Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Wednesday, June 8, 2011

fwupdate.exe

File Database Index
Name:LGODDFU
Filename:fwupdate.exe
Fix fwupdate.exe errors:Try a Registry Scan
Command:"C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
Description:Software that automatically updates the firmware on LG optical drives when they are released.
File Location:C:\Program Files\lg_fwupdate\fwupdate.exe
Startup Type:This startup entry is started automatically from an entry in your Startup folder in the Start Menu.
HijackThis Category:O4 Entry
Source
Do the following:
Step #1

Run HijackThis, press Scan, and put a check mark next to all these entries:

O4 - HKLM\..\Run: [d4c14f18] rundll32.exe "C:\WINDOWS\System32\sydkyujo.dll",b
O16 - DPF: Win32 Classes -
Close all other windows and browsers, and press the Fix Checked button.
Step #2
Please download VundoFix.exe to your desktop

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Step #3
Please do an online scan with Kaspersky Webscan (You need to use InternetExplorer or enable IEView in Firefox)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report as button >> name it >> chose "Text file" in the Save as type dialogue
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Step #4
Please download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

  • Close ALL applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.

The logs can be quite lengthy..use two post if you need to get them all in.
Step #5
Please post back with the VundoFix log "vundofix.txt", the log from the Kaspersky Onlinescan and the main.txt and the extra.txt from the DSS scan. Thanks. 

=====================================

Step #1

Please download ComboFix from here.
  • Very Important! Temporarily disable your anti-virusscript blocking and any anti-malware real-time protectionbefore performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause"unpredictable results"(Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.)
  • Close any open browsers
Next, please:
  • open notepad and copy/paste the text in the codebox below into it:
    File::
    C:\WINDOWS\SYSTEM32\mljkigd.dll
    C:\WINDOWS\SYSTEM32\rev3\revdrive33b.exe
    C:\WINDOWS\SYSTEM32\cbxurqr.dll
    C:\WINDOWS\SYSTEM32\urqpnmm.dll
    C:\WINDOWS\SYSTEM32\rqromlk.dll C:\WINDOWS\SYSTEM32\ddccyax.dll
    :\Program Files\PLUS!\horevod
    C:\WINDOWS\System32\gebca.dll C:\WINDOWS\System32\hhlowteo.dll Cal C:\WINDOWS\System32\x2\jumper83122.exe.dll C:\WINDOWS\System32\__c006A736.dat
    INDOWS\Tasks\At17.job C:\
    C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At10.job C:\ WWINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At16.jo
    C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At9.jo bb C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\System32\Process.exe
    C:\WINDOWS\System32\M3BqWtij.exe C:\WINDOWS\System32\WS2Fix.exe C:\WINDOWS\System32\VCCLSID.exe C:\WINDOWS\System32\SrchSTS.exe C:\WINDOWS\System32\dumphive.exe
    rqr.dll C:\WINDOWS\System32
    C:\WINDOWS\System32\tmp.reg C:\FOUND.001 C:\WINDOWS\System32\ddccyax.dll C:\WINDOWS\System32\urqpnmm.dll C:\WINDOWS\System32\rqromlk.dll C:\WINDOWS\System32\cbx u\mljkigd.dll C:\WINDOWS\System32\gebca.dll Folder:: C:\WINDOWS\SYSTEM32\rMa01yy C:\Documents and Settings\Steve\Desktop\SmitfraudFix C:\VundoFix Backups C:\WINDOWS\System32\rev3
    LOCAL_MACHINE\~\Browse
    C:\WINDOWS\System32\x2 C:\WINDOWS\System32\dn5 C:\WINDOWS\System32\rMa01yy Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{334FA082-A58D-46C6-B212-74EDCFAC1F80}] [-HKEY _r Helper Objects\{5EC6E847-7997-4740-82B7-473337292592}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{762E6DBB-D6C5-4FFB-8FA6-4ACFD915F429}]
    f2-dbca-bec4-127673ac31f9}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9f13ca37-6
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BF6EEBD-0CE8-49AD-B93B-7EBBD4BF8C4A}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cb84aeba-0 b721-4ceb-acbd-2fb0abea48bc}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD8C2951-3AA1-4B36-9D6B-E52EF2AF4B5E}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3D2C229-221A-4FC0-B8A8-6CE67CA50DBE}]
    Helper Objects\{F5797728-155E-42DC-93AA-2B30C75092C6}] [-HKEY_LOCAL_MACHINE\software
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4EDD9AB-44E8-43B1-845B-FD5D882245C1}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F397DE4B-7E21-4B11-9DC8-2F4FC7A67EE4}] [-HKEY_LOCAL_MACHINE\~\Browse r\microsoft\windows nt\currentversion\winlogon\notify\hobpyupn] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=- [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{334FA082-A58D-46C6-B212-74EDCFAC1F80}]
    B-7EBBD4BF8C4A}] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentic
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5EC6E847-7997-4740-82B7-473337292592}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{762E6DBB-D6C5-4FFB-8FA6-4ACFD915F429}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BF6EEBD-0CE8-49AD-B9
    3ation Packages"=hex(7):6d,73,76,31,5f,30,00,00
  • Save this as CFScript.txt
    Posted Image
    Refering to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • Additonally, ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip
    Please submit this file via the html page that should popup after running ComboFix.
    Please include a link to this topic in the message.
Step #2
Please post back with a fresh HijackThis log and the ComboFix log. Thanks. 

READ MORE at link

No comments: