hi.
Lets continue;
I am sorry to inform you that one or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer,
steal critical system information and
download and execute files.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
------------------------------------------------------------------------
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
----------------------------------------------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions
HERE.
3. Open
notepad and copy/paste the text in the quotebox below into it:
Quote:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/389682-overclick-cn-spyware.html#post2212234
COLLECT::
c:\windows\system32\drivers\hjgruiesbapfdi.sys
c:\windows\system32\hjgruifasrfwko.dat
c:\windows\system32\hjgruikbymytiq.dll
c:\windows\system32\hjgruimqreaked.dat
c:\windows\system32\hjgruiutbdervy.dll
DRIVER::
hjgruifvspulqi
|
Save this as
CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at
C:\ComboFix.txt which I will require in your next reply.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
- Ensure you are connected to the internet and click OK on the message box.
If you do not get a message box, please do the following:
There should be a file named
[4]-Submit_date@time.zip with today's date, located here:
C:\QooBox\Quarantine\[4]-Submit_date@time.zip
Using the 'Browse' button, please submit it to this site ==>
http://www.bleepingcomputer.com/subm....php?channel=4
Please let me know if you successfully submitted the file. Thanks.
-------------------------------------------------------------------------
Please go to:
VirusTotal- On the page you'll find a Browse button.
- Next to the Browse button you'll see a box to enter text.
- Please copy/paste the following bolded text into the box:
c:\windows\system32\stobjuct.dat
- Then click the Send File button just below.
- This will scan the file. Please be patient.
- If you get a message saying File has already been analysed: click Reanalyse file now
- Once scanned, copy and paste the results in your next reply.
- Please repeat for the following files:
- c:\windows\system32\msorcn2r.dat
-------------------------------------------------------------------------
Please attach this one in your next reply.
C:\QooBox\
Add-Remove Programs.txt
In your reply, please post
C:\combofix.txt
C:\QooBox\Add-Remove Programs.txt <--attached
Virustotal report <--attached
Mark