Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Reply
 
Thread Tools Search this Thread
  #1  
Old 20-04-2011
Member
 
Join Date: Jan 2011
Posts: 55
Cleanup the computer after bootkit removal

I am having Dell Inspirion 1420 on which I have installed Windows Vista Home Premium. It was infected with something which was reloading the ad-ware for the various non legit antimalware. I have also found the malicious startup entries and which I wanted to get rid of. Avast was reporting that there was something in the MBR of the computer. I tried to fix the same by using Avast but it did not help me out to fix the problem. let me know if you are having any particular solution to solve the matter. Thanks a lot in advance.
Reply With Quote
  #2  
Old 20-04-2011
Member
 
Join Date: Jun 2009
Posts: 1,205
Re: Cleanup the computer after bootkit removal

I want to know about the log file which is being generated by the Combofix log. You can get the log file into C:\ComboFix.txt. You should copy and paste the log file over here so that I can view an let you know about the further steps for the troubleshooting. Another thing I want to discuss over here is that the Malware is seems to be buggy and unstable so I recommend that you should back up the data before you go for the solving the matter of yours.
Reply With Quote
  #3  
Old 20-04-2011
Member
 
Join Date: Mar 2009
Posts: 1,221
Re: Cleanup the computer after bootkit removal

I am suggesting the following instruction which you can use to create the manually log file on the computer of yours.
  • First of all you need to close all the browsers.
  • You should disable the security program on the computer so that it could not cause any conflict while using the ComboFix.
  • Now you need to copy and paste the below mentioned text on the notepad.
Code:
KillAll::

RenV::
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Dell\MediaDirect\PCMService .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\Dell Support Center\gs_agent\custom\dsca .exe
c:\program files\DellTPad\Apoint .exe
c:\program files\Microsoft IntelliPoint\ipoint .exe
c:\program files\QuickTime\QTTask .exe
File::
c:\windows\system32\zyiit.exe
c:\users\Andrea\AppData\Local\Temp\Sk4.exe
c:\users\Andrea\AppData\Local\Temp\B.exe
c:\users\Andrea\AppData\Local\Temp\IPGVLDEHLLUBE.exe
c:\users\Andrea\AppData\Local\Temp\LKHJBRKP.exe
c:\users\Andrea\AppData\Local\Temp\NYK.exe
c:\users\Andrea\AppData\Local\Temp\OCYHYONSF.exe
c:\users\Andrea\AppData\Local\Temp\OWBGPYZ.exe
c:\users\Andrea\AppData\Local\Temp\PMIGLQAQ.exe
Driver::
B
IPGVLDEHLLUBE
LKHJBRKP
NYK
OCYHYONSF
OWBGPYZ
PMIGLQAQ
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\W5E7SH31DG]
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
  • Now you should save the file as CFScript.txt and drag the CFScript into the ComboFix.exe.
  • Once you have done it will generate the log file in the C:\ComboFix.txt location.
Reply With Quote
  #4  
Old 20-04-2011
Member
 
Join Date: May 2008
Posts: 1,304
Re: Cleanup the computer after bootkit removal

I was having the same problem which you have mentioned over here. I have tried lots of stuffs to fix the problem of mine but it did not helped me. Finally one of the friend of mine told me to use ESET Online Scan to fix the matter. Well I have used the same and after using the same I have successfully get rid of from that particular threat from the computer of mine. Hence I recommend that you should also use the same and I am hoping that it will help you out.
Reply With Quote
  #5  
Old 20-04-2011
Member
 
Join Date: Nov 2008
Posts: 1,066
Re: Cleanup the computer after bootkit removal

I am suggesting the following thing which you can use to make use of ESET Online Scan.
  1. You need to visit the official website and simply download the ESET Smart Installer on the computer.
  2. Once you have downloaded you need to install on the computer.
  3. After finishing with installation you need to reboot the computer and click on the Start button.
  4. The antivirus program will install the updates and begin with the scanning of the computer.
It might took several hours to accomplish the thing. So try the above mentioned thing as early as possible.
Reply With Quote
  #6  
Old 21-04-2011
Member
 
Join Date: Jan 2011
Posts: 55
Re: Cleanup the computer after bootkit removal

Thanks a lot for the prompt replies of yours. Well the ESET Online Scan was really helpful to me. I really want to appreciate your efforts which you have put in to fix the matter of yours. After using this particular program I am not having any issue which I have posted in this particular thread. Hence again I want to appreciate your efforts for providing the such a efficient solution. Thanks a lot again.
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Cleanup the computer after bootkit removal"
Thread Thread Starter Forum Replies Last Post
only junk removal tool boots computer normally mrclose Networking & Security 3 02-09-2013 12:46 PM
Uninstall/removal of MRT (Microsoft Malicious Software Removal Tool) Ihit Windows Security 17 09-10-2011 05:55 PM
MSConfig Cleanup Charlton Tips & Tweaks 8 07-09-2011 07:24 PM
Removal method of W32.Gammima.AG!gen2 from computer. Abhibhava Networking & Security 4 13-01-2010 02:01 AM
Cannot run disk cleanup John mitchell Windows Software 4 06-04-2009 07:40 PM


All times are GMT +5.5. The time now is 04:21 PM.