Author Topic: VBS:ExeDropper-gen, please help!  (Read 13986 times)

0 Members and 1 Guest are viewing this topic.

Djleder

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #15 on: April 19, 2011, 05:58:09 PM »
You are very welcome StefanR if you have any questions or need help feel free to tell me at any time and i'll try my best to help.

Ornette

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #16 on: April 19, 2011, 06:01:30 PM »
Excellent! Is the problem still there or is it all fixed? ;D

That remains to be seen but I have certainly removed the

fyynaotm.exe

files referenced in the registry AND hard saved into my 'startup' folder

Worth noting that I COULD ONLY SEE them in safe mode!

C:\Program Files\wskbplkv\fyynaotm.exe
C:\Documents and Settings\Ornette\Start Menu\fyynaotm.exe

In normal mode these files do not appear, I am not sure why, I have my machine by default set to show all files. No doubt some clever trick was used to hide them

So far, problem has halted...

But there is now a problem with my Avast...
It is not loading properly in normal or safe modes, and now normal mode the desktop is freezing up. So, I have deinstalled my Avast 5.1.889 and reinstalled, with new version 6.0.1

Of course the worry will be that a Ramnit infected .EXE file will start this all over again. And without Avast running...

Off to restart computer again  8)


Djleder

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #17 on: April 19, 2011, 06:03:21 PM »
@ Ornette also Ramnit.B is a virus I believe not detectable at the moment if you can submit the file to Avast they can add it to their database making sure other users don't get infected with it either.

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #18 on: April 19, 2011, 06:11:23 PM »
Here is the DDS log,
any ideas?

argus

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #19 on: April 19, 2011, 06:15:33 PM »
StefanR

You have the Combofix log   C:\Combofix.txt

argus

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #20 on: April 19, 2011, 06:42:17 PM »
@Ornette

Download CureIt  
Code: [Select]
ftp://ftp.drweb.com/pub/drweb/cureit/launch.exereboot pc to safe mode

Run launch.exe, after which they will appear splash-screen - click Start

You will be informed about the initiation of preliminary scan - click OK

Wait a few minutes to make Dr.Web CureIt Scan Express; if malware is found, click on Yes to All button in the window that appears, allow the program to carry out disinfection

Click Settings> Change settings F9; in the window that opens, uncheck option Heuristic Analysis and then click Yes

In the main window, mark the Complete Scan option and then click the Dr.Web CureIt scan will begin

If malware is found, click on Yes to All button in the window that appears, allow the program to carry out disinfection

When the scan is complete, click Select All button (if available), and then click the Cure,
in the menu that opens, click Move incurable

understand my English  ;D
« Last Edit: April 19, 2011, 06:43:59 PM by argus »

Ornette

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #21 on: April 19, 2011, 06:49:33 PM »
Thank you, but I'm waiting for Stefan to advise whether his problem is fixed

Don't want to hijack his thread ;)

I have some more info on my problem, and maybe, will also help Stefan should he return.

Until then...

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #22 on: April 19, 2011, 07:31:56 PM »
Sorry about the late response I had a power cut to add to my problems,
I'll grab the log files from DDS again and attach both that were output.
should I try CureIt aswell?
Thanks

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #23 on: April 19, 2011, 07:36:47 PM »
sorry I mean Combofix not DDS! oops

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #24 on: April 19, 2011, 07:38:47 PM »
Ok so here is the ComboFix Log, Thanks for your patience with me.

YoKenny

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #25 on: April 19, 2011, 07:42:30 PM »
Okay so I have attached two MBAM logs, and also an OTS log from the latest scans I have performed.
I'll get DDS onto my infected computer and do that now.
I have also installed the latest version of avast which appears to be running okay.
Thanks again!
Running an outdated operating system plus an old browser will lead to system infections
Quote
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
Please read:
Support for Windows XP Service Pack 2 ends on July 13, 2010
http://support.microsoft.com/gp/lifean31

argus

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #26 on: April 19, 2011, 07:50:37 PM »
Stefan

Open notepad and copy/paste the text present inside the code box below:

Code: [Select]
File::
c:\program files\satflmhl\bglrvpqy.exe
c:\docume~1\Stefan\LOCALS~1\Temp\idrmkl.sys
c:\documents and settings\Stefan\Start Menu\Programs\Startup\bglrvpqy.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"

Driver::
idrmkl

RegNull::
[HKEY_USERS\S-1-5-21-790525478-1957994488-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-790525478-1957994488-839522115-1004\Software\SecuROM\License information*]


Save this as CFScript.



Close all browser windows and refering to the picture above.
Drag CFScript.txt into Combofix.exe. ComboFix will re-run.


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run. When finished, it will produce a log for you.
Copy/paste the contents of the log in your next reply. (typical location: C:\ComboFix.txt )

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #27 on: April 19, 2011, 07:59:02 PM »
Thanks YoKenny I'm just updating these now,
Other than this I think the symptoms have disapeared.
I turned the net back on and tried web browsing and it isn't redirecting me to odd places when I click on google search results.
I'm also no longer getting avast popping up saying a virus has been found...
Could this mean I'm safe?

@argus
I shall perform the Combofix thing now one second

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #28 on: April 19, 2011, 08:35:48 PM »
Here is the ComboFix log as requested.
Any thoughts?
Thanks

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #29 on: April 19, 2011, 08:59:36 PM »
Ok so I have started to do a boot-time full system scan and my computer is now detecting quite alot of Win32:Ramnit-G virus's this is bad I'm guessing?