Help please lots of viruses

[dirtySLART]

Ah i tried burning before just incase i had to reformat the computer.. but i dont want to go that way. Don't worry i won't do anything till the computers clean

[jholland1964]

I would like to have you use ComboFix to remove some files.
Make sure that Combofix is still on the desktop. If it is not then this will not work.

Open Notepad and copy/paste the text in the below

KILLALL::


FILE::

C:\\StubInstaller.exe
C:\WINDOWS\005681_.tmp
C:\WINDOWS\003375_.tmp
C:\WINDOWS\TEMP\mc22.tmp
C:\WINDOWS\system32\dllcache\hwxjpn.dll
C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\scripting
C:\WINDOWS\system32\en
C:\WINDOWS\ntoskrnl.exe
C:\WINDOWS\system32\sprecovr.exe
C:\WINDOWS\system32\dllcache\OLD5EF.tmp
C:\WINDOWS\system32\dllcache\OLD60A.tmp
C:\WINDOWS\system32\dllcache\OLD60D.tmp
C:\WINDOWS\system32\dllcache\OLD5B2.tmp
C:\WINDOWS\system32\dllcache\OLD584.tmp
C:\WINDOWS\system32\dllcache\OLD58B.tmp
C:\WINDOWS\system32\dllcache\OLD581.tmp
C:\WINDOWS\system32\dllcache\OLD554.tmp
C:\WINDOWS\system32\dllcache\OLD537.tmp
C:\WINDOWS\system32\dllcache\OLD53D.tmp
C:\WINDOWS\system32\dllcache\OLD482.tmp
C:\WINDOWS\system32\dllcache\OLD47F.tmp
C:\WINDOWS\system32\dllcache\OLD4AE.tmp
C:\WINDOWS\system32\dllcache\OLD478.tmp
C:\WINDOWS\system32\dllcache\OLD4B8.tmp
C:\WINDOWS\system32\dllcache\OLD475.tmp
C:\WINDOWS\system32\dllcache\OLD42C.tmp
C:\WINDOWS\system32\dllcache\OLD466.tmp
C:\WINDOWS\system32\dllcache\OLD454.tmp
C:\WINDOWS\system32\dllcache\OLD462.tmp
C:\WINDOWS\system32\dllcache\OLD429.tmp
C:\WINDOWS\system32\dllcache\OLD451.tmp
C:\WINDOWS\system32\dllcache\OLD426.tmp
C:\WINDOWS\system32\dllcache\OLD3D6.tmp
C:\WINDOWS\system32\dllcache\OLD3D1.tmp
C:\WINDOWS\system32\dllcache\OLD37F.tmp
C:\WINDOWS\system32\dllcache\OLD37C.tmp
C:\WINDOWS\system32\dllcache\OLD36F.tmp
C:\WINDOWS\system32\dllcache\OLD386.tmp
C:\WINDOWS\system32\dllcache\OLD338.tmp
C:\WINDOWS\system32\dllcache\OLD171.tmp
C:\WINDOWS\system32\dllcache\OLD6F.tmp
C:\WINDOWS\system32\dllcache\OLD55.tmp
C:\WINDOWS\system32\dllcache\OLD1F.tmp
C:\Documents and Settings\Owner\yfcsdx.exe
C:\Documents and Settings\Owner\xahoey.exe
C:\Documents and Settings\Owner\fgwalc.exe
C:\Documents and Settings\Owner\rjbrif.exe
C:\Documents and Settings\Owner\zyrgam.exe
C:\Documents and Settings\Owner\cpyrcp.exe
C:\Documents and Settings\Owner\toisbd.exe
C:\Documents and Settings\Owner\mxhjpr.exe
C:\Documents and Settings\Owner\vebowc.exe
C:\Documents and Settings\Owner\zxylws.exe
C:\Documents and Settings\Owner\mmcuft.exe
C:\Documents and Settings\Owner\zwymkd.exe
C:\Documents and Settings\Owner\aonlul.exe
C:\Documents and Settings\Owner\wndbpf.exe
C:\Documents and Settings\Owner\chlbvf.exe
C:\Documents and Settings\Owner\mzqvoe.exe
C:\Documents and Settings\Owner\jvrwzq.exe
C:\Documents and Settings\Owner\qtzlag.exe
C:\Documents and Settings\Owner\ndxfzf.exe
C:\Documents and Settings\Owner\bjegxw.exe
C:\Documents and Settings\Owner\esvqek.exe
C:\Documents and Settings\Owner\jkscyq.exe
C:\Documents and Settings\Owner\wwvedp.exe
C:\Documents and Settings\Owner\hvauby.exe
C:\Documents and Settings\Owner\ybhtvh.exe
C:\Documents and Settings\Owner\egaxec.exe
C:\Documents and Settings\Owner\bsjcrd.exe
C:\Documents and Settings\Owner\grjtwf.exe
C:\Documents and Settings\Owner\vvesdr.exe
C:\Documents and Settings\Owner\jgrmqx.exe
C:\Documents and Settings\Owner\jbmaru.exe
C:\Documents and Settings\Owner\brnhil.exe
C:\Documents and Settings\Owner\ryxkec.exe
C:\Documents and Settings\Owner\cmjjhf.exe
C:\Documents and Settings\Owner\rvwiss.exe
C:\Documents and Settings\Owner\soltke.exe
C:\Documents and Settings\Owner\bsipls.exe
C:\Documents and Settings\Owner\ufmxar.exe
C:\Documents and Settings\Owner\xeusen.exe
C:\Documents and Settings\Owner\qclnng.exe
C:\Documents and Settings\Owner\dyonnd.exe
C:\Documents and Settings\Owner\gijage.exe
C:\Documents and Settings\Owner\pjikzv.exe
C:\Documents and Settings\Owner\stnrju.exe
C:\Documents and Settings\Owner\cjsicq.exe
C:\Documents and Settings\Owner\jfacoc.exe
C:\Documents and Settings\Owner\skqbpo.exe
C:\Documents and Settings\Owner\bavlik.exe
C:\Documents and Settings\Owner\vgvbiy.exe
C:\Documents and Settings\Owner\svswyx.exe
C:\Documents and Settings\Owner\rkruvj.exe
C:\Documents and Settings\Owner\beefoh.exe
C:\Documents and Settings\Owner\zooywx.exe
C:\Documents and Settings\Owner\mgvvhc.exe
C:\Documents and Settings\Owner\sktzbb.exe
C:\Documents and Settings\Owner\ykfrkw.exe
C:\Documents and Settings\Owner\stxbjf.exe
C:\Documents and Settings\Owner\svssbl.exe
C:\Documents and Settings\Owner\jccwgl.exe
C:\Documents and Settings\Owner\uxhrla.exe
C:\Documents and Settings\Owner\duxphv.exe
C:\Documents and Settings\Owner\ibcert.exe
C:\Documents and Settings\Owner\bzufmu.exe
C:\Documents and Settings\Owner\xcbskf.exe
C:\Documents and Settings\Owner\gimvzq.exe
C:\Documents and Settings\Owner\atfymw.exe
C:\Documents and Settings\Owner\ybojta.exe
C:\Documents and Settings\Owner\diqget.exe
C:\Documents and Settings\Owner\liyuiq.exe
C:\Documents and Settings\Owner\simrxd.exe
C:\Documents and Settings\Owner\inyamz.exe
C:\Documents and Settings\Owner\qfyjar.exe
C:\Documents and Settings\Owner\wkrnbv.exe
C:\Documents and Settings\Owner\gajvlu.exe
C:\Documents and Settings\Owner\njtnaj.exe

