Author Topic: I've got a huge probrem.  (Read 5267 times)

flaffl

  • KOREA MEMBER ^_^ FUNNI KEKEKEKE
  • Hero Member
  • ***
  • Posts: 548
    • View Profile
I've got a huge probrem.
« on: March 17, 2010, 11:34:40 AM »
Basically, I was fapping when I came across some bullshit "Vista Security Tool 2010" program. Obvious malware. Well I proceded to delete it when my computer then started having massive explosive diarrhea all over my hands and mouth. Every time I open up ANYTHING, EVEN THE FUCKING TASK MANAGER, it says that the "application cannot be found." And even when I try to run shit with a .exe extention, it doesn't know what the fuck to open it with, and nothing pops up on the list of applications to open it with. Halp.

I can only run things when I open it as an administrator. <______<




Bobbias

  • #1 Poster
  • Hero Member
  • *****
  • Posts: 7210
  • 404 Avatar not found.
    • View Profile
    • Magnetic Architect
Re: I've got a huge probrem.
« Reply #1 on: March 17, 2010, 05:58:13 PM »
I'd suggest scanning with HijackThis. Run a scan and log, and post the log. There is likely something fucking with the registry that is making .exes not open correctly (likely with the actual "open" command, or whatever it is called, that gets called when you double click it, or try to open it normally). If that's the case, HJT should find it, and let us disable that change. If that works, it'll be a bit easier to run the anti-malware programs.
This is going in my sig. :)

BANNED FOR BAD PUNS X_x

flaffl

  • KOREA MEMBER ^_^ FUNNI KEKEKEKE
  • Hero Member
  • ***
  • Posts: 548
    • View Profile
Re: I've got a huge probrem.
« Reply #2 on: March 21, 2010, 12:30:43 PM »
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:29:53 AM, on 3/21/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files (x86)\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O15 - Trusted Zone: *.cyworld.com
O15 - Trusted Zone: *.nate.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} (Aosmgr Control) - http://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://www.siren24.com/initech/plugin/INIS60.cab
O16 - DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} (EZKeytecWeb Class) - http://update2.spaceinter.com/easykeytec/bin/easykeytec.cab
O16 - DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} (KT ICS Download Component) - http://static.plaync.co.kr/aion_v2/skin/AddOn_091224.cab
O16 - DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} (INISAFE Updater Control) - http://banking.nonghyup.com/shttp/install/down/INIS70.cab
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://banking.nonghyup.com/plugin/scsk/ini7/SCSK4_WOW64.cab
O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} (nPCom2 Control) - http://nprotect.plaync.co.kr/nProtect/netizen2007/ncsoft/npstarter.cab
O16 - DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} (DacomCrossDomain Control) - http://pgdownload.dacom.net/common/js/crossdomain/LGDacom_CrossDomain_20091117.cab
O16 - DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} (NCLoaderCtl Class) - https://wstatic.plaync.co.kr/common/js/UniUpdTool/NCLoader.8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80E16BB6-161D-40AE-8578-8C43A5F237F0} (Tple AAĆ®

Bobbias

  • #1 Poster
  • Hero Member
  • *****
  • Posts: 7210
  • 404 Avatar not found.
    • View Profile
    • Magnetic Architect
Re: I've got a huge probrem.
« Reply #3 on: March 21, 2010, 01:46:49 PM »
Wow, nothing in that log actually looks wrong to me.

I'd suggest running ComboFix in safe mode. Either it'll clean out what you have, if it happens to be on of the nasty malwares that combofix will target, or it'll give us a much more in depth log of things (way more info that HJT gives us).
This is going in my sig. :)

BANNED FOR BAD PUNS X_x

flaffl

  • KOREA MEMBER ^_^ FUNNI KEKEKEKE
  • Hero Member
  • ***
  • Posts: 548
    • View Profile
Re: I've got a huge probrem.
« Reply #4 on: March 21, 2010, 02:16:38 PM »
It says I don't ahve the right OS... Apparently it doesn't work with Vista?

flaffl

  • KOREA MEMBER ^_^ FUNNI KEKEKEKE
  • Hero Member
  • ***
  • Posts: 548
    • View Profile
Re: I've got a huge probrem.
« Reply #5 on: March 21, 2010, 02:22:26 PM »
actually brb, just go on msn and i'll talk to you there when i get back... ;__;

Bobbias

  • #1 Poster
  • Hero Member
  • *****
  • Posts: 7210
  • 404 Avatar not found.
    • View Profile
    • Magnetic Architect
Re: I've got a huge probrem.
« Reply #6 on: March 21, 2010, 02:47:08 PM »
Hmm, never tried combofix on vista, that I can remember, so I dunno. Not having physical access to the computer makes troubleshooting this crap a lot harder :/

You might want to post on a forum dedicated to fixing computers, like bleepingcomputer or something. The guys on there are much more knowledgeable than I am when it comes to fixing crap like this.
This is going in my sig. :)

BANNED FOR BAD PUNS X_x

Ulti

  • Hero Member
  • *****
  • Posts: 1422
    • View Profile
Re: I've got a huge probrem.
« Reply #7 on: March 28, 2010, 07:08:05 PM »
I got a virus like this over the summer, it was hellish to get rid of, even the internet couldn't save me. I just had to reformat :|

Bobbias

  • #1 Poster
  • Hero Member
  • *****
  • Posts: 7210
  • 404 Avatar not found.
    • View Profile
    • Magnetic Architect
Re: I've got a huge probrem.
« Reply #8 on: March 28, 2010, 09:30:45 PM »
I do NOT reformat (too much stuff that I'd never be able to find again, and I don't want to spend the HUGE amount of time backing it all up and wasting twice the space it takes up right now), but I have had a virus actually survive reinstalling windows. Combofix actually killed that infection, luckily, but either way, some of those guys are damned hard to get rid of.

But like I said, there are lots of places that can help you with getting rid of bad infections. You just need to find the ones that know what the fuck they're doing. There are lots of people that claim to know a lot about this crap that couldn't tell you the difference between a worm and a trojan, let alone truly tell you how to get rid of an infection.
This is going in my sig. :)

BANNED FOR BAD PUNS X_x