suspected w3hph.eye malware
-
Couldn't disable the antivirus, so I just went ahead with the rest of combofix steps. Everything seems 'more normal' now, but I still got 86 processes running (as shown on taskmanager) which is weird (used to have 50+ only)
http://www.mediafire.com/?v0yy5nzyddm <--- combofix log
http://www.mediafire.com/?2yepj4c8nzj <--- HijackThis log
Thanks again, mayi..
-
Update...
Just couple mins ago, www.antispywareexpert.com pop up again.. This is one of the website that automatically pop up for no reason :(
Spy/Malware problem probably not fixed yet...
http://www.wixawin.com/sg/ads/iphone.aspx?clickid=000ffC00OoeO31rcdqbk&ce_cid=000ffC00OoeO31rcdq0AtGKL8Bdtvd3f <-- another malicious pop up... that tells me "win this iphone"... argh...
-
The Wixawin thingy - this is the 3rd time I've seen it. I can't put my fingers on anything yet. It seems to come with a lot of other crap, but no idea what's causing it.
-
Off topic, you haven't grad?
-
Kazza, I did install in the past and have deleted it since months ago.
Oh...
One of the programs bundled with Kazza will hijack your home page...
Uninstall this program if found - Instafinder
-
OK, after uninstalling that, please do the following:
Download the following file - http://www.mediafire.com/?wlfdycs2cbg
Save it as CFScript.txt. Don't change the file name. Save it in the same place as Combofix.
Drag this file into Combofix.
Picture for reference:
Combofix will start running and produce a log. Please upload that log to Mediafire.
Also, it will ask you to upload samples for analysis.
Click OK.
Copy and paste the file path into the text box next to the Browse button (boxed up in red).
Click on Send File to upload it.
-
Originally posted by ndmmxiaomayi:
Off topic, you haven't grad?
Grad'ed - I'm the 2nd batch
-
Update!
1) I couldn't disable my antivirus before running combofix with CFscript but I went ahead anyway
2) Whenever I log in to windows, there's always a "beep" sound (I left it out the other time)
3) I've deleted instafinder via Add/Remove Program
4) Uploaded samples for analysis
-
I think my laptop's heavily infected.. Every now and then, symantec would pop up a "static" window.. or a window to tell me it had detected a virus..
The last detection was "Trojan.Vundo"... and it was "cleaned by deletion"..
Gosh.. mayi... help
-
Please post back the Combofix log.
Log can be found at C:\Combofix.txt
2) Whenever I log in to windows, there's always a "beep" sound (I left it out the other time)
Hmm... might not be related to any virus issue...
Sounds like an error or something.
-
Originally posted by ndmmxiaomayi:
Please post back the Combofix log.
Log can be found at C:\Combofix.txt
Hmm... might not be related to any virus issue...
Sounds like an error or something.
One thing to note: The beeping only started right after I downloaded w3hph.exe, it was fine before - now it takes so long to start windows :(http://www.mediafire.com/?vwtcebny1tm <--- Combofix log as you requested
-
Update!
There's a RUNDLL error when I logged in to windows, it reads "Error loading C:\Windows\system32\klajxgmf.dll - the specific module cannot be found"
-
Please download this file - http://www.mediafire.com/?13diyhfhenb
As per previous instructions, save it as CFScript.txt
Drag this file into Combofix.exe. Combofix will start running and produce a log when done. Please post this log when done.
-
off topic abit.
Mayi, and detached, sorry couldnt help =(
Will do so after my olevels
-
Originally posted by ndmmxiaomayi:
Please download this file - http://www.mediafire.com/?13diyhfhenb
As per previous instructions, save it as CFScript.txt
Drag this file into Combofix.exe. Combofix will start running and produce a log when done. Please post this log when done.
The same ol' thing, couldn't disable my antivirus but I still went ahead with running the CFScript.txt.I couldn't upload the log to mediafire, it returned a page error.
-
Originally posted by Detached:
The same ol' thing, couldn't disable my antivirus but I still went ahead with running the CFScript.txt.I couldn't upload the log to mediafire, it returned a page error.
Email can work?
Copy and paste the the whole log.
Mail is ndmmxiaomayi AT gmail DOT com
AT = @
DOT = .
Remove all the spaces.
-
Originally posted by ndmmxiaomayi:
Email can work?
Copy and paste the the whole log.
Mail is ndmmxiaomayi AT gmail DOT com
AT = @
DOT = .
Remove all the spaces.
Sent :DThanks mayi
-
Download ATF Cleaner and save it to your desktop.
Double click on ATF-Cleaner.exe to run it.
- Click on Main at the top.
- Tick all the boxes except the Prefetch and Cookies box.
- Click on Empty Selected button.
If you use Firefox
- Click on Firefox at the top.
- Tick all the boxes except Firefox Cookies and Firefox Saved Passwords.
- Click on Empty Selected button.
If you use Opera
- Click on Opera at the top.
- Tick all the boxes except Opera Cookies and Opera Saved Passwords.
- Click on Empty Selected button.
Close ATF Cleaner when you are done.
- Please download Malwarebytes' Anti-Malware and save it to a convenient location.
- Double click on mbam-setup.exe to install it.
- Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
-
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
- Select the Scanner tab. Click on Perform full scan, then click on Scan.
- Leave the default options as it is and click on Start Scan.
- When done, you will be prompted. Click OK, then click on Show Results.
- Checked (ticked) all items and click on Remove Selected.
- After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
-
Gotcha!
working on it now, will update as soon as I'm done :P
Thanks again
-
Couldn't upload it to mediafire, after I clicked on upload - it returned an error page again. What could be the problem? It used to work for me.
Anyway, sent the log to your email. Thanks :D
-
Update!
The lappie has been hanging since the last CF, I could be surfing some sites on IE and the whole screen just freeze up. Running Taskmanager and ending whatever IE, MSN, Explorer.exe and re-running Explorer.exe doesn't solve the problem... die die gotta force shutdown..
The process charge for 84 running processes shown on taskmanager gave me a shock.. RTVscan.exe (which I believe it's the antivirus) is running at 75k and all the usual processes that used to take like couple of hundred memory.. now takes thousands to run.. Total commit charge was capped at 60% when it hung..
Save.Our.Soul!
-
Lol...no matter how strong a virus is, the uber-reformat will remove it
-
Originally posted by Detached:
Update!
The lappie has been hanging since the last CF, I could be surfing some sites on IE and the whole screen just freeze up. Running Taskmanager and ending whatever IE, MSN, Explorer.exe and re-running Explorer.exe doesn't solve the problem... die die gotta force shutdown..
The process charge for 84 running processes shown on taskmanager gave me a shock.. RTVscan.exe (which I believe it's the antivirus) is running at 75k and all the usual processes that used to take like couple of hundred memory.. now takes thousands to run.. Total commit charge was capped at 60% when it hung..
Save.Our.Soul!
Ask RP not to use Norton.
-
Originally posted by ndmmxiaomayi:
Ask RP not to use Norton.
How sia? Don't joke liao leh :( -
Originally posted by Detached:
How sia? Don't joke liao leh :(Not kidding. Norton is a huge resource eater.
You can uninstall Norton...
And use this free antivirus - http://www.antivir-pe.com/freet/index.php?id=25&domain=free-av.com