WiniFighter resisting everything

View previous topic View next topic Go down

WiniFighter resisting everything

Post by jasonc on Thu Jul 30, 2009 7:19 pm

I'm infected with WiniFighter, and so far nothing has worked.

I just updated and ran Advanced System Protector. It unearthed a couple bugs, but WiniFighter is still here. Malwarebytes can't launch. Adaware tells me "Failed to connect to service." Worst of all, HiJack This won't launch either. As with Adaware, I get the hourglass symbol for just a second, and then even that disappears.

jasonc
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-07-29
OS OS : XP
Points Points : 26859
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WiniFighter resisting everything

Post by Origin on Fri Jul 31, 2009 1:17 am

Hello, can you rename HijackThis to winlogon.exe and see if it runs.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WiniFighter resisting everything

Post by jasonc on Fri Jul 31, 2009 2:24 am

I don't think so. It's possible I'm not doing it correctly, but I went to the Trends Micro folder, and there was only one file in there, which I dutifully renamed. Still, the $&#% thing won't launch.

Incidentally, I tried this with Anti-Malware too. In another thread I saw a recommendation to rename mbam to winlogon.exe. However, there too, no joy.

jasonc
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-07-29
OS OS : XP
Points Points : 26859
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WiniFighter resisting everything

Post by Origin on Fri Jul 31, 2009 4:13 pm

See if you can download this:


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WiniFighter resisting everything

Post by jasonc on Fri Jul 31, 2009 9:33 pm

I saved it onto Desktop and ran it, but the logfile never pops up. Perhaps not coincidentally, I get this pop-up warning from Advanced System Protector when I run it:

"Detected As: PSW-Stealer.passwordspro.t
Category: Password Hijacker
File Path: c:\docume~1\jason\locals~1\temp\rarsfx1\eds.exe"

Then it offers to upgrade me to the Pro version of their software.

jasonc
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-07-29
OS OS : XP
Points Points : 26859
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WiniFighter resisting everything

Post by Belahzur on Sat Aug 01, 2009 1:38 am

Hello.
See if you can run this.
[You must be registered and logged in to see this link.]

Do a system scan with logfile and see if the log opens.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WiniFighter resisting everything

Post by jasonc on Mon Aug 03, 2009 11:16 pm

I can't believe this! The program downloaded fine, launched in a new window, began a scan with logfile, and ... poof! It just disappeared. I repeated and it did this again. AAAARRRGGHH!

jasonc
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-07-29
OS OS : XP
Points Points : 26859
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WiniFighter resisting everything

Post by Belahzur on Tue Aug 04, 2009 7:06 pm

Hello.

Please download Ice Sword from [You must be registered and logged in to see this link.][LIST=1]

Are you able to extract and run it?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WiniFighter resisting everything

Post by jasonc on Tue Aug 04, 2009 7:43 pm

Yes, it worked!! Thank You! Now what should I do?

jasonc
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-07-29
OS OS : XP
Points Points : 26859
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WiniFighter resisting everything

Post by Belahzur on Wed Aug 05, 2009 5:30 pm


  • Open the Ice Sword folder and then launch IceSword.exe.
  • Then look in the left hand bottom of the program and press "Registry"
  • When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
  • Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key in bold:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  • Now look in the right side pane for two run values that are just random numbers.
  • Once you have found the value(s), right click it and press "Delete"
  • Okay the prompt and close IceSword.

See if you can run Hijack This now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WiniFighter resisting everything

Post by jasonc on Wed Aug 05, 2009 8:20 pm

So far, no. There wasn't anything there that was just a random string of numbers. Something looked close to that, so I deleted it, but it didn't make me able to run Hijack This.

Now all that's left is:

(Default)
Advanced System Protector
iTunes Helper
Quick Time Task
Sound Max
Sound Max PnP
SynTPEnh
SynTPLpr

jasonc
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-07-29
OS OS : XP
Points Points : 26859
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WiniFighter resisting everything

Post by Belahzur on Thu Aug 06, 2009 3:17 pm

Hello.
Lets look under the opposite hive.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

What's under that one?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WiniFighter resisting everything

Post by jasonc on Thu Aug 06, 2009 8:16 pm

Aha! The last item on the list was WiniFighter, so I deleted it. However, still can't run Hijack This.

The remaining items on the list are:

(Default)
ctfmon.exe
MicrosoftUpdate
puncxyfv.exe

jasonc
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-07-29
OS OS : XP
Points Points : 26859
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WiniFighter resisting everything

Post by Belahzur on Fri Aug 07, 2009 6:37 pm

Delete this one too:

puncxyfv.exe


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum