hectorius2008

MBAM and hijack this wont run

8 posts in this topic

Hello, i was directed to place a new topic here, since i cant run either hijack this or mbam. mbam simply doesnt do anything when i click it; the timer icon comes up alongside the cursor, then cursor returns to normal, and nothing more happens. with hijack, i cannot install. the windows warning message comes up, and so i click run, but then nothing more happens, aart from the timer coming up for a while, then going bck to the arrow cursor.

Please help, i have no idea how to sort this out :-( .

Computer runs really slow, but there is also a process that appears loads and loads of times in task manager: qhemnkkibc.exe - i have no idea what this is, but might the two issues be related?

thanks in advance- H.

Share this post


Link to post
Share on other sites

Hi, hectorius2008 :)

Welcome.

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. Please allow enough time for this application to complete the scan.

Share this post


Link to post
Share on other sites

Running from: C:\Documents and Settings\Hector horlick\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Hector horlick\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

Thats all i got, did i do it properly? seems a little short...

H

Share this post


Link to post
Share on other sites

Hi, hectorius2008 B)

It is OK.

Read these instructions carefully.

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Share this post


Link to post
Share on other sites

GMER 1.0.15.15087 - http://www.gmer.net

Rootkit quick scan 2009-09-29 20:46:50

Windows 5.1.2600 Service Pack 3

Running: 43bppso4.exe; Driver: C:\DOCUME~1\HECTOR~1\LOCALS~1\Temp\kfliqkow.sys

---- System - GMER 1.0.15 ----

Code 870EFF36 ZwEnumerateKey

Code 8702ECEE ZwFlushInstructionCache

Code 8717C125 IofCallDriver

Code 8717C245 IofCompleteRequest

Code 8702EDC5 ZwSaveKey

Code 87000E75 ZwSaveKeyEx

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\SKYNETqrmqruyy.sys (*** hidden *** ) [sYSTEM] SKYNETrfworswr <-- ROOTKIT !!!

Service C:\WINDOWS\system32\drivers\UACexrmoiqahc.sys (*** hidden *** ) [sYSTEM] UACd.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Hi there- this is the log from the gmer thing. and yeah, i can also see the skynet and uac prefixes flare up straight away from some background reading...damn.

but yes, this is the log, as asked for ;)

thanks,

H

Share this post


Link to post
Share on other sites

GMER 1.0.15.15087 - http://www.gmer.net

Rootkit quick scan 2009-09-29 20:46:50

Windows 5.1.2600 Service Pack 3

Running: 43bppso4.exe; Driver: C:\DOCUME~1\HECTOR~1\LOCALS~1\Temp\kfliqkow.sys

---- System - GMER 1.0.15 ----

Code 870EFF36 ZwEnumerateKey

Code 8702ECEE ZwFlushInstructionCache

Code 8717C125 IofCallDriver

Code 8717C245 IofCompleteRequest

Code 8702EDC5 ZwSaveKey

Code 87000E75 ZwSaveKeyEx

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\SKYNETqrmqruyy.sys (*** hidden *** ) [sYSTEM] SKYNETrfworswr <-- ROOTKIT !!!

Service C:\WINDOWS\system32\drivers\UACexrmoiqahc.sys (*** hidden *** ) [sYSTEM] UACd.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Hi there- this is the log from the gmer thing. and yeah, i can also see the skynet and uac prefixes flare up straight away from some background reading...damn.

but yes, this is the log, as asked for ;)

thanks,

H

Share this post


Link to post
Share on other sites

Run GMER once again and delete the following files:

C:\WINDOWS\system32\drivers\SKYNETqrmqruyy.sys

C:\WINDOWS\system32\drivers\UACexrmoiqahc.sys

Right click on the following folders and disable these services:

UACd.sys

SKYNETrfworswr

Close GMER and click on Combo-fix.

From the contents of your post, it seems that you have been the victim of a Backdoor.Trojan

Backdoor.Trojan is a generic detection for a group of Trojan horse programs that open a back door and allow a remote attacker to have unauthorized access to the compromised computer.

Please refer to the following article.

http://www.dslreports.com/faq/10063

We wont ask a member to reformat the computer, but you should have that in mind. If you still making financial transactions with your computer, I would suggest you contact all financial institutions you deal with and change your password using another computer.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.