|
| ||
| Antivirus 2009 downloader + pop ups Got a real shitty virus which has made so many ways to back itself up if deleted.. It constantly brings up new windows of IE/firefox/google chrome some which link to AV 2009, dosent allow all my pages to load and makes my pc slow in general. Have tried avast/nod32 but were crap..malware bytes and spybot search + destroy pick it up and on removal it apperently works but within half hour/next reboot it all starts again. When i turn my pc on i got the missing mivalivo.dll message, and when i tried to fix it with hijack this i now get both. http://img373.imageshack.us/img373/830/virus2qw3.th.png When ever i remove it from startup it just comes back again and once deleted with malware bytes it changed its name to pehuruba.dll and that was the primary dll coming up in scans. Now it does not add itself back there on a constant basis, there seems to be some delay. On regsupremepro, i get 4 programs being added with names such as {34y785jhghfu} etc which when i delete appear again in a while. It also has an addon in IE which i cannot disable called {7C29...} My logfile from hijack this is: Logfile of HijackThis v1.99.1 I previously deleted/fixed these + more(Which i can no longer find..) but these have now returned: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 My post is all over the place so i apologise, but ive tried lots of shit at different points and the removal hasnt exactly been organised. thanks for any help. |
| ||
| Re: Antivirus 2009 downloader + pop ups Hey Jak123 I'm in the same boat, someone downloaded AV 2009 and some other stuff on the work pc. I removed the programs to no avail and if i try to do a windows search for more file the pc reboots, my google page looks funny and i can't go to norton or other antivirus websites or do live update on a newly installed norton antivirus. i wanted to ask did you disable system restore before you went through your procedures? |
| ||
| Re: Antivirus 2009 downloader + pop ups Antivirus is a pain in the butt!!!!! :@ It embeds itself into your operating system which includes the Registry. Try the following: http://www.bleepingcomputer.com/malw...antivirus-2009 |
| ||
| Re: Antivirus 2009 downloader + pop ups Uninstall the hijackthis version you are using and download the latest. == Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebyt...are_d5756.html) to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. Make sure that you restart the computer. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt Post new HJT log. |
| ||
| Re: Antivirus 2009 downloader + pop ups Hey crunchie i saw from previous post that you have dealt with this before, i tried to connect to the link you supplied but the virus blocks me from virtually any site that i go to antivirus related. i had avg but deleted it to install norton but the virus won't let me do live update and it is not detected by norton, i downloaded hijackthis and renamed it in order for it run and deleted enties that i knew were not needed or i had never seen before but the system is still acting funky, would you help me? |
| ||
| Re: Antivirus 2009 downloader + pop ups asmar32. Try downloading to another pc. Start your own thread too please. Do a search for TDDSserv.sys and delete if found. |
| ||
| Re: Antivirus 2009 downloader + pop ups I dont actually have av2009 for any one confused with my post, just a virus which often links to it. I have searched for TDDSserv.sys but no luck so i shall try your other instructions tomorow. thanks for the help. |
| ||
| Re: Antivirus 2009 downloader + pop ups Quote:
Quote:
|
| ||
| Re: Antivirus 2009 downloader + pop ups The visual signs of the virus are no longer there ie. Pop ups and a slow pc (But it is still not as fast as usual. I also still get the missing mivaliva.dll on startup. Registry scans show that it keeps adding entries such as looking for dll's which i have deleted and is still not possible to disable the ie add on. Im at college currently so will post logs etc in a few hours. |
| ||
| Re: Antivirus 2009 downloader + pop ups Sorry for the late reply, ive been busy and blocked from using this website from the virus. Scan results from Malware Bytes(Currently scanning): And is the newest hijack this 2.02 version? http://www.majorgeeks.com/download5554.html Its a different author to the 1.99.1 version i have used and previously downloaded. |
| ||
| Re: Antivirus 2009 downloader + pop ups Malwarebytes' Anti-Malware 1.31 This scan as been done after i have previously ran the scan before a reboot and i get no pop ups. Next time i run my pc i will most likely have the virus back. |
| ||
| Re: Antivirus 2009 downloader + pop ups hmmm. You posted a link for the download of hijackthis instead of posting the log. Please post the log from hijackthis. |
| ||
| Re: Antivirus 2009 downloader + pop ups I asked whether this was the correct version lol. anyway. Logfile of Trend Micro HijackThis v2.0.2 |
| ||
| Re: Antivirus 2009 downloader + pop ups Can you please do the following. =============== You will have to disable Spybot's Teatimer before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit". Download ResetTeaTimer.bat. Double click ResetTeaTimer.bat to remove all entries set by TeaTimer. Do not forget to re-enable teatimer when we are done :). If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it. =============== Scan with HijackThis and then place a check next to all the following, if present: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {7c291722-bc81-482c-ba4f-efbc4dbff141} - C:\WINDOWS\system32\gopikobi.dll (file missing) O4 - HKLM\..\Run: [CPMab2ce949] Rundll32.exe "c:\windows\system32\wotupogo.dll",a O4 - HKUS\S-1-5-19\..\Run: [tolonajari] Rundll32.exe "C:\WINDOWS\system32\sesotoja.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [tolonajari] Rundll32.exe "C:\WINDOWS\system32\sesotoja.dll",s (User 'NETWORK SERVICE') O20 - AppInit_DLLs: C:\WINDOWS\system32\zagubura.dll Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked". =============== Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders: files... c:\windows\system32\wotupogo.dll C:\WINDOWS\system32\sesotoja.dll C:\WINDOWS\system32\zagubura.dll - Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
- Reboot. =============== After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now. |
| ||
| Re: Antivirus 2009 downloader + pop ups No more annoying missing dll message on startup, pop ups or dlls you mentioned. But when trying to remove the entry from startup it now tries to add system32\sesotoja.dll", s.. ofc i deny the change, but this still means that some sort of process is active :-/. Logfile of Trend Micro HijackThis v2.0.2 My new log file. thx for the help btw. |
| ||
| Re: Antivirus 2009 downloader + pop ups You are running hijackthis from a temporary folder. Please move it to a permanent folder before your next post. == Please download ComboFix by sUBs from HERE or HERE
Note: Do not mouse-click combofix's window while it is running. That may cause it to stall. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. |
| All times are GMT -4. The time now is 3:10 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC