Help! eSpeak / Colexity Virus

Hello,

I seem to have gotten a trojan on my computer today. I have run malware bytes and it is unable to remove all of the infects. The remaining two items after several scans are reboots are svchost.exe (file and memory process).

I’ve seen that you all in the community have been able to help other users, and I am hoping you can help me too. I did not have any ACTIVE protection running when I picked this trojan up. But now I do and I can see it blocking attempts to 3 different websites. Would having active protection have blocked this trojan from getting on my PC? Live and learn =/.

So, I’ve attached the MBAM log and the OTL logs here. Please advise on next steps. Thanks very much in advance, and I really appreciate the help.

Edit 1: Having a hard time getting the site to post with the attachments… bear with me.

Attached.

Attached additional scanning result from aswMBR.

Attempted to run combofix. Computer tried to shut down mid scan, but I was able to cancel it. Combofix appeared to have finished, saw it deleted a bunch of files, and then it rebooted PC. Upon reboot, CF opened and said it was creating logs and not to start any programs. I waited but got BSOD after a while but before CF seemed to finish. I’ll try to re-run CF.

Ran in Safe Mode and it finished. Attached is the log. Please advise on next steps. Thanks in advance! Currently running in Safe Mode with networking, as I keep getting a BSOD. Could be related to this virus or might be related to something else. Saw something about Firewall blocking my printer right before BSOD. Removed Printer (no ink anyway) and going to try to reboot in normal mode. Cannot attached dump file as it is over 200kb limit and can’t attach zips.

Thanks.

Unfortunately still getting BSOD in normal mode. I was able to save the text in error from the Window has recovered from an unexpected shutdown dialog. Attached. Also attached the XML as a txt file if that helps.

Thanks again. I’ll stop here and wait for a reply. Just wanted to give as much information as possible, and these steps seemed to be common to the other users experiencing the same issue. I appreciate all your work here in this forum.

Sorry, I just ran Tdsskiller.exe and it appears to have removed the rootkit (clicked “Cure”). It rebooted, and I ran it again and no threats were detected. I then ran MBAM again and it detected 1 threat instead of two. It detected the file and not the memory process. I clicked to remove all threats and it rebooted again. I re-downloaded TDSSkiller and Re-updated MBAM. Ran again and still no threats. Attached are the logs. If you could, please verify that everything is okay. Still in safe mode so will try normal and hopefully no BSOD.

Thanks.

Appears all is well. Thanks again for responding to all the other users here. I was able to use that information to solve this issue for myself. I would appreciate if someone can just reply when you get a moment to give a thumbs up that everything is okay. I would also appreciate any instructions on “cleaning up” :slight_smile:

Thanks.

Hi not quite the order I would have run them … But you got there in the end… Sorry I did not get to your posts

Are you having any other problems ? Is windows updates working

Thanks for your reply. I tried to download some optional updates via windows update and it fails immediately. Code 8024008. What does this mean?

It means that you have the new one that I have not yet figured out

Could you go to control panel > administrative tools > services

Locate Background Intelligence Service
Right click and select properties
Select the dependency tab
Open up all the + marks is anything different to mine

That service is not running. I did not disable it.

Try to start please and then do the right click bit and look at the dependancies

Sorry, I meant it is not in the list. How can I start it manually? Or maybe I need to restart windows?

Download the reg file below by right clicking the link and selecting “Save Target as…” then save to the desktop
https://dl.dropbox.com/u/73555776/bits.reg
Then right click the reg file and select merge
Accept the warnings and reboot
Then retry the services

Rebooted (no BSOD, phew) and my dialog box looks the same as yours. I tested installing one random update and it worked.

Thanks.

Phew… I am still struggling with the other one

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands [resethosts] [emptytemp] [Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

[*]Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
[*]In the Run box, type in ComboFix /Uninstall (Notice the space between the “x” and “/”) then click OK

http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg

[]Follow the prompts on the screen
[
]A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Go to control panel
[*]Select folder options (Appearance > Folder options in category view)
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[
]Click OK.

http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

[] Go to this site and click Do I have Java
[
] It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

[*]Go to Control Panel and select System
[*]Select System
[*]On the left select System Protection and accept the warning if you get one
[*]Select System Protection Tab
[*]Select Create at the bottom
[*]Type in a name i.e. Clean
[*]Select Create

Now we can purge the infected ones

[*]GoStart > All programs > Accessories > system tools
[*]Right click Disc cleanup and select run as administrator
[*]Select Your main drive and accept the warning if you get one
[*]For a few moments the system will make some calculations
[*]Select the More Options tab
[*]In the System Restore and Shadow Backups select Clean up
[*]Select Delete on the pop up
[]Select OK
[
]Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:

Thank you very much for your help!

Best regards.

No problem I had the easy part ;D