Home > Help With > Help With Log - Helpassistant And Rootkit

Help With Log - Helpassistant And Rootkit

Please do not reply to this topic.If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get Error - 1/24/2010 9:44:30 PM | Computer Name = TONYS | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msvcrt.dll, version 7.0.2600.2180, fault To Chaslang-HelpAssistant virus rootkit logs- Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by cyrax, Jan 2, 2010. mr_pink Private E-2 Hi there, I am almost at my wit's end with this problem, really hope someone can help. http://exomatik.net/help-with/help-with-nasty-rootkit.php

Dec 1, 2010 #2 liverpaul TS Rookie Topic Starter Posts: 17 Hi, sorry about that, pretty sure I have done everything else right, all 8 steps. C:\WINDOWS\Temp C:\Documents and Settings\alex\Local Settings\temp\ Now run Ccleaner. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.) Click START then RUN and enter

Click here to Register a free account now! I received this response--Check MBR Share this post Link to post Share on other sites JKW    New Member Topic Starter Members 7 posts ID: 2   Posted March 15, 2010 Let us hope that we finally did eliminate the source of your redirects. Anyway, there was never any HelpAssistant User Account, just the folder under Documents and Settings.

Each computer is unique and configured differently. MBR rootkit and Help Assistant folders Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mistral, Dec 28, 2009. Lastly I went into the BIOS and turned off AHCI, as I read that might do the trick - no joy. The 0xC0000034 will.Hope you have some ideasparsec parsec2112 Regular Member Posts: 16Joined: March 31st, 2010, 8:31 am Top Re: HelpAssistant Rootlit by gringo_pr » April 6th, 2010, 2:00 am hello

Error - 1/24/2010 1:14:54 AM | Computer Name = TONYS | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msvcrt.dll, version 7.0.2600.2180, fault s-i586.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dllNotify: AtiExtEvent - Ati2evxx.dllNotify: WB - c:\program files\alienguise\fastload.dllAppInit_DLLs: c:\windows\system32\wbsys.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\rigel\applic~1\mozilla\firefox\profiles\3i8wvl94.default\FF - prefs.js: browser.startup.homepage - hxxp://hometab.bellsouth.net/FF - component: c:\documents and settings\rigel\application About 3 days ago my PC began to work very slow, freeze while playing games or surfing the net, and hang forever at shutdown. I'm sure they wouldn't mind if I updated it myself.

Guess they must have stopped? Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... I got the Gmer program to work and added the Gmer log at the end.I am desperate for help, my last semester of college starts tomorrow, and I need this machine Also, should i now delete the Recovery Console?

Close any programs that might be using the file and try again. So i googled HelpAssistant and found a bunch of virus articles and threads on this subject. No, create an account now. Very Important!

Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Login _ weblink Several functions may not work. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. I have followed the instructions suggested and request assistance please to remove the rootkit.Log files attached.

  1. Also, I had to open a lot of folders and things that were hidden during your Read Me First process; should I close these again now - the computer is feeling
  2. Just to let you know what happened, I tried to use AVG to do the initial virus scan but it wasn't working, saying "there are no active components" and there wasn't
  3. gmer says my MBR is clean.
  4. If not, then you will need to boot to your XP CD and enter the Recovery Console.
  5. MWR 3 day Mod MRU Undergrad Posts: 2534Joined: April 4th, 2008, 8:40 am Top Re: HelpAssistant Rootlit by gringo_pr » April 4th, 2010, 10:29 pm Hello and Welcome to the
  6. Any and all help would be appreciated.
  7. To do this click Thread Tools, then click Subscribe to this Thread.

I've done all the Read Me First stuff, and am attaching those 5 logs - this is message 1 - I had done Malwarebytes before and it removed a bunch of Ask a question and give support. Stay logged in MajorGeeks.Com Support Forums Home Forums > ----------= PC, Desktop and Laptop Support =------ > Malware Help - MG (A Specialist Will Reply) > MajorGeeks.Com Menu MajorGeeks.Com \ All http://exomatik.net/help-with/help-with-rootkit-0acccess.php I didn't find anything 6.

View attachment MGlogs.zip View attachment ComboFix.txt mistral, Jan 5, 2010 #7 mistral Private E-2 I restarted the computer just to confirm: the pop-up box is requesting me to align a After doing the above, you should work thru the below link: How to Protect yourself from malware! It has done this 1 time(s).==== End Of File =========================== parsec2112 Regular Member Posts: 16Joined: March 31st, 2010, 8:31 am Top Re: HelpAssistant Rootlit by gringo_pr » April 5th, 2010,

Please re-enable javascript to access full functionality.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Pink to do and i would like u to please take a look at my final logs to see if everything is alright now w/ my WinXP P.C. Note the quotes are required "%userprofile%\Desktop\combofix" /uninstall Notes: The space between the combofix" and the /u, it must be there. Also, I have been trying to load AVG 9.0 on this computer, but I keep receiving an error message.

MBAM did find traces of a past Poweliks infection, which could have done that. TimW, Jan 10, 2010 #8 cyrax Private E-2 no the HelpAssistant folder has been long gone. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan. http://exomatik.net/help-with/help-with-rootkit-agent.php The only remaining file in temp folder now is: Perflib_Perfdata_6e0.dat I ran the MGtools .bat file and the log is attached below.

I can't replicate your situation on another computer because the cause of redirects on another computer might be due a scheduled task, another browser extension, a malware-created registry subkey and process, But we need to do the above first. self protection module/AVAST Software) ZwCreateSection [0xA9B559D2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast!