Suspected malware and Can't seems to remove

[Solved/Closed]
Report
-
 Jasozhou -
Hello,

I am having this problem with a particular malware which creates the following problem for me:

1) Creates and edit my icons on desktop, mainly deletes my firefox shortcut and replaces them with IE icons that starts up to http://www.nz888.net/?wy even when I had google as my startup page.

2) Changes and delete my registry entry, particularly the SHOWALL segment. Removing the option for me to choose show all hidden files under my folder advance option.


I have tried many ways of solving it with lots of different anti-virus, malware fix programs but none seems to help. Looked up the internet and i found this that describes it.
http://www.microsoft.com/...

Thank you very much in advance!

7 replies

Posts
47368
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,027
Dear Jasozhou,

You system is seriously infected and I found 27 items.

The virus made its entry through your peer to peer bittorent.

You have a spyware called Baidu and I also strongly suspect a rootkit.

You system as it is at the moment and will be after the upcoming desinfection will remain very vulnerable to all kinds of malmare and possible intrusion.

You system restore is presently deactivated. I suggest that you reactivate after desinfection.

I shall prescribe to you a very powerfull antidote that is able to kill and send any virus to the glue factory. It is of very last resort and should not be abused of, as matter of a fact, once you have used it, I suggest you delete it from your system.

To keep your system safe, you must follow the instructions hereunder to the letter:

First step, boot your system in safe mode with networking

1. Download Combofix to your desktop.

http://www.combofix.org/download.php

2.Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

3. Double click on the ComboFix icon.

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.

4. Accept the disclaimer and the recovery

5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.

ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.

If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.

Once you are done, report to me on how your system is behaving.

Good luck

Ambucias
1
Thank you

A few words of thanks would be greatly appreciated. Add comment

CCM 2821 users have said thank you to us this month


Jasoz,

download and install malwarebytes from https://www.malwarebytes.com/

update it and run a full scan.

remove found infections.

restart your PC and go to

https://www.eset.com/uk/

run this scan.

once this is done do the same with

https://www.trendmicro.com/en_us/forHome/products/housecall.html
Posts
47368
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,027
Dear Jasozhou,

If Kieferschild's solution and advice do not remove the virus completely,

To help you, I must make a diagnostic and to do so, I require a log.

Open this link and download ZHPDiag :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


Register the file on your Desktop.

Double click on ZHPDiag.exe and follow the instructions.

the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).

Double click on the short cut ZHPDiag on your Destktop.

Click on the Magnifying glass and run the analysys.

Wait for the tool to finished (maybe a long time)

Close ZHPDiag.


To transmit the report, click on this link :

https://authentification.site

Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).

Select the file ZHPDiag.txt.

Click on "upload »

Copy the url and post it here
Sorry for the delay in replying.

Thanks kieferschild for the solution offered but I have done all of that and the problem still persist.

Thanks Ambucias, I have done what you instructed me to do and here is the url.

Download Link:
http://www.speedyshare.com/files/27732837/ZHPDiag.txt

Delete Password:
vabubuhadose

Million thanks to the both of you!
Dear Ambucias,

Thanks a million!!

After following your prescription to the very last letter, my system is all well and good again!

Solved this and all other problems that have been troubling me for a long time. =)

Do you need a copy of the combofix.txt?

And by the way, you mentioned that my system is very vulnerable to future invasion, is there any recommendations that I can adopt to make my system more secure and ready to defend against invasion?

I got to thank you a million times over again or even more!

Cheers and kudos to you!

Jason Zhou
Posts
47368
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,027
Hello Jason,

I will not require the Combofix log for I know what it did. However, I strongly recommend that you delete Combofix for it cannot be used lightly and any circumstances. Some people have and had to restore their system from scratch. It worked for you after I have analysed your log.

Please ensure your system restore is activated and create a new restore point that you can name Ambucias, this was you know it's a good place to go back to in case of a future infection.

Please be careful with your bittorent peer to peer downloads they are one of the most popular source to propagate viruses. Should you download anything, always scan it with your antivirus before opening or running.

When you McAfee license comes to term, I suggest you look into purchasing F-Secure or Kaspersky.

You are totally welcome, now lets start a chain, help someone else with anything, it can be something simple like helping an old lady to cross the street, donate blood ...or a kidney.

Best regards
Thanks again Ambucias!

I have deleted the combofix and created the restore point as well. I will bear your words in mind and I am honored to be part of this chain act of kindness =)

Cheers!
Jason Zhou