Results 1 to 6 of 6

Thread: Cleanup the computer after bootkit removal

  1. #1
    Join Date
    Jan 2011
    Posts
    55

    Cleanup the computer after bootkit removal

    I am having Dell Inspirion 1420 on which I have installed Windows Vista Home Premium. It was infected with something which was reloading the ad-ware for the various non legit antimalware. I have also found the malicious startup entries and which I wanted to get rid of. Avast was reporting that there was something in the MBR of the computer. I tried to fix the same by using Avast but it did not help me out to fix the problem. let me know if you are having any particular solution to solve the matter. Thanks a lot in advance.

  2. #2
    Join Date
    Jun 2009
    Posts
    1,205

    Re: Cleanup the computer after bootkit removal

    I want to know about the log file which is being generated by the Combofix log. You can get the log file into C:\ComboFix.txt. You should copy and paste the log file over here so that I can view an let you know about the further steps for the troubleshooting. Another thing I want to discuss over here is that the Malware is seems to be buggy and unstable so I recommend that you should back up the data before you go for the solving the matter of yours.

  3. #3
    Join Date
    Mar 2009
    Posts
    1,221

    Re: Cleanup the computer after bootkit removal

    I am suggesting the following instruction which you can use to create the manually log file on the computer of yours.
    • First of all you need to close all the browsers.
    • You should disable the security program on the computer so that it could not cause any conflict while using the ComboFix.
    • Now you need to copy and paste the below mentioned text on the notepad.
    Code:
    KillAll::
    
    RenV::
    c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
    c:\program files\Dell\MediaDirect\PCMService .exe
    c:\program files\Dell Support Center\bin\sprtcmd .exe
    c:\program files\Dell Support Center\gs_agent\custom\dsca .exe
    c:\program files\DellTPad\Apoint .exe
    c:\program files\Microsoft IntelliPoint\ipoint .exe
    c:\program files\QuickTime\QTTask .exe
    File::
    c:\windows\system32\zyiit.exe
    c:\users\Andrea\AppData\Local\Temp\Sk4.exe
    c:\users\Andrea\AppData\Local\Temp\B.exe
    c:\users\Andrea\AppData\Local\Temp\IPGVLDEHLLUBE.exe
    c:\users\Andrea\AppData\Local\Temp\LKHJBRKP.exe
    c:\users\Andrea\AppData\Local\Temp\NYK.exe
    c:\users\Andrea\AppData\Local\Temp\OCYHYONSF.exe
    c:\users\Andrea\AppData\Local\Temp\OWBGPYZ.exe
    c:\users\Andrea\AppData\Local\Temp\PMIGLQAQ.exe
    Driver::
    B
    IPGVLDEHLLUBE
    LKHJBRKP
    NYK
    OCYHYONSF
    OWBGPYZ
    PMIGLQAQ
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\W5E7SH31DG]
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    [HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    • Now you should save the file as CFScript.txt and drag the CFScript into the ComboFix.exe.
    • Once you have done it will generate the log file in the C:\ComboFix.txt location.

  4. #4
    Join Date
    May 2008
    Posts
    1,304

    Re: Cleanup the computer after bootkit removal

    I was having the same problem which you have mentioned over here. I have tried lots of stuffs to fix the problem of mine but it did not helped me. Finally one of the friend of mine told me to use ESET Online Scan to fix the matter. Well I have used the same and after using the same I have successfully get rid of from that particular threat from the computer of mine. Hence I recommend that you should also use the same and I am hoping that it will help you out.

  5. #5
    Join Date
    Nov 2008
    Posts
    1,066

    Re: Cleanup the computer after bootkit removal

    I am suggesting the following thing which you can use to make use of ESET Online Scan.
    1. You need to visit the official website and simply download the ESET Smart Installer on the computer.
    2. Once you have downloaded you need to install on the computer.
    3. After finishing with installation you need to reboot the computer and click on the Start button.
    4. The antivirus program will install the updates and begin with the scanning of the computer.

    It might took several hours to accomplish the thing. So try the above mentioned thing as early as possible.

  6. #6
    Join Date
    Jan 2011
    Posts
    55

    Re: Cleanup the computer after bootkit removal

    Thanks a lot for the prompt replies of yours. Well the ESET Online Scan was really helpful to me. I really want to appreciate your efforts which you have put in to fix the matter of yours. After using this particular program I am not having any issue which I have posted in this particular thread. Hence again I want to appreciate your efforts for providing the such a efficient solution. Thanks a lot again.

Similar Threads

  1. only junk removal tool boots computer normally
    By mrclose in forum Networking & Security
    Replies: 3
    Last Post: 02-09-2013, 12:46 PM
  2. Replies: 17
    Last Post: 09-10-2011, 05:55 PM
  3. MSConfig Cleanup
    By Charlton in forum Tips & Tweaks
    Replies: 8
    Last Post: 07-09-2011, 07:24 PM
  4. Removal method of W32.Gammima.AG!gen2 from computer.
    By Abhibhava in forum Networking & Security
    Replies: 4
    Last Post: 13-01-2010, 02:01 AM
  5. Cannot run disk cleanup
    By John mitchell in forum Windows Software
    Replies: 4
    Last Post: 06-04-2009, 07:40 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,751,682,088.23838 seconds with 16 queries