Avast WEBforum
Other => Viruses and worms => Topic started by: xcelestialx on October 14, 2011, 03:30:34 PM
-
Hi, i have a problem with my computer. I'm using a windows 7 sony vaio SB28GG laptop. recently i've had this annoying Windows Command Processor pop up that will keep prompting for permission even when i click No. this occurs every second after i click yes or no. it says program location is C:\windows\sysWOW64\cmd.exe and C:\users\<username>\Appdata\Local\Temp\pggumkoakrdygqne.exe
i ran a full scan on avast and also malwarebytes anti malware. they both came up with some infections and i removed them but when i restart my laptop the pop up appears again. any help? @@
-
That is malware - locate the file from the Avast chest and upload as a suspicious file
THEN
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Attach both logs
-
C:\users\<username>\Appdata\Local\Temp\pggumkoakrdygqne.exe
C:\windows\sysWOW64\cmd.exe
upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see
alternative
Jotti http://virusscan.jotti.org/en
VirSCAN http://virscan.org/
Metascan http://www.metascan-online.com/
-
heh thanks for the reply! sorry though, i deleted the malware file yesterday after malwarebytes couldn't remove the malware. so sorry!! i hope i didnt make it more complicated :-X :-X the problem still persists though. heres the OTL log.
thanks for the help!
-
OK try this ;D
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O4 - HKU\S-1-5-21-4191096255-2624141335-3855073267-1000..\Run: [XbiAkipt] C:\Users\yinghan\AppData\Local\puqnaigd\xbiakipt.exe ()
O4 - Startup: C:\Users\yinghan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xbiakipt.exe ()
[2011/10/13 20:26:19 | 000,000,000 | ---D | C] -- C:\Users\yinghan\AppData\Local\puqnaigd
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
i pasted it and run fix and a blue screen appeared. something around stop error with dumping physical memory at the bottom. something about shut down to prevent something .. should i try again?
by the way, since i got this virus, my skype doesn't function properly. it always say that it has an unexpected error and thus have stopped working. only when i restart .. does it have anything to do with the malware? i tried redownloading and reinstalling but meh =/
-
OK lets up the ante
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
thanks for the quick reply. heres the log
-
OK that took most of it out now for the remainder. On completion could you let me know of any remaining problems
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\users\yinghan\AppData\Local\puqnaigd
Save this as CFScript.txt, in the same location as ComboFix.exe
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
-
wow thanks! i realised the pop up is gone! thank you so much. this is my log for the combofix
by the way, am i supposed to run malware bytes together with avast?
-
Yes they complement each other quite nicely
If all is well tomorrow let me know and I will remove my tools
-
I have this same problem but the problem .exe has a different name; I guess the name is just randomly generated?
Does anybody know what it is?
Thanks, Alex