Urgent please help!

suarez · ‎02-16-2012

I have this viruse and i don not have a clue how to delete it. please help me really fast cause it is making me crazy.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:37:56, on 16.02.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Windows\explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Angi\AppData\Local\Temp\95B3.tmp
C:\Windows\system32\svchost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O4 - HKLM\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O4 - HKCU\..\Run: [l6krac7plz] C:\Users\Angi\l6krac7plz.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

simonn · ‎07-08-2010

Hi suarez,

based on the log file, here are the entries I found malicious:

C:\Users\Angi\AppData\Local\Temp\95B3.tmp

O4 - HKCU\..\Run: [l6krac7plz] C:\Users\Angi\l6krac7plz.exe

let's try to manually delete them:

1. Open the start menu.

2. Type in the search bar %temp% then press enter.

3. Select all then delete all the contents of temp folder.

4. Open the Hijackthis and do a System Scan only.

5. Fix checked this entry

O4 - HKCU\..\Run: [l6krac7plz] C:\Users\Angi\l6krac7plz.exe.

Restart the computer then run our online scanner HouseCall

Hope this helps

Regards,

Simon

I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.

malwarekiller · ‎08-08-2011

Welcome aboard! Posted Image

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Malware Discussions

Urgent please help!

Re: Urgent please help!

Re: Urgent please help!