Goingonearth virus / Combofix Installation trouble

Solved
  1. four321zero

    four321zero New Member Bronze Member

    Joined:
    Aug 13, 2011
    Posts:
    29
    Likes Received:
    0
    Local time:
    11:47
    My System
    Loading...

    I use Windows 7 64 bit, firefox 3.6 and the free avast antivirus.

    A couple of months ago i noticed the goingonearth infection. At the time i was using firefox 5 and avira antivirus. However the virus never allowed me to google goingonearth. Recently i uninstalled firefox 5 and downloaded and installed 3.6 and i thought that got rid of the virus. However this noon my browser started redirecting again with a different site instead of goingonearth(cant recollect the name). However this happens in patches and there are times my page does not redirect.

    Anyways i was reading a solution suggested earlier on this site for a similar infection. I downloaded Combofix. However i am unable to install it. Ive read the instructions and saved the file as Commy.exe directly to my desktop and even tried downloading it to a different location as Combofix.exe and then renaming it and pasting to the desktop as Commy.exe. I disable Avast and close all browsers. Then i go to start and search/enter "%userprofile%\desktop\commy.exe" /stepdel
    (ive even tried running it directly from the desktop)

    Here are the errors i get when i run the installation (exe file).
    "Error opening file for writing"
    I:\32788R22FWJFW\iexplore.exe
    Click abort to stop the installation, retry to try again etc

    Retry n abort dont let me proceed. When i ignore, it does continue installtion however after running a little further i get the following error popping up:
    "ComboFix NSIS Installer has stopped working"

    Windows can check online for a solution to the problem. The Check online option does nothing so i click on view problem details and have copy pasted the Problem Signature below:
    Problem signature:
    Problem Event Name: APPCRASH
    Application Name: Commy.exe
    Application Version: 11.8.13.2
    Application Timestamp: 4b1ae3c6
    Fault Module Name: SDHook32.dll
    Fault Module Version: 2.0.5.1
    Fault Module Timestamp: 4e36cc58
    Exception Code: c0000005
    Exception Offset: 0003e2e5
    OS Version: 6.1.7600.2.0.0.256.1
    Locale ID: 1033
    Additional Information 1: 0a9e
    Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
    Additional Information 3: 0a9e
    Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

    Read our privacy statement online:
    Windows 7 Privacy Statement - Microsoft Windows

    If the online privacy statement is not available, please read our privacy statement offline:
    I:\Windows\system32\en-US\erofflps.txt


    Ive tried running the exe via the CMD window too. Same errors. Would appreciate if i could get combofix running or find an alternate method to get rid of the virus.
     
  2. Kedar

    Kedar Moderator Staff Member Moderator Elite Member

    Joined:
    Jun 2, 2010
    Posts:
    9,068
    Likes Received:
    818
    Local time:
    11:47
    My System
    Loading...

    Welcome to the Forum!

    Combofix should be used only under advice from a trained security professional.
     
    Crush likes this.
  3. Crush

    Crush Active Member

    Joined:
    Sep 28, 2008
    Posts:
    4,634
    Likes Received:
    2
    Local time:
    02:17
    My System
    Loading...

    Like KD said, we're not in the habit of helping users run tools they shouldn't be running on their own. The warnings are there for a reason in the tool.

    Your best bet would be to review the Prework link in my signature and post back after reading the instructions, with the resulting logs
     
  4. four321zero

    four321zero New Member Bronze Member

    Joined:
    Aug 13, 2011
    Posts:
    29
    Likes Received:
    0
    Local time:
    11:47
    My System
    Loading...

    Hi,

    Ive completed the instructions in the prework link and have attached the required files.

    I dont know if any additional information helps but just wanted to add that a few hours before i ran these scans I installed malwarebytes and ran its scan. Everytime the scan picked up on some tracking cookies it either crashed the program or froze my PC. Am not sure if its related.

    Thanks.
     

    Attached Files:

  5. Crush

    Crush Active Member

    Joined:
    Sep 28, 2008
    Posts:
    4,634
    Likes Received:
    2
    Local time:
    02:17
    My System
    Loading...

