[Inactive] ransomware

**Broni** · June 19th, 2013, 07:37 PM

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/06/17 13:15:16 | 000,155,136 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Documents and Settings\All Users\Application Data\9l33.dat -- (winmgmt)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKU\Kat_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\Kat_ON_C..\Run: [ctfmon32.exe] C:\Documents and Settings\All Users\Application Data\9l33.dat (Microsoft Corporation)
O4 - HKU\Kevin_ON_C..\Run: [] File not found
O4 - HKU\Kevin_ON_C..\Run: [ctfmon32.exe] C:\Documents and Settings\All Users\Application Data\9l33.dat (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kat\Start Menu\Programs\Startup\regmonstd.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\regmonstd.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...4/wmsp9dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2013/06/17 13:15:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe
[2013/06/17 14:34:44 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Kat\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/17 14:34:43 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\33l9.pad
[2013/06/17 13:16:51 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/17 13:16:30 | 000,003,046 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\33l9.js
[2013/06/17 13:15:16 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\9l33.dat
[2013/06/17 13:15:16 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe


:Services

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\9l33.dat

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Remove the CD and shut down computer manually.
Attempt to reboot normally into Windows.

Thread: [Inactive] ransomware

Thread Tools

Search Thread

Display

Threaded View

Thread Information

Users Browsing this Thread

Posting Permissions