adobe programs, Quicktime, Itunes, Java, Adobeflash, etc.
                  ......

                  Now back to the basics in the Sticky thread.. which of these 3 is the most effective/user-friendly? I'm worried about running into problems after installing these..

                  Avast! Home Edition
                  AVG Free Edition
                  AntiVir Personal

                  Should I uninstall Norton 2003 first? or d/l this and then uninstall?

                  mcxeb52!

                  • Guest
                  Avast and AVG are fine but AntiVir has this short term expiration thing which makes me think it's actually a trial....

                  But for Avast and AVG, it just depends on whichever program's interface and controls you like better. But in terms of updating and effective, they both update every day at minimum and both are always sending out program updates as it comes.


                  green tea

                    Topic Starter


                    Intermediate

                    Thanked: 1
                    FRICKING A... Bad News
                    I was watching a movie this morning, and then my computer got hit with a bunch of malware again.. Winpatrol's Scotty was detecting a bunch of stuff and I kept clicking "NO" when it asked if I wanted to these programs to the startup setting. Then I check my start menu and Outerinfo and Internet Speed Monitor reinstalled themselves on my pc, along with a bunch of other stuff.

                    I did CCleaner, and then did the Add/Remove to get rid of Outerinfo, ISM, a lot of other things which I can't recall right now. But there's still one called "Command" in the program list. It doesn't have any info to it, no file size or date.

                    I just ran SuperAntispyware in Safe mode, and rebooted. But now when I try to retrieve the log by doubleclicking on it, the "OPEN WITH" window pops up and ask me which program I want to select to open SAS with ???

                    Evilfantasy, please help again...

                    .........

                    Uh oh, I tried double clicking other programs (CCleaner, Notepad, etc) and it all leads to the "Open With" window appearing again. What happened??

                    green tea

                      Topic Starter


                      Intermediate

                      Thanked: 1
                      Crap, just tried to check the Add/Remove list to see if anything else is there BUT I can't open it.

                      It says C:\WINDOWS\system32\rundll32.exe
                      Application not found

                      Everything was still operational when I was doing the SAS scan.. and it that found 69 infected items. I had it quarantined and remove, and then was prompted to reboot.  :'(

                      ....

                      Also, when this first happened at 10 this morning, I tried to revert to the system restore I created earlier this week. But it only showed today's system restore point (4/26/08 - 10:00 am).. so would it help if I can get back to the System Restore point on 4/22 or 4/23 even though it's not showing up? Or did the malware override the point I created?

                      evilfantasy

                      • Malware Removal Specialist
                      • Moderator


                      • Genius
                      • Calm like a bomb
                      • Thanked: 489
                      • Experience: Familiar
                      • OS: Windows 10
                      Do you have an XP CD?

                      If so, place it in your CD ROM drive and follow the instructions below:
                      • Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
                        • Let this run undisturbed until the window with the blue  progress bar goes away
                      SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

                      If you want to see what was replaced, right-click My Computer and click on Manage.
                      In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.