Skip to content


Reply
Stone Esquire
suarez
Posts: 1
Registered: ‎02-16-2012

Urgent please help!

I have this viruse and i don not have a clue how to delete it. please help me really fast cause it is making me crazy.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:37:56, on 16.02.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Windows\explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Angi\AppData\Local\Temp\95B3.tmp
C:\Windows\system32\svchost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O4 - HKLM\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O4 - HKCU\..\Run: [l6krac7plz] C:\Users\Angi\l6krac7plz.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe


Please use plain text.
Trend Micro Employee
simonn
Posts: 435
Registered: ‎07-08-2010

Re: Urgent please help!

Hi suarez,

 

based on the log file, here are the entries I found malicious:

 

C:\Users\Angi\AppData\Local\Temp\95B3.tmp

O4 - HKCU\..\Run: [l6krac7plz] C:\Users\Angi\l6krac7plz.exe

 

let's try to manually delete them:

1. Open the start menu.

2. Type in the search bar %temp% then press enter.

3. Select all then delete all the contents of temp folder.

4. Open the Hijackthis and do a System Scan only.

5. Fix checked this entry

O4 - HKCU\..\Run: [l6krac7plz] C:\Users\Angi\l6krac7plz.exe.

 

Restart the computer then run our online scanner HouseCall

 

Hope this helps :smileyhappy:

 

Regards,

Simon


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,989
Registered: ‎08-08-2011

Re: Urgent please help!

Welcome aboard! Posted Image

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.