Here I be - there is a rootkit/hidden driver that I will need to kill
Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the
Run Fix button.
[Unregister Dlls]
[Modules - Safe List]
YY -> erivujepopepacu.dll -> C:\WINDOWS\erivujepopepacu.dll
[Registry - Additional Scans - Safe List]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
YN -> http [open] -> "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
YN -> https [open] -> "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
[Files/Folders - Created Within 30 Days]
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY -> daleg.sys -> C:\WINDOWS\System32\drivers\daleg.sys
NY -> Lgelimuwesebeb.bin -> C:\WINDOWS\Lgelimuwesebeb.bin
NY -> Yhenij.dat -> C:\WINDOWS\Yhenij.dat
NY -> 49 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 117 C:\Documents and Settings\Ben\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Ben\Local Settings\Temp\*.tmp
NY -> 117 C:\Documents and Settings\Ben\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Ben\Local Settings\Temp\*.tmp
[Files - No Company Name]
NY -> erivujepopepacu.dll -> C:\WINDOWS\erivujepopepacu.dll
[Custom Scans]
NY -> 2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp
[Empty Temp Folders]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the
Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.
I will review the information when it comes back in.
THENDownload ComboFix from one of these locations:
Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your Desktop- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the
C:\ComboFix.txt in your next reply.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.