Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: need help to remove malware please.

09 Nov 2011   #1

win7 64bit
need help to remove malware please.

Hello, I'm having a malware-nightmare and hoping someone can advise. Thanks in advance.

I'm running Windows 7 Service Pack 1 64bit with Internet Explorer 9.

While browsing on 29th Oct 2011 at 15:08: my AV (Virgin Media Security) flagged a Trojan-detected message from the task bar; IE closed; (I think) Windows Live Mail shut down too; a persistent UCA promp came up and I eventually clicked 'Yes' Ė thinking it was something to fix the Trojan!

On booting up on 30th Oct a persistent UAC prompt re-appeared. From memory the Programme Name was Windows Command Processor and Publisher was Microsoft. The Programme Location I wrote down as "c:\Windows\SysWOW64\cmd.exe"C:\Users\*ME\AppData\Local\Temp\tncjsvcqajyvllqw.exe". I got rid of the prompt by continually pressing Esc, which eventually drives it down to taskbar.

All very wrong, so In safe-mode I deleted by hand all the (suspicious) files created at 15:08 on the 29th; I used System Restore to go back a few days; after booting normally I ran a full-scan with Microsoft Safety Scanner, it detected and removed Exploit:Java/CVE-2010-0840.EW & Exploit:Java/CVE-2010-0840.MZ. I ran a full-scan with Malwarebytes which came up clear, and clear again the next day.

All has been well until today. The same UAC promp appeared maybe one hour after booting. First off I've run a quick Malwarebytes scan which got the following results,

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CihOqtak (Trojan.Agent) -> Value: CihOqtak -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\*ME\AppData\Local\Temp\0.8044365899653985exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*ME\AppData\Local\tcpcgqqt\cihoqtak.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*ME\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\cihoqtak.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*ME\AppData\Local\Temp\jar_cache2376547655565355977.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*ME\AppData\Local\Temp\tncjsvcqajyvllqw.exe (Trojan.Agent) -> Quarantined and deleted successfully.

& Iíve just run a full-scan with Microsoft Safety Scanner which has removed Exploit:JS/Blacole.A and Exploit:Java/Blacole.AE.

Iím about to reboot and plan to use RKill before running another full Microsoft Safety Scanner scan. Iíve been looking at running ComboFix, how complicated is this? Iím also wondering if Iím running some dodgy version of Java? Cheers.

My System SpecsSystem Spec
09 Nov 2011   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1

I'm going to suggest that you go to ... and request help in this forum: Am I infected? What do I do? -

DO NOT run combofix without 'trained' instructions.
My System SpecsSystem Spec

 need help to remove malware please.

Thread Tools

Similar help and support threads
Thread Forum
How do I remove this virus/malware url?
I tried programs and features and search, but came up empty. It constantly shows up in Firefox and Chrome ...
System Security
la.flvmplayer.exe Malware - How To remove?
This nuisance la.flvmplayer.exe (trojan?) arrived on my computer piggy backing on a legitimate d/load (a video I believe). It causes the browser to open several windows with ads and promotions. I can't find the file as no doubt it has disguised itself. Running a full scan with Lavasoft Adaware...
System Security
Cannot remove Conduit malware
Hi guys, Hopefully someone out there can give me a hand. I've checked many websites but I'm not really able to find a good answer to my problem. I have a PC, running windows 7 ultimate 64bit, that has the conduit malware on it. Our work antivirus/malware, Webroot, detects it but is unable to...
System Security
Remove malware by formatting
Hi, When the C: and D: drives are infected, the formatting of them can kill all the malware existing on those two? Machine: Windows 7.
System Security
unable to remove malware? bug?
not sure how but ive picked up what i think is some malware. its an add-on tool bar called 'searchqu' and is by 'bandoo media inc' i noticed it in my toolbar and deactivated it but my computer was progressively slower than normal. i decided to look into it when i kept getting 'windows explorer...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 16:58.
Twitter Facebook