Hi,
I am desperately looking for help. My desk top computer recently became a victim of Window Police Pro and tapi.nfo. I have tried to follow the recommended process to troubleshoot this but all avenues to recovery seem to be block. I have tried running Anti Malware and Hijack This but neither application seems to be able to execute properly. When I first loaded them they executed but neither was able to complete properly. I have not been able to get them to run after the first execution.
This seems to be the case with any application that might help fix this problem. It doesn't seem to matter whether I try it in safe or normal mode. In fact for a while I wasn't able to get into safe mood.
I have tried manually deleting items from the registry but also to no avail.
I know this isn't much to start on but any assistance you can offer would be greatly appreciated.
Kelly
Full Version: Mesa98 Malware Problems
Hi Kelly and welcome to Malwarebytes.
Please visit this webpage for instructions for running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
-screen317
Please visit this webpage for instructions for running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
- When the tool is finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
-screen317
QUOTE (screen317 @ Sep 10 2009, 09:23 AM) 
Hi Kelly and welcome to Malwarebytes.
Please visit this webpage for instructions for running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
-screen317
Please visit this webpage for instructions for running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
- When the tool is finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
-screen317
Thanks for getting back to me. I was finally able to run combfix in safe mode but still couldn't get Hijack to run. However I was able to run my anti virus and a few other utils that I use and was finally able to get my computer to run normally. For now it looks like all traces of the malware has disappeared.
Don't take this wrong, but I hope I don't need to contact you again.
Thanks, again,
Kelly
Hi,
Could you please post the report from ComboFix found at C:\ComboFix.txt?
I would like to make sure everything is actually gone, even if symptoms are no longer present.
-screen317
Could you please post the report from ComboFix found at C:\ComboFix.txt?
I would like to make sure everything is actually gone, even if symptoms are no longer present.
-screen317
QUOTE (screen317 @ Sep 12 2009, 08:14 AM)
Hi,
Could you please post the report from ComboFix found at C:\ComboFix.txt?
I would like to make sure everything is actually gone, even if symptoms are no longer present.
-screen317
Could you please post the report from ComboFix found at C:\ComboFix.txt?
I would like to make sure everything is actually gone, even if symptoms are no longer present.
-screen317
No problem. here is the report.
Kelly
Looks like a straggler was left behind.
Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.
Next, please open Notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quotebox below into Notepad:
Save this as CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log (reinstall it if it still wont work).
Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.
Next, download my Security Check from here or here.
Let me know how things are running now and what issues remain.
-screen317
Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.
Next, please open Notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quotebox below into Notepad:
QUOTE
Driver::
asbp2poa
c:\docume~1\Chelsea\LOCALS~1\Temp\asbp2poa.sys
asbp2poa
c:\docume~1\Chelsea\LOCALS~1\Temp\asbp2poa.sys
Save this as CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log (reinstall it if it still wont work).
Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.
- Click Start Scanning.
- You should get a notification bar (on top) to install the ActiveX control.
- Click on it and select to install the ActiveX.
- Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
- In case you are having problems with installing the ActiveX/starting the scan, please read here.
- Click the Full System Scan button.
- It will start to download scanner components and databases. This can take a while.
- The main scan will start.
- Once the scan has finished scanning, click the Automatic cleaning (recommended) button
- It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
- The cleaning can take a while, so please be patient.
- Then click the Show report button and Copy/Paste what is present under results in your next reply.
Next, download my Security Check from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Let me know how things are running now and what issues remain.
-screen317
QUOTE (screen317 @ Sep 15 2009, 11:36 PM)
Looks like a straggler was left behind.
Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.
Next, please open Notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quotebox below into Notepad:
Save this as CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log (reinstall it if it still wont work).
Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.
Next, download my Security Check from here or here.
Let me know how things are running now and what issues remain.
-screen317
Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.
Next, please open Notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quotebox below into Notepad:
Save this as CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log (reinstall it if it still wont work).
Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.
- Click Start Scanning.
- You should get a notification bar (on top) to install the ActiveX control.
- Click on it and select to install the ActiveX.
- Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
- In case you are having problems with installing the ActiveX/starting the scan, please read here.
- Click the Full System Scan button.
- It will start to download scanner components and databases. This can take a while.
- The main scan will start.
- Once the scan has finished scanning, click the Automatic cleaning (recommended) button
- It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
- The cleaning can take a while, so please be patient.
- Then click the Show report button and Copy/Paste what is present under results in your next reply.
Next, download my Security Check from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Let me know how things are running now and what issues remain.
-screen317
Thanks for the follow-up.
I downloaded Combofix and created the script file as requested. However I was unable to move the script file into Combofix and lhave Combofix launch. Whenever I tried to click and crag the scroit file into Combofix it appears that the only thing that happens on my desktop is theychange places. Any suggestions?
Kelly
Hi Kelly,
Try this instead:
Make sure ComboFix.exe and CFScript.txt are on your Desktop. Navigate to Start --> Run, and enter the following command exactly as shown:
"%userprofile\Desktop\ComboFix.exe" "%userprofile%\desktop\CFScript.txt"
See if it runs now.
-screen317
Try this instead:
Make sure ComboFix.exe and CFScript.txt are on your Desktop. Navigate to Start --> Run, and enter the following command exactly as shown:
"%userprofile\Desktop\ComboFix.exe" "%userprofile%\desktop\CFScript.txt"
See if it runs now.
-screen317
I was able to get everything to run as requested and have attached the 4 files/logs.
So far everything seems to be working fine. The only issue I seem to be left with is that the hard disk light seems to be flashing almost constantly, even when I am doing nothing on the computer. i have checked the runnung processes and cannot see any scans or applications that might be causing this. Any ideas?
Thanks again,
Kelly
So far everything seems to be working fine. The only issue I seem to be left with is that the hard disk light seems to be flashing almost constantly, even when I am doing nothing on the computer. i have checked the runnung processes and cannot see any scans or applications that might be causing this. Any ideas?
Thanks again,
Kelly
QUOTE (johnswhite @ Sep 18 2009, 11:04 AM)
Hi..
I just read your post and as per that regarding i think you should check your system or BIOS so it may possible that you might be out of problem...
I just read your post and as per that regarding i think you should check your system or BIOS so it may possible that you might be out of problem...
Not sure what it was but the HD indicator light seems to have settled down and everythibng seems to be fine now.
Kelly
Ignore that guy-- he's a spammer; we'll deal with him shortly.
Give me a second and I'll be right back.
Give me a second and I'll be right back.
Hi Kelly,
Navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u
This uninstalls all of ComboFix's components.
Delete SecurityCheck.
I see that you are using an outdated version of HijackThis.
Please download the current version of HijackThis from here.
Save it to a permanent folder (such as C:\HJT).
Delete the old version of HijackThis afterwards.
Let me know what issues remain.
-screen317
Navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u
This uninstalls all of ComboFix's components.
Delete SecurityCheck.
I see that you are using an outdated version of HijackThis.
Please download the current version of HijackThis from here.
Save it to a permanent folder (such as C:\HJT).
Delete the old version of HijackThis afterwards.
Let me know what issues remain.
-screen317
All seems well and thanks again.
kKlly
kKlly
Hi Kelly,
Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:
1) It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.
Kerio
Comodo
Outpost
2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.
3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.
4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.
5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.
6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
7) Be sure to update your Antivirus and Antispyware programs often!
Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?
Safe surfing,
-screen317
Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:
1) It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.
Kerio
Comodo
Outpost
2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.
3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.
4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.
5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.
6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
7) Be sure to update your Antivirus and Antispyware programs often!
Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?
Safe surfing,
-screen317
Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.