Tech Support Forum - View Single Post - Need help - Followed all directions

**Angelfire777** · 01-09-2008, 02:30 AM

Hi,

You got reinfected..You should know that a lot of your programs would not work anymore because of the infection you had. In case, you encounter something that won't work, you will need to reinstall that program.

Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
______

Combofix Deletions

Open notepad.
Copy and paste the text inside the code box below to notepad

Code:

Killall::

File::
C:\WINDOWS\SYSTEM32\DRIVERS\ntmtlfaxx.sys
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk

Folder::
C:\Temp\tn3
C:\Program Files\kernel
C:\WINDOWS\SYSTEM32\usmvt3
C:\WINDOWS\SYSTEM32\drivez4
C:\WINDOWS\SYSTEM32\comp2
C:\WINDOWS\SYSTEM32\cache3
C:\WINDOWS\SYSTEM32\ardCo01
C:\Temp\cEeer12
C:\Temp

Driver::
ntmtlfaxx

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ncao"=-
"Fjodky"=-
"kernel"=-
"Router"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avp"=-

Save and Name it as "CFScript"
Drag and drop CFScript.txt to your copy of combofix.
You can take a look at the image below if you're unsure on how to do it.
Combofix wil restart your machine then it will produce a log afterwards.
Please post the contents of that log along with a fresh HijackThis log.

_______

I noticed that you are not running any AntiVirus application. You could get infected immediately after we clean you up. Please download and install ONE of these:

» Avast!
» AVG AntiVirus
» AntiVir
______

Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems

_______

On your next reply, please include a

Fresh HijackThis log.
Eset scan log
combofix log

01-09-2008, 02:30 AM	#21 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 3,406 OS: Vista	Re: Need help - Followed all directions - Please see thread Hi, You got reinfected..You should know that a lot of your programs would not work anymore because of the infection you had. In case, you encounter something that won't work, you will need to reinstall that program. Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis. ______ Combofix Deletions Open notepad. Copy and paste the text inside the code box below to notepad Code: Killall:: File:: C:\WINDOWS\SYSTEM32\DRIVERS\ntmtlfaxx.sys C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk Folder:: C:\Temp\tn3 C:\Program Files\kernel C:\WINDOWS\SYSTEM32\usmvt3 C:\WINDOWS\SYSTEM32\drivez4 C:\WINDOWS\SYSTEM32\comp2 C:\WINDOWS\SYSTEM32\cache3 C:\WINDOWS\SYSTEM32\ardCo01 C:\Temp\cEeer12 C:\Temp Driver:: ntmtlfaxx Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ncao"=- "Fjodky"=- "kernel"=- "Router"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avp"=- Save and Name it as "CFScript" Drag and drop CFScript.txt to your copy of combofix. You can take a look at the image below if you're unsure on how to do it. Combofix wil restart your machine then it will produce a log afterwards. Please post the contents of that log along with a fresh HijackThis log. _______ I noticed that you are not running any AntiVirus application. You could get infected immediately after we clean you up. Please download and install ONE of these: » Avast! » AVG AntiVirus » AntiVir ______ Go here to run an online scannner from ESET. Note: You will need to use Internet explorer for this scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked Click Scan Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems _______ On your next reply, please include a Fresh HijackThis log. Eset scan log combofix log __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.