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt

Post back here with that log.

[dirtySLART]

I think the computer just rebooted itself as it was still in the combofix prompt..
it came up with a microsoft windows error..
I'll run it again and hope it runs smoothly this time.

[dirtySLART]

here's the log, what do I have to do now?

[jholland1964]

There are still some unknowns I wonder about so please do this;
Go to http://virusscan.jotti.org/

Upload the following files one at a time;
C:\Documents and Settings\Owner\eejjch.exe
C:\Documents and Settings\Owner\aksnol.exe
C:\Documents and Settings\Owner\famkff.exe
C:\Documents and Settings\Owner\pogkdx.exe
C:\Documents and Settings\Owner\dddzsi.exe

This site will scan each file by various virus scanners and produce a report telling us if it is an infection. If it isn't we won't worry about it, if it is hopefully we will better know how to remove it.
Post back here with the results for each file.

[dirtySLART]

Service load: 0% 100%

File: eejjch.exe
Status: INFECTED/MALWARE
MD5: becb617c2b02b8460d9cce6f6b36eaa2
Packers detected: PE_PATCH

Scanner results
Scan taken on 14 Sep 2008 15:39:21 (GMT)
A-Squared Found MemScanBackdoor.Bifrose.NQ
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found Win32:Adware-gen
AVG Antivirus Found Downloader.Generic5.GF
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found MemScanBackdoor.Bifrose.NQ
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Agent.CUOW
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/Behav-285
VirusBuster Found nothing
VBA32 Found nothing



Service load: 0% 100%

File: aksnol.exe
Status: OK
MD5: 9dcc05bdd820162e9947d5e8f5fbad3a
Packers detected: PE_PATCH

Scanner results
Scan taken on 14 Sep 2008 15:41:24 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


C:\Documents and Settings\Owner\famkff.exe
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
(I had this file partially scanned once.. for some reason it wont scan it again.. it was a virus anyways)

C:\Documents and Settings\Owner\pogkdx.exe
Error: unable to connect to database. The administrator has already been notified, it is not necessary to contact us.

and same i got for:
C:\Documents and Settings\Owner\dddzsi.exe

[jholland1964]

Print out this information because you are going to have to disconnect from the internet to complete these steps. When I say disconnect, I mean actually shut down and remove the internet cable from the computer.
You also need to ENABLE VIEWING of Hidden Files and Folders.

Next do this;

Download Killbox
this is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them.

Usage Information:

Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so.

These are the files you want it to search for and delete;
C:\Documents and Settings\Owner\eejjch.exe
C:\Documents and Settings\Owner\aksnol.exe
C:\Documents and Settings\Owner\famkff.exe
C:\Documents and Settings\Owner\pogkdx.exe
C:\Documents and Settings\Owner\dddzsi.exe

You may very well get the message that one or some of the files cannot be found, that is fine, just write down which ones.
Once the program is complete then it should shut down and reboot the computer if it doesn't then please do so on your own.
Of course then you will have to shut down again, re-attach the internet cable and then reboot.
Come back here with the results of the running of Killbox

[dirtySLART]

well i ran it and it seems to have deleted the files. hmm the computer is still taking like 60 seconds to load when rebooted.. before it used to be a few seconds.

[jholland1964]

60 seconds ..... that is one minute. That is fast. There is absolutely no way this computer would boot in seconds completely with all that you have running at start up. Believe me, I KNOW. I have probably 1/3 the programs you have autostarting and my computer takes 60 seconds.

You still have some things to do here.
First of all you need to uninstall combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

When shown the disclaimer, Select "2"

You MUST uninstall this to remove all the bad files in quarantine there.
Reboot the computer.

Next, I want you to download combofix again and run it again and post back here with the log.

[dirtySLART]

here's the log