Thread: Popup help
View Single Post
Old 12-05-2008, 02:30 AM   #26 (permalink)
tetonbob
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,682
OS: 2000 Pro; XP Pro; XP Home


Re: Popup help
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clipboard by highlighting it and then pressing Ctrl+C.
    Quote:
    Files to delete:
    C:\WINDOWS\system32\uniwavow.ini
    C:\WINDOWS\system32\apahiyik.ini
    C:\WINDOWS\system32\aroririz.ini
    C:\WINDOWS\system32\ohurubok.ini
    C:\WINDOWS\system32\ozokaref.ini
    C:\WINDOWS\system32\uyumifok.ini
    C:\WINDOWS\system32\aviyomer.ini
    C:\WINDOWS\system32\odaradip.ini
    C:\WINDOWS\system32\ajodarog.ini
    C:\WINDOWS\system32\ahewugid.ini
    C:\WINDOWS\system32\efipituk.ini
    C:\WINDOWS\system32\omeborun.ini
    C:\WINDOWS\system32\unedulop.ini
    C:\WINDOWS\system32\wovawinu.dll
    C:\WINDOWS\system32\sekivate.dll
    C:\WINDOWS\system32\muremano.dll
    C:\WINDOWS\system32\kiyihapa.dll
    C:\WINDOWS\system32\feyiweku.dll
    C:\WINDOWS\system32\zirirora.dll
    C:\WINDOWS\system32\pibumedu.dll
    C:\WINDOWS\system32\mezotehi.dll
    C:\WINDOWS\system32\koburuho.dll
    C:\WINDOWS\system32\silebovu.dll
    C:\WINDOWS\system32\gehayipe.dll
    C:\WINDOWS\system32\ferakozo.dll
    C:\WINDOWS\system32\kofimuyu.dll
    C:\WINDOWS\system32\yumovovi.dll
    C:\WINDOWS\system32\netabiri.dll
    C:\WINDOWS\system32\remoyiva.dll
    C:\WINDOWS\system32\zelohije.dll
    C:\WINDOWS\system32\pidarado.dll
    C:\WINDOWS\system32\goradoja.dll
    C:\WINDOWS\system32\jukihoda.dll
    C:\WINDOWS\system32\doyapera.dll
    C:\WINDOWS\system32\diguweha.dll
    C:\WINDOWS\system32\vegewibe.dll
    C:\WINDOWS\system32\nurobemo.dll
    C:\WINDOWS\system32\poludenu.dll
    C:\WINDOWS\system32\gevewupi.dll

    Registry values to delete:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | b84fa532
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | gevepuhofa
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | CPMbb7c96ae
  • In the avenger window, click the Paste Script from Clipboard, button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.

Now try to run ComboFix. Post that log also.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline