Tech Support Forum - View Single Post

Ried · 12-03-2006, 10:16 AM

Nice work.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Please upload this file C:\WINDOWS\system32\9D64738EF4.sys to http://virusscan.jotti.org and report back what it found.

At the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the red text from above into the box. Then click "submit".

When it is finished, please copy and paste the information listed under "Service" and "Scanner Results" here.

-------------------------------------

Close any open browsers.

-------------------------------------

Go to <<Start>> then <<Run>> then copy/paste the red text below into the Run box then click OK

"%userprofile%\desktop\combofix.exe" /v mwywthuj opnnllk

When finished, it shall produce a log for you. We'll need that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------------------

From Normal Mode:

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\mwywthuj.dll
O2 - BHO: (no name) - {7FA7970D-BE9F-445F-AD17-F534D7C668AE} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\iiiihii.dll (file missing)
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O20 - Winlogon Notify: iiiihii - iiiihii.dll (file missing)

Click 'Fix Checked' and close HijackThis.

-----------------------------------

Reboot your system.

-----------------------------------

Run another online scan at Panda and save the results.

-----------------------------------

Run another scan with Socha.exe and save the log.

-----------------------------------

Please include the following in your next reply:

jotti results
ComboFix.txt
Panda results
New HijackThis log (Socha.exe)

How is your system behaving?

12-03-2006, 10:16 AM	#10 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,530 OS: WinXP and Vista	Nice work. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ************************************************* Please upload this file C:\WINDOWS\system32\9D64738EF4.sys to http://virusscan.jotti.org and report back what it found. At the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the red text from above into the box. Then click "submit". When it is finished, please copy and paste the information listed under "Service" and "Scanner Results" here. ------------------------------------- Close any open browsers. ------------------------------------- Go to <<Start>> then <<Run>> then copy/paste the red text below into the Run box then click OK "%userprofile%\desktop\combofix.exe" /v mwywthuj opnnllk When finished, it shall produce a log for you. We'll need that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ----------------------------------- From Normal Mode: Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\mwywthuj.dll O2 - BHO: (no name) - {7FA7970D-BE9F-445F-AD17-F534D7C668AE} - C:\WINDOWS\system32\awvvs.dll (file missing) O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\iiiihii.dll (file missing) O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing) O20 - Winlogon Notify: iiiihii - iiiihii.dll (file missing) Click 'Fix Checked'** and close HijackThis. ----------------------------------- Reboot your system. ----------------------------------- Run another online scan at Panda and save the results. ----------------------------------- Run another scan with Socha.exe and save the log. ----------------------------------- Please include the following in your next reply: jotti results ComboFix.txt Panda results New HijackThis log (Socha.exe) How is your system behaving? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."