Hello.
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
- Open HijackThis
- Choose "Do a system scan only"
- Check the boxes in front of these lines:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=oH2Q9XImmQw9RHTEt6b_lBTbf08
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {fdd05030-553c-420c-922b-9053f1eb50f4} - C:\WINDOWS\system32\bejanapo.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [tarikiwodi] Rundll32.exe "C:\WINDOWS\system32\jobagiyu.dll",s
O4 - HKLM\..\Run: [e09439c1] rundll32.exe "C:\WINDOWS\system32\zomutaho.dll",b
O4 - HKLM\..\Run: [CPMe3a70a5d] Rundll32.exe "c:\windows\system32\gutakila.dll",a
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [tarikiwodi] Rundll32.exe "C:\WINDOWS\system32\jobagiyu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [tarikiwodi] Rundll32.exe "C:\WINDOWS\system32\jobagiyu.dll",s (User 'NETWORK SERVICE')
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gutakila.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gutakila.dll (file missing)
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) - Press "Fix Checked"
- Close Hijack This.
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Files to delete:
c:\windows\system32\TDSSqqck.dll
c:\windows\system32\TDSSncun.dll
c:\windows\system32\TDSSyavu.dll
c:\windows\system32\TDSSirxy.dll
c:\windows\system32\TDSSmupe.dat
c:\windows\system32\TDSSktpa.dll
c:\windows\system32\bovejuto.exe
c:\windows\system32\ohatumoz.ini
c:\windows\system32\ugafijah.ini
c:\windows\system32\irufonif.ini
c:\windows\system32\eyogajuz.ini
c:\windows\system32\ozehilir.ini
c:\windows\system32\osuyahis.ini
c:\windows\system32\owonemon.ini
c:\windows\system32\awivivap.ini
c:\windows\system32\ehoniyup.ini
c:\windows\system32\unobukeb.ini
c:\windows\system32\uguvezer.ini
c:\windows\system32\olorumok.ini
c:\windows\system32\atuzodef.ini
c:\windows\system32\iyejakuj.ini
c:\windows\system32\uwuhonuz.ini
c:\windows\system32\zehekilo.dll
c:\windows\system32\fuhaleke.dll
c:\windows\system32\nolomipu.dll
c:\windows\system32\hajifagu.dll
c:\windows\system32\desiwaso.dll
c:\windows\system32\finofuri.dll
c:\windows\system32\murewozi.dll
c:\windows\system32\zujagoye.dll
c:\windows\system32\rilihezo.dll
c:\windows\system32\sifayemi.dll
c:\windows\system32\wegahuwe.dll
c:\windows\system32\leforoju.dll
c:\windows\system32\sihayuso.dll
c:\windows\system32\yayezuho.dll
c:\windows\system32\nomenowo.dll
c:\windows\system32\gemuyisu.dll
c:\windows\system32\paviviwa.dll
c:\windows\system32\bimeyonu.dll
c:\windows\system32\puyinohe.dll
c:\windows\system32\gefedore.dll
c:\windows\system32\bekubonu.dll
c:\windows\system32\yuwegayo.dll
c:\windows\system32\rezevugu.dll
c:\windows\system32\komurolo.dll
c:\windows\system32\sinodisi.dll
c:\windows\system32\nowepeto.dll
c:\windows\system32\fedozuta.dll
c:\windows\system32\lapujide.dll
c:\windows\system32\wijuhalu.dll
c:\windows\system32\jukajeyi.dll
c:\windows\system32\serubifa.dll
c:\windows\system32\zunohuwu.dll
c:\windows\system32\pasugusa.dll
c:\windows\system32\melunule.dll
c:\windows\system32\winusime.dll
c:\windows\system32\galaduja.dll
c:\windows\system32\pohulomo.dll
c:\windows\system32\wigudozi.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
- Under "Input script here:", paste in the script from the quote box above.
- Leave the ticked box "Scan for rootkit" ticked.
- Then tick "Disable any rootkits found"
- Now click on the Execute to begin execution of the script.
- Answer "Yes" twice when prompted.
The Avenger will automatically do the following: - It will Restart your computer.
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.