Thread: I keep getting popups and I can't seem to get rid of it!
View Single Post
Old 05-22-2008, 11:42 PM   #6 (permalink)
screen317
Analyst, Security Team
 
screen317's Avatar
 
Join Date: Mar 2006
Location: Los Angeles
Posts: 516
OS: Windows XP Home SP3

My System

Send a message via AIM to screen317
Re: I keep getting popups and I can't seem to get rid of it!
Hi tputs001,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.


Next, please open Notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quotebox below into Notepad:

Quote:
File::
C:\WINDOWS\system32\vcqxwjiw.exe
C:\WINDOWS\system32\bpjhlmps.ini
C:\WINDOWS\system32\acrmaspb.ini
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B1E64C-DC93-4633-8547-CF144E9BC92B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A03AB7B4-62D1-45D4-9AB1-23BF8254F491}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F15F14C6-C3E1-486B-98B9-446274ED05E2}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfdabyy]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMefc6a1ad]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ecf59231]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BMefc6a1ad"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8338942e-c00b-11dc-9839-001372da1478}]
Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.


Also, I notice that you are using more than one antivirus and firewall program (from Norton and McAfee). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus and firewall program.[/list]
-screen317
__________________
†Gospodine, smiluj se nama†

Last edited by screen317 : 05-22-2008 at 11:43 PM.
screen317 is offline   Reply With Quote