    Hi,

    Did Malwarebytes Anti Malware complete?
     
  6. four321zero

    four321zero New Member Bronze Member

    Joined:
    Aug 13, 2011
    Posts:
    29
    Likes Received:
    0
    Local time:
    11:47
    My System
    Loading...

    Nope it never got a chance to.

    The first time the program hung, the next few times my PC froze everytime it got a tracking cookie.

    In other words, i was never able to complete a full scan or quick scan with malwarebytes, always ended in either my pc freezing or the program freezing
     
  7. Crush

    Crush Active Member

    Joined:
    Sep 28, 2008
    Posts:
    4,634
    Likes Received:
    2
    Local time:
    02:17
    My System
    Loading...

    Have you tried in Safe Mode?
     
  8. four321zero

    four321zero New Member Bronze Member

    Joined:
    Aug 13, 2011
    Posts:
    29
    Likes Received:
    0
    Local time:
    11:47
    My System
    Loading...

    Am not quite tech savvy. Not sure what to do in safe mode.

    Is there something i should work on in safe mode?
     
  9. Crush

    Crush Active Member

    Joined:
    Sep 28, 2008
    Posts:
    4,634
    Likes Received:
    2
    Local time:
    02:17
    My System
    Loading...

    Try running Malwarebytes Anti Malware
     
  10. four321zero

    four321zero New Member Bronze Member

    Joined:
    Aug 13, 2011
    Posts:
    29
    Likes Received:
    0
    Local time:
    11:47
    My System
    Loading...

    is there another link for that? or should i use the same installation that crashed my pc?
     
  11. Crush

    Crush Active Member

    Joined:
    Sep 28, 2008
    Posts:
    4,634
    Likes Received:
    2
    Local time:
    02:17
    My System
    Loading...

    try using the same one
     
  12. four321zero

    four321zero New Member Bronze Member

    Joined:
    Aug 13, 2011
    Posts:
    29
    Likes Received:
    0
    Local time:
    11:47
    My System
    Loading...

    Hi

    Firstly, i apologize when i said malwarebytes earlier i was referring to SuperAntiSpyware. That was the program that kept crashing.

    I ran the malwarebytes scan in safe mode and found 3 infections and removed them. (all game cracks and trainers). Have attached the report.
    To be honest i recollect avira catching a couple of these but at the time i read somewhere that avira treats game no-cd cracks as trojans so i ignored them.

    Anyways i ran SuperAntiSpyware in safe mode and it crashed again but this time it lasted longer before it said it has encountered an error and gave me the option to report this error.

    Another thing, before i ran malwarebytes i was browsing the net and the redirect happened again only this time it was "co.in" instead of "g-o-i-n-g-o-n-earth.com"
     

    Attached Files:

  13. four321zero

    four321zero New Member Bronze Member

    Joined:
    Aug 13, 2011
    Posts:
    29
    Likes Received:
    0
    Local time:
    11:47
    My System
    Loading...

    by the way i noticed that in my post above when i typed "g-o-i-n-g-o-n-e-a-r-t-h.com" without the hyphens it auto spelt itself to co.in I had to edit the post and respell it.

    Its never happened before.

    Moreover just wanted to keep you updated that i was browsing the net now and the redirecting problem's still there.
     
  14. Crush

    Crush Active Member

    Joined:
    Sep 28, 2008
    Posts:
    4,634
    Likes Received:
    2
    Local time:
    02:17
    My System
    Loading...

    Hi,

    Can I see a new OTL log please?
     
  15. four321zero

    four321zero New Member Bronze Member

    Joined:
    Aug 13, 2011
    Posts:
    29
    Likes Received:
    0
    Local time:
    11:47
    My System
    Loading...

    here it is.
     

    Attached Files:

Similar Threads
Forum Title Date
System Security Goingonearth.com hijack May 25, 2011
System Security goingonearth.com Malware Apr 17, 2011
System Security mabm detect pup's and avast virus Jul 31, 2014
System Security Virus/Adware Jul 31, 2014