CONDUIT MALWARE

[g3n-h@ckm@n]

no it's a passion to help removing malwares and programming tools

==

uninstall adobe reader 9 it's not uptodate

==

Do the same thing (Run Fix) with this text :

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant]

the computer won't reboot

 

[marcuspassey]

really appreciate it mate...... where do I run the above text?

 

[g3n-h@ckm@n]

like the last time , in OTL under "PErsonnalization"

 

[marcuspassey]

am i ment to run above text in OTL sofware?

it gives me this file attached

 

[marcuspassey]

yep did that and get this small notepad file above

 

[marcuspassey]

gives me this

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 03062014_225458

 

[g3n-h@ckm@n]

That's OK so...

ok now we have to see if , like I thougt , you're infected or not by Ramnit , by security I prefer to prevent.

all "non-essential windows" process will be cut, save your work. There will be an extinction of the office during the scan -> do not panic.

Download and save Pre_Scan to your desktop:

http://www.telecharger.sosvirus.net/download/pre-scan/

(click on the green boutton )

if the tool detects a proxy and you do not have it installed click "delete proxy"

It may be that black windows flash, let it work.

Let the tool restart the pc.

. Pre_Scan_date_hour.txt will appear at the root of the system drive (usually C: \)

DO NOT MAIL TO THE FORUM! (It is too long), attach it

 

[marcuspassey]

hope this is it please find attached

 

[g3n-h@ckm@n]

run again the program , click on "Diag" in the menu which will appear and at the end , attach C:\Pre_Diag_date_hour.txt

 

[marcuspassey]

File was to big for the DIAG run put it at link below

http://cjoint.com/?DChj2dsZ1rF

How many more steps do you think to go?

cheers man

 

[g3n-h@ckm@n]

hello , It'll be soon finished

====

about Ramnit , it was just rests but I concil to you to do a complete scan winth a real antivirus after the disinfection, just to be sure.

====

You'd like to clean your downloads Folder

====

McAfee site Advisor is useless ( in reality , All McAfee is useless ^^ )

=============

select all this bold text , and CTRL + C :

Kill::
All

Key::
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackgroundContainer]
[HKU\S-1-5-21-108816712-3875830049-3883311893-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]|[Locked]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
[HKU\S-1-5-21-108816712-3875830049-3883311893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
[HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
[HKLM64\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKLM64\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[HKLM64\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKLM64\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9]
[HKLM64\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\121DED3BC59383344A552AFC8FDB0E17]
[HKLM64\Software\BrowserChoice]
[HKCU\Software\Microsoft\windows\CurrentVersion\Uninstall\NetAssistant]

File|Fold::
C:\Users\marcuspassey\Downloads\InstallConverter_TSV23QA56.exe
C:\Users\marcuspassey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
C:\ProgramData\B7E8586B0F2FB8D85FA018F0B4EB2367
C:\ProgramData\7EAB15720262BC3400007EAA96D2C790
C:\Users\marcuspassey\AppData\Local\hpihcruh.log
C:\Windows\System32\Tasks\CreateChoiceProcessTask
C:\Windows\System32\Tasks\{992B4C1A-BFDA-428A-8840-E4A998C0D8BA}
C:\Windows\System32\Tasks\{94A26729-325F-4D5C-B99E-F586F6A7CBEA}
C:\Windows\System32\Tasks\{5A212686-5D1D-4800-813B-6ED8FED16E6B}
C:\Windows\System32\Tasks\AutoKMS
C:\Windows\System32\Drivers\dumpfve(3281).sys

Driver::
SASDIFSV
SASKUTIL

Clean::
yes

reboot::
yes

no need to paste anywhere , juste run Pre_Scan again , and click on "Script" , the tool will immediately work begginning by save the registry.
after the reboot , attach C:\Pre_Script_Hour.txt

=============

Then after that , tell me the persistent problems

Thx

 

[marcuspassey]

So when I run pre scan and I selected text above when I click on script does it automatically paste the above text in?

 

[g3n-h@ckm@n]

yes I wrote "no need to paste anywhere" ^^

 

[marcuspassey]

It's odd the green bar is not moving at all when running the script I can't exit off either what should I do

 

[g3n-h@ckm@n]

patience let it work protections deactivated of course

 

[marcuspassey]

Oh does this one take a while? I just had it running and it just looking like same system32 flashing with no bar moving. Was thinking it wasn't gonna work.

 

[marcuspassey]

It's just not working I had to uninstall macafee although I'm not sure if completely uninstalled. But the green bar has not moved for over an hour and the same c:\windows\system32 is flashing under progress bar. What should I do

 

[g3n-h@ckm@n]

I don't understand why it doesn't , usually it woks fine.

I'm going to give you another script ( the same but different ) using OTL , it'll work I wish

 

[g3n-h@ckm@n]

put this text under Personnalization after opening OTL

:Reg
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\MSConfig\startupreg\BackgroundContainer]
[HKU\S-1-5-21-108816712-3875830049-3883311893-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=-
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
[-HKU\S-1-5-21-108816712-3875830049-3883311893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
[-HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[-HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[-HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9]
[-HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\121DED3BC59383344A552AFC8FDB0E17]
[-HKLM\Software\Wow6432Node\BrowserChoice]
[-HKCU\Software\Microsoft\windows\CurrentVersion\Uninstall\NetAssistant]

:files
C:\Users\marcuspassey\Downloads\InstallConverter_TSV23QA56.exe
C:\Users\marcuspassey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
C:\ProgramData\B7E8586B0F2FB8D85FA018F0B4EB2367
C:\ProgramData\7EAB15720262BC3400007EAA96D2C790
C:\Users\marcuspassey\AppData\Local\hpihcruh.log
C:\Windows\System32\Tasks\CreateChoiceProcessTask
C:\Windows\System32\Tasks\{992B4C1A-BFDA-428A-8840-E4A998C0D8BA}
C:\Windows\System32\Tasks\{94A26729-325F-4D5C-B99E-F586F6A7CBEA}
C:\Windows\System32\Tasks\{5A212686-5D1D-4800-813B-6ED8FED16E6B}
C:\Windows\System32\Tasks\AutoKMS
C:\Windows\System32\Drivers\dumpfve(3281).sys

:services
SASDIFSV
SASKUTIL

:commands
[emptytemp]

click on "Run Fix" and attach the new report

 

[marcuspassey]

That worked instantly already rebooting computer. I had trouble uninstalling mcafee as I couldn't turn it off so scans weren't running. Ok attaching report what's next.?