malware type--- dropper

[essexboy]

Yes download the recovery console as it is for your safety - should not take long

[someday]

hello sir..

here is the log file...

(i had run the prog from the safemode with n/w as in normal mode my net connection is not working..is it ok??)

[essexboy]

What error do you get when you try to connect in safe mode ?

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: [Select]

KillAll::

File::
c:\windows\System32\drivers\c636aaeb.sys
c:\windows\System32\drivers\vitra.sys

Driver::
Cmdmpa
vitra
c636aaeb

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below.  This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt .

[someday]

hello sir..

i encountered internet problem in normal mode not in safe mode..it showed that i was connnected but either the net was very very slow or gets disconnected after a while..this wasnt in the safe mode,it was running smoothly there.
so i had run combofix in the safe mode as it required an active connection to download Miicrosoft recovery console.


Sir,i have got avast 4.8 proffesional and since 4-5 days(when my pc encountered these problems) a red icon has been on the 'a' ball(On Access protection has been stopped)..i had tried to update ,repair it but it didnt worked so i thought i will reinstall it after all these fixes..

(I had also uninstalled MBAM,Hijackthis, SuperAntispyware thinking they might be interfering with avast)

But after running combofix and restarting my pc today(after 5-6 hours) the red icon has gone and its Access protection is now working...

and when i did this

What error do you get when you try to connect in safe mode ?

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: [Select]

KillAll::

File::
c:\windows\System32\drivers\c636aaeb.sys
c:\windows\System32\drivers\vitra.sys

Driver::
Cmdmpa
vitra
c636aaeb

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below.  This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt .

It gave a warning to stop all active scanners--Avast antivirus...to not to interfere in the working of combofix...
i do stopped it and it ran as before, when combofix restarted it didnt created any log file  ... now where it is??i cheched in the drive and i couldnt find it?? plz help (what to post)...

thanks...

[essexboy]

The file should be at C:\ComboFix.txt

Download and run winsock xp fix from here http://majorgeeks.com/WinSock_XP_Fix_d4372.html then try to connect in normal mode - let me know of any problems experienced and/or any warning messages you get

[someday]

hello sir..

i coudnt find C:\ComboFix.txt (it wasnt there)... so i did that dragging CFScript.txt again and this time it created the log file... here it is...

http://www.mediafire.com/?sharekey=75cfe340ef6c60dcc2b435915e8821d7e04e75f6e8ebb871

and now the net connection is working in the normal mode..so should i run Winsock_XP_Fix or not...
thanks...

[essexboy]

No that was a fall back in case the CF script did not work

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..Run OTS and hit the cleanup button.  It will remove all the programmes we have used plus itself.  MBAM can be uninstalled via control panel add/remove along with ERUNT.  But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
• Click OK.

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
• Click CREATE
  

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

SPRING CLEAN
 
Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
  
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
  
• SuperAntispyware   Run weekly to keep your system clean
  

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update
  

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
Keep safe

[YoKenny]

@someday

One important question as you have not updated to XP SP3 yet?
http://forum.avast.com/index.php?topic=49266.msg416421#msg416421

Is Windows genuine?
http://www.microsoft.com/genuine/ProgramInfo.aspx?displaylang=en&sGuid=a059bfc1-f1a2-4469-92ef-26790fdbacc2

[someday]

@essexboy

Thanks a lot sir...my pc seems to work fine...I am so relaxed now..you were a great help..a very grateful to you sir..and now i will try to keep it safe...
thanku..

[nmb]

let me welcome him - if you allow sir essexboy.

welcome. hope one of my forum friend who I suggested helped you.

nmb

[polonus]

Hi someday,

I say with nmb welcome to these forums here, visit us often, educate and one day maybe help other,

polonus

[CharleyO]

***

A belated welcome to the forums, someday.   

It is always nice to see a problem solved. Thanks to essexboy for his much needed help.

Please come back often, someday, and learn more.


***

[someday]

thankyou nmb...polonus...CharleyO...

i will often visit this forum to learn some more...