There has been a long delay in between replies. The virus isnt gonna sit idle waiting for us to come remove it. This delay may have invalidated much of what we have accomplished earlier. Please do not take too long to reply.
Launch
KillBox.exe & select the following
options:
- delete on Reboot
- end Explorer shell while killing file
- unregister dlll before deleting * if it's not grayed out
Select all the filenames below & then click on Notepad's 'Edit' menu & select Copy
- C:\WINDOWS\system32\d140113.a.Stub.exe
C:\WINDOWS\system32\dmnxbqn.exe
C:\WINDOWS\Temp\ASHeuristic\d140113.a.Stub.exe
* Go to the File menu, and choose
Paste from Clipboard
* Click on the dropdown menu next to
Full Path of File to Delete field.
* Verify that the filenames you pasted are found there
* Click the
RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.
Reboot to Safe Mode
Run
Cleanup! using the following configuration:
1. Click Options...
2. Set the slider to
Standard CleanUp!
3.
Uncheck the following:
- Delete Newsgroup cache
- Delete Newsgroup Subscriptions
- Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
Run
Ewido :(...it's important that all windows must be closed)
- Click Scanner
- Click Complete System Scan to begin scanning.
- Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
- "Perform action on all infections"
- .Choose clean and click OK.
Once finished, click the
Save report button & save the report to your desktop
** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.
Whilst in Safe Mode, run a WinPFinf scan & post the results
In your next reply, I require these logs:
Fresh HJT log
Fresh Kaspersky scan
Ewido's log
Fresh WinPfind logs
Tell me how the machine is behaving now.
__________________
Question - what have you done for the community today?