Help!!!! 80000000.@ Popping Up......

system · August 13, 2012, 11:46pm

I got 80000000.@ and 00000001.@ popping up threat detected messages in every few minute for the past few days. I was ignoring the warnings for a while but now it’s beginning to interfere with my internet browsing and word processing, any help would be appreciated.

I installed and running the malwarebytes anti-malware and avast free version, all infected files were deleted by the problem still happen. Where can I find the log to post you or which program should I download to solve it?

Can anyone help me?

DavidR · August 13, 2012, 11:50pm

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

system · August 14, 2012, 9:55am

Thanks a lot, will start doing it

Asyn · August 14, 2012, 10:12am

Dont copy & paste…!! Please attach your logs…!!! Thanks.

system · August 14, 2012, 10:28am

will it takes long time to run OTL?

Pondus · August 14, 2012, 10:34am

usually not…give it an hour before you stop
you may try running it in safe mode

system · August 14, 2012, 10:41am

please find my OTL and MBAM log here

system · August 14, 2012, 3:12pm

Please find my logs as above

magna86 · August 14, 2012, 3:26pm

Monitoring

magna86 · August 14, 2012, 3:33pm

Hi,
I will be working on your Malware issues

1. Please download TFC by OldTimer to your desktop

[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 2

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

If you fail to run Combofix, run it in safe mode.

system · August 14, 2012, 6:57pm

magna86 post:10:

Hi,
I will be working on your Malware issues

1. Please download TFC by OldTimer to your desktop

[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 2

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

If you fail to run Combofix, run it in safe mode.

Please find the log report as attached

magna86 · August 14, 2012, 11:03pm

Open notepad and copy/paste the text present inside the code box below:



Folder::
c:\windows\Installer\{00b4e2c7-6edb-d884-b334-5eef3a884c97}

KillAll::

ClearJavaCache:: 

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

system · August 15, 2012, 12:06pm

magna86 post:12:

Open notepad and copy/paste the text present inside the code box below:
Folder::
c:\windows\Installer\{00b4e2c7-6edb-d884-b334-5eef3a884c97}

KillAll::

ClearJavaCache:: 

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

Hi, i followed your instruction, turn off the Avast and doing the CFScript.txt dragging into ComboFix.exe. After that, CombiFix run automatically and after a few minutes the computer reboot, a pop up said the windows cannot start up normally and i followed the recommended step from Windows to restart my computer

After it restart, the ComboFix.exe icon located in desktop is disappeared and no scanning by ComboFix after reboot. and the Avast enable automatically. What should i do now???

For your information, after i use combofix.exe yesterday and posted my logs to you, pop up seems no more exists, but I don’t know is it totally cleared the trojan or not.

magna86 · August 16, 2012, 12:02pm

There is no reason to worry abaut, just classic pop-up error has prevented Combofix to finish scanning.
OK, let’s see what happened and what is the current situation.

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

* When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

system · August 21, 2012, 10:28am

magna86 post:14:

catcatms post:13:

Hi, i followed your instruction, turn off the Avast and doing the CFScript.txt dragging into ComboFix.exe. After that, CombiFix run automatically and after a few minutes the computer reboot, a pop up said the windows cannot start up normally and i followed the recommended step from Windows to restart my computer

After it restart, the ComboFix.exe icon located in desktop is disappeared and no scanning by ComboFix after reboot. and the Avast enable automatically. What should i do now???

There is no reason to worry abaut, just classic pop-up error has prevented Combofix to finish scanning.
OK, let’s see what happened and what is the current situation.

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.
* When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

Hi, here is the log from DDS

magna86 · August 21, 2012, 11:30am

Logs looks good as everything else…

Download Combofix Uninstaller and run it.
Combofix shuld be removed now.

Please download OTC to your desktop.

Double-click OTC to run it. (Vista users, please right click on OTC and select “Run as an Administrator”)
Click on the CleanUp! button and follow the prompts.
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

We are done here

Help!!!! 80000000.@ Popping Up......

Announcements