Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.
Malware Removal Instructions
MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
bonsers
Hello.
My computer has significantly slowed down, is mostly redirecting me to a blank page via "www.ohtgnoenriga.com..." and has also started getting pop ups. Please can you help.
Logfile of Trend Micro HijackThis v2.0.4http://g.uk.msn.com/USCON/2 http://go.microsoft.com/fwlink/?LinkId=54896 http://www.google.co.uk/ http://go.microsoft.com/fwlink/?LinkId=69157 http://go.microsoft.com/fwlink/?LinkId=54896 http://go.microsoft.com/fwlink/?LinkId=54896 http://go.microsoft.com/fwlink/?LinkId=69157 res://C :\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000res://C :\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlhttp://appldnld.apple.com.edgesuite.net ... plugin.cab Acrobat.com
bonsers
Regular Member
Posts: 15Joined: July 26th, 2010, 2:02 pm
peku006
Hello and welcome to Malware Removal.
My name is
peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work: If you don't know or understand something please don't hesitate to ask Please DO NOT run any other tools or scans whilst I am helping you. It is important that you reply to this thread. Do not start a new topic. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe. Absence of symptoms does not mean that everything is clear .We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.SHOULD NOT http://www.bleepingcomputer.com/combofix/how-to-use-combofix Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you need help to disable your protection programs see
here. When finished, it will produce a log for you. Please include the
C:\ComboFix.txt in your next reply
Thanks peku006
peku006
MRU Emeritus
Posts: 3357Joined: May 14th, 2007, 2:18 pmLocation: Norway
bonsers
Thanks for the reply. Here is ComboFix.txt
ComboFix 10-09-04.06 - robert 06/09/2010 15:55:55.1.2 - x86hxxp://www.google.co.uk/ http://www.gmer.net
bonsers
Regular Member
Posts: 15Joined: July 26th, 2010, 2:02 pm
peku006
Hi bonsers
Download and Run Malwarebytes' Anti-Malware Please save any items you were working on... close any open programs. You may be asked to reboot your machine. Please download
Malwarebytes Anti-Malware and save it to your desktop. If needed...
Tutorial w/screenshots Alternate download sites available
here or
here .
Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish . If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. Problems downloading the updates? Manually download them from here "mbam-rules.exe" to install. On the Scanner tab: Make sure the "Perform full scan " option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found Click OK to close the message box and continue with the removal process. Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found. Check all items except C:\System Volume Information Remove Selected .We will take care of the System Volume Information items later. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Username \Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Copy and paste the contents of that report in your next reply and exit MBAM. Note : If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Please reply with
the
Malwarebytes' Anti-Malware Log a fresh
HijackThis log Thanks peku006
peku006
MRU Emeritus
Posts: 3357Joined: May 14th, 2007, 2:18 pmLocation: Norway
bonsers
Hi. Thanks again. Quick question: 2 infections have been found, do i delete these? or do i need to save any?
bonsers
Regular Member
Posts: 15Joined: July 26th, 2010, 2:02 pm
peku006
Hi bonsers
peku006
MRU Emeritus
Posts: 3357Joined: May 14th, 2007, 2:18 pmLocation: Norway
bonsers
Malwarebytes' Anti-Malware 1.46http://www.malwarebytes.org Logfile of Trend Micro HijackThis v2.0.4http://www.google.co.uk/ http://go.microsoft.com/fwlink/?LinkId=69157 http://go.microsoft.com/fwlink/?LinkId=54896 http://go.microsoft.com/fwlink/?LinkId=54896 http://go.microsoft.com/fwlink/?LinkId=69157 res://C :\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000res://C :\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlhttp://appldnld.apple.com.edgesuite.net ... plugin.cab
bonsers
Regular Member
Posts: 15Joined: July 26th, 2010, 2:02 pm
peku006
Hi bonsers
Download and Run Gmer Please download
gmer.zip from Gmer and save it to your desktop.
***Please close any open programs ***
Double-click
gmer.exe. The program will begin to run.
**Caution** If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click
No .
If you do not receive notice about possible rootkit activity remain on the
Rootkit/Malware tab & make sure that the '
Sections ' button is
ticked and the '
Show All ' button is
unticked .
Click the Scan button and let the program do its work. GMER will produce a log. Once the scan is complete, you may receive another notice about rootkit activity. Click OK . GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop. DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc ! Please post the results from the GMER scan in your reply.
Thanks peku006
peku006
MRU Emeritus
Posts: 3357Joined: May 14th, 2007, 2:18 pmLocation: Norway
bonsers
hello, i ran "gmer.exe" and no "ROOTKIT" entries came up so i clicked "scan". it finished scanning and i tried to save the log and a blue screen appeared with white writing and then my computer just restarted. i tried scanning again, however the blue screen appeared and it restarted again, however it happened halfway the scan this time. what do you recommend i do?
bonsers
Regular Member
Posts: 15Joined: July 26th, 2010, 2:02 pm
peku006
Hi bonsers
Let`s try this
Download
OTC by Old Timer and save it to your Desktop.
Double-click OTC.exe Click the CleanUp! button Select Yes when the Begin cleanup Process? Prompt appears If you are prompted to Reboot during the cleanup, select Yes The tool will delete itself once it finishes, if not delete it by yourself Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
The downloaded file will have a
random name... this prevents malware from detecting and blocking it.
Please download
GMER... random file name.exe by
GMER . An alternate (zip file) download
site .
Note: Do not run any programs while Gmer is running.**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Double click on the random named .exegmer.sys driver load.If using Vista, you must right click random named .exe and choose "Run As Administrator" If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO <--- Important! On the right side panel, several boxes have been checked. Please UNCHECK the following:(see image below) IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All <-- don't miss this one Click on image to enlarge If you don't get a warning then... Click the Rootkit/Malware tab at the top of the GMER window. Click the Scan button. Once the scan has finished... click Save . The Save... window will open. Save the scan results as gmerroot.log , save it to your Desktop. Double click on the desktop "gmerroot.log" file, to open in Notepad. Copy and paste the contents of the file gmerroot.log Thanks peku006
peku006
MRU Emeritus
Posts: 3357Joined: May 14th, 2007, 2:18 pmLocation: Norway
bonsers
i have downloaded OTC and ran the cleanup etc, but this time when i run the gmer (randon file name.exe) it will scan for a while, but then close down so im just left with the desktop open. i then have tried to start random file name.exe again and the blue screen reappears and my computer is rebooted.
bonsers
Regular Member
Posts: 15Joined: July 26th, 2010, 2:02 pm
peku006
Hi
Ok.......I hope this works......
RootRepeal Please download
RootRepeal.zip .
Save it to your Desktop . Alternate download links
here or
here .
Please print these instructions, you will not have an Internet connection! RootRepeal site wrote: RootRepeal is currently in public beta. Whereas every effort has been made to ensure compatibility with every system configuration on Windows 2000, XP, 2003 and Vista, it cannot be guaranteed. There is always some risk when scanning for rootkits. Before running RootRepeal, please make sure you have backups of all important data and have saved all open documents.
If you have a 3rd party "unzipping" program...use it to open the zipped file...then skip to
Step 5 . Otherwise...
Right click on RootRepeal.zip and select "Extract All"... . Click Next on the "Welcome to the Compressed (zipped) Folders Extraction Wizard." Click on the Browse ...button, then click on Desktop , then click OK . Once done, check (tick) the Show extracted files box and click Finish . Before running RootRepeal:Disconnect from the Internet as your system will be unprotected while using this tool.temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before */ Insert instructions to disable specific user's protection programs */ Open the RootRepeal folder and double-click on RootRepeal.exe to launch it. When the program opens, click the Report tab at the bottom, then click the Scan button. In the Select Scan , dialog which asks What do you want to include in the scan? , check ALL the boxes. Click OK . In the Select Drives , dialog Please select drives to scan: select all drives showing, then click OK .Do not Click on the Save Report button and save it as "rootrepeal.txt " to your desktop . Close and exit RootRepeal Double-click on the file rootrepeal.txt Make sure to enable your anti-virus, Firewall and any other security programs you disabled. Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "safe mode Thanks peku006
peku006
MRU Emeritus
Posts: 3357Joined: May 14th, 2007, 2:18 pmLocation: Norway
bonsers
hello, it turns out that a gmer log file (that i tried earlier today) survived before one of the times it rebooted. here it is. what shall i do now? shall i forget rootrepeal.zip?
GMER 1.0.15.15281 - http://www.gmer.net
bonsers
Regular Member
Posts: 15Joined: July 26th, 2010, 2:02 pm
peku006
Hi bonsers
shall i forget rootrepeal.zip?
Yes
do not see anything suspicious in the Gmer log..........
Kaspersky Online Scan You can use either Internet Explorer or Mozilla FireFox for this scan. Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Hold down Control then click on the following link to open a new window to Kaspersky Online Scan Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run . When the downloads have finished, click on Settings . Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Click on My Computer under Scan . * This will take a while. Please be patient *. Once the scan is complete, it will display the results. Click on View Scan Report . You will see a list of infected items there. Click on Save Report As... . Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Please post this log in your next reply. This online tutorial will help explain how to use the aforementioned online scan
Thanks peku006
peku006
MRU Emeritus
Posts: 3357Joined: May 14th, 2007, 2:18 pmLocation: Norway
bonsers
--------------------------------------------------------------------------------
bonsers
Regular Member
Posts: 15Joined: July 26th, 2010, 2:02 pm
Return to Infected? Virus, malware, adware, ransomware, oh my!
Who is online
Users browsing this forum: No registered users and 130 guests
Contact us: forum@malwareremoval.com
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware
