Jump to content

jmw3

Honorary Members
  • Posts

    62
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Western Australia

Recent Profile Visitors

1,935 profile views
  1. Hi No problem at all... Good to hear everything is running smoothly again. I'll make some recommendations shortly to help keep your computer safe, but first a little more cleaning to do. You can delete the following: RSIT.exe The RSIT folder found at C:\rsit Junction.exe & the Junction zip file Any logs saved to your desktop You should also remove HijackThis. You can do this by going to C:\Program Files\Trend Micro\HijackThis Double click HijackThis.exe (it may have been renamed to gives.exe) From the Main menu click Open the Misc Tools section Using the scroll bar, scroll down to Uninstall HijackThis Click Uninstall HijackThis & exit then click Yes at the prompt The rootkit you had on board terminates & changes the permissions on processes based on a known name or characteristic. This was the reason some of your programs would not run. Inherit.exe resets the permissions so I would recommend holding on to that for a while as there may be other programs you have not run yet that may be affected. If you come across a program with an Windows cannot access the specified device, path, or file. You may not have permissions to access the item or access denied error, try dropping the main executable for that program on to inherit.exe. If you want to get rid of Adobe Reader & use another PDF viewer, try this one. It's a lot smaller & just as good: Foxit 3 FoxitReader31_enu_Setup.exe Note: Do not install anything dealing with AskBar... presented as an installation option. All Clean Congratulations, good work, your system is now clean. Now that your system is safe we would like you to keep it that way. Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again. Create a Clean System Restore Point Create a new, clean System Restore point which you can use in case of future system problems: Press Start->All Programs->Accessories->System Tools->System Restore Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close Now remove old, infected System Restore points: Next click Start->Run and type cleanmgr in the box and click OK Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required. Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt Click OK and Yes to confirm. Microsoft Windows Update Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found. To update Windows Go to Start > All Programs > Windows Update To update Office Open up any Office program. Go to Help > Check for Updates Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee. You can download it here & find a tutorial here. SpywareBlaster Download and install Javacools SpywareBlaster from here SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly. Download and Install a HOSTS File A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine. Download BlueTack's HOSTS Manager here, using Internet Explorer (Firefox won't work): A short distance down the page in the centre, click on the Download button Agree to the license On the next page, to the right side of where it says Download Estimates, right click on the underlined word Hosts Manager choose Save Target As and download the installer Hosts20setup.exe to your desktop Double click the Installer on your desktop and let it Install the Hosts Manager After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the other Hosts Switch icon from your desktop) When the Hosts Manager comes up, click the small down arrows on the right side of the bar labeled Options and Tools, Click Disable DNS Service. This is important In the Left Pane, click Download It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue. If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one. Web of Trust WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and Internet Explorer. Install WinPatrol Download it here You can find information about how WinPatrol works here Read some information here on how to prevent Malware. Hopefully these steps will help keep your computer clean. Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference! The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
  2. Hi Ok.. that's good. Now let's tackle the Avira issue. Follow the instructions on this page & let me know how you go: http://www.avira.com/en/support/kbdetails.php?id=135 If that doesn't work we'll try something else.
  3. Hi Drag & drop c:\Program Files\Symantec AntiVirus\VPC32.exe onto inherit.exe, see if that helps the Symantec problem. Not sure about the Avira issue. Can you let me know what you have tried so far to remove Avira & what sort of error messages you have been getting.
  4. Hi We need to scan the system with this special tool. Download Junction.zip and save it to your desktop Unzip it & put junction.exe in the Windows directory (C:\Windows) Click Start>>Run.... Copy/paste the following command in the Run box then click OK: cmd /c junction -s c:\ >log.txt&log.txt& del log.txtA command window will open & starting scanning the system. Wait until a log file opens. Copy/paste the contents of the log in your next reply
  5. Hi Download this file Inherit.exe Drag & drop any .exe files that you are unable to run onto Inherit.exe. Then wait for it to say OK. Then see if the program works.
  6. Hi I think I know what the problems may be, just need some additional information. Random's System Information Tool (RSIT) Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run the tool Click Continue at the disclaimer screen Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized) Copy & paste the contents of both logs in your next reply If info.txt does not minimise to the Task Bar, you will find it in C:\rsit
  7. Hi Ok... no worries. There are a couple of other things we can try if those other suggestions don't work. Clean Up Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately. Remove ComboFix The following will implement some cleanup procedures as well as reset System Restore points: Click Start > Run then copy/paste the following bolded text into the Run box and click OK: ComboFix /u OTC Download OTC by Old Timer here & save it to your desktop. Double click on OTC.exe. Click on CleanUp!. You will receive a prompt that it needs to restart the computer to remove the files. Click Yes. It will restart your computer automatically. If it doesn't, please restart your computer manually. You can delete the following from your desktop: Win32diag.exe RootRepeal.exe & the RootRepeal zip file TFC.exe Any logs that may have been saved to your desktop You can also uninstall the Eset Online Scanner. You can do that via Add or Remove Programs.
  8. Hi Try this online scanner: ESET Online Scanner Go here to run an online scannner from ESET. Note: You will need to use Internet explorer for this scan Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked Click Scan Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt Copy and paste that log as a reply to this topic See if this helps for the Avira issue: http://www.avira.com/en/documents/utils/av...uninstXPeng.zip Plus have a look here: http://www.themisteriosos.com/uninstall-av...-completely.htm
  9. Hi Multiple Anti-virus Programs You are operating your computer with multiple Anti-virus programs running in memory at once: Avira AntiVir Personal - Free Antivirus | Symantec AntiVirus Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them NOW. Remove Programs Click Start > Control Panel > Add/Remove Programs Remove these programs by clicking Remove MarketResearch If some programs listed are not present, please do not panic Delete Files & Folders Using Windows Explore navigate to and find the following folders: if found, delete the following (some may not be present after previous steps): c:\program files\fvbaju TFC (Temp File Cleaner) Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop. Save any unsaved work. TFC Cleaner will close all open application windows Double-click TFC.exe to run the program, your desktop will temporarily disappear If prompted, click Yes to reboot Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot. Update Java Runtime You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 16. Download the latest version of Java Runtime Environment (JRE) 6 Here Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 16. The Java SE Runtime Environment (JRE) allows end-users to run Java applications." Click the Download button to the right Select the Windows platform from the dropdown menu Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh Click on the link to download Windows Offline Installation & save the file to your desktop Close any programs you may have running - especially your web browser Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions Reboot your computer once all Java components are removed Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets Trace and Log Files [*]Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE [*]Click OK to leave the Temporary Files Window [*]Click OK to leave the Java Control Panel Kaspersky Online Scan Do an online scan with >Kaspersky Online Scanner< Read through the requirements and privacy statement and click on Accept button It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run When the downloads have finished, click on Settings Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan [*]Once the scan is complete, it will display the results. Click on View Scan Report [*]You will see a list of infected items there. Click on Save Report As... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button [*]Please post this log in your next reply To post in next reply: Kaspersky Scan log
  10. Hi Ensure your Anti-virus software is disabled before proceeding. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. Upload.bat Open Notepad by clicking Start>Run, type in Notepad then click OK Copy the contents of the Code Box below to Notepad Name the file as Upload.bat Change the Save as Type to All Files Save the file to your Desktop @ECHO OFF ( FOR %%G IN ( "C:\WINDOWS\$hf_mig$\KB929338\KB929338" "C:\WINDOWS\$hf_mig$\KB931784\KB931784" "C:\WINDOWS\$hf_mig$\KB968389\KB968389" "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP103.tmp\ZAP103.tmp" "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F8.tmp\ZAP2F8.tmp" "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D2.tmp\ZAP3D2.tmp" "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3FD.tmp\ZAP3FD.tmp" "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9D.tmp\ZAP9D.tmp" "C:\WINDOWS\assembly\temp\temp" "C:\WINDOWS\assembly\tmp\tmp" "C:\WINDOWS\Config\Config" "C:\WINDOWS\Connection Wizard\Connection Wizard" "C:\WINDOWS\CSC\d1\d1" "C:\WINDOWS\CSC\d2\d2" "C:\WINDOWS\CSC\d3\d3" "C:\WINDOWS\CSC\d4\d4" "C:\WINDOWS\CSC\d5\d5" "C:\WINDOWS\CSC\d6\d6" "C:\WINDOWS\CSC\d7\d7" "C:\WINDOWS\CSC\d8\d8" "C:\WINDOWS\Help\mail\mail" "C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz" "C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib" "C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave" "C:\WINDOWS\ime\chsime\applets\applets" "C:\WINDOWS\ime\CHTIME\Applets\Applets" "C:\WINDOWS\ime\imejp\applets\applets" "C:\WINDOWS\ime\imejp98\imejp98" "C:\WINDOWS\ime\imjp8_1\applets\applets" "C:\WINDOWS\ime\imkr6_1\applets\applets" "C:\WINDOWS\ime\imkr6_1\dicts\dicts" "C:\WINDOWS\ime\shared\res\res" "C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729" "C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729" "C:\WINDOWS\java\classes\classes" "C:\WINDOWS\java\trustlib\trustlib" "C:\WINDOWS\l2schemas\l2schemas" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs" "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files" "C:\WINDOWS\msapps\msinfo\msinfo" "C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES" "C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF" "C:\WINDOWS\pchealth\helpctr\BATCH\BATCH" "C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint" "C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles" "C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs" "C:\WINDOWS\pchealth\helpctr\System\DFS\DFS" "C:\WINDOWS\pchealth\helpctr\Temp\Temp" "C:\WINDOWS\Registration\CRMLog\CRMLog" "C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded" "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\policy\policy" "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\msft\msft" "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\policy\msft\msft" "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft" "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\policy\msft\msft" "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft" "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70" "C:\WINDOWS\Sun\Java\Deployment\Deployment" "C:\WINDOWS\system32\1025\1025" "C:\WINDOWS\system32\1028\1028" "C:\WINDOWS\system32\1031\1031" "C:\WINDOWS\system32\1037\1037" "C:\WINDOWS\system32\1041\1041" "C:\WINDOWS\system32\1042\1042" "C:\WINDOWS\system32\1054\1054" "C:\WINDOWS\system32\2052\2052" "C:\WINDOWS\system32\3076\3076" "C:\WINDOWS\system32\3com_dmi\3com_dmi" "C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE" "C:\WINDOWS\system32\appmgmt\S-1-5-21-1368161332-2723273657-3337644624-1172\S-1-5-21-1368161332-2723273657-3337644624-1172" "C:\WINDOWS\system32\bits\bits" "C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak" "C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\ZQPEPHR8\ZQPEPHR8" "C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}" "C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\QHVX3U4W\QHVX3U4W" "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3248271683-3951922948-1184423176-500\S-1-5-21-3248271683-3951922948-1184423176-500" "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1078081533-725345543-500\S-1-5-21-861567501-1078081533-725345543-500" "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player" "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates" "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs" "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs" "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\668b56910397\668b56910397" "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning" "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3248271683-3951922948-1184423176-500\S-1-5-21-3248271683-3951922948-1184423176-500" "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1078081533-725345543-500\S-1-5-21-861567501-1078081533-725345543-500" "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE" "C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood" "C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood" "C:\WINDOWS\system32\dhcp\dhcp" "C:\WINDOWS\system32\drivers\disdn\disdn" "C:\WINDOWS\system32\en\en" "C:\WINDOWS\system32\export\export" "C:\WINDOWS\system32\FxsTmp\FxsTmp" "C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT" "C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT" "C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT" "C:\WINDOWS\system32\inetsrv\inetsrv" "C:\WINDOWS\system32\LogFiles\WUDF\WUDF" "C:\WINDOWS\system32\mui\dispspec\dispspec" "C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup" "C:\WINDOWS\system32\oobe\html\oemcust\oemcust" "C:\WINDOWS\system32\oobe\html\oemhw\oemhw" "C:\WINDOWS\system32\oobe\html\oemreg\oemreg" "C:\WINDOWS\system32\oobe\sample\sample" "C:\WINDOWS\system32\scripting\scripting" "C:\WINDOWS\system32\ShellExt\ShellExt" "C:\WINDOWS\system32\spool\drivers\w32x86\3\New\New" "C:\WINDOWS\system32\spool\drivers\w32x86\3\Old\1\1" "C:\WINDOWS\system32\The All-New `08 CTS dir\The All-New `08 CTS dir" "C:\WINDOWS\system32\wbem\mof\bad\bad" "C:\WINDOWS\system32\wbem\mof\good\good" "C:\WINDOWS\system32\wbem\snmp\snmp" "C:\WINDOWS\system32\wins\wins" "C:\WINDOWS\system32\xircom\xircom" "C:\WINDOWS\WinSxS\InstallTemp\InstallTemp" ) DO @( SWXCACLS "%%~DPG" SWXCACLS "%%~G" ))>Logit.txt START /B /WAIT Win32KDiag.exe -F -R Zip -m Uploadthis Logit.txt Win32KDiag.txt DEL %0 Double click on the Upload.bat. A window will open and close. This is normal. A zip file named UploadThis.zip will be created. Please post the zip file as an attachment in your next reply. CFScript Close any open browsers. Open notepad and copy/paste the text in the code box below into it: http://www.malwarebytes.org/forums/index.php?showtopic=23189 Collect:: c:\windows\system32\ihiwih.com c:\windows\fatugu.dat c:\windows\owukekejum.com c:\windows\system32\fesuf.com c:\program files\Common Files\gyjad._sy c:\program files\Common Files\ivixaxa.lib c:\program files\Common Files\ojosum._sy c:\documents and settings\gives\Application Data\zaxiceti.dat Suspect:: c:\documents and settings\gives\Local Settings\Application Data\omap.dat DirLook:: C:\2b5cbe60827d3b240995272f c:\program files\fvbaju Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000000 Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper I would also like to see a list of installed programs, so please do this: Click Start > Run then copy/paste the following single-line command into the Run box and click OK: C:\Qoobox\Add-Remove Programs.txt A text file should open. Post the contents of that file in your next reply. To post in next reply: UploadThis.zip file (as an attachment) ComboFix log Add-Remove Programs log Update on how the computer is running
  11. Hello & Welcome to Malwarebytes' Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Options, then click Track this topic. Make sure it is set to Immediate Email Notification, then click Proceed. In the meantime please note the following: Any recommendations made are for your computer problems only and should NOT be used on any other computer. Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them: 1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly. 2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely. If you get stuck or are unsure of something please ask for a further explanation, do not guess. It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate. Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic. Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Because of this, I advise you to backup any personal files and folders before you start. Thanks ComboFix Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links): Link 1 Link 2 **IMPORTANT !!! Save ComboFix.exe to your Desktop** Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here Double click on ComboFix.exe & follow the prompts As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper RootRepeal Double click RootRepeal.exe to start the program Click the Report tab at the bottom of the program window Click the Scan button In the Select Scan dialog, check:Drivers Files Processes SSDT Stealth Objects Hidden Services [*]Click the OK button [*]In the next dialog, select all drives showing [*]Click OK to start the scan Note: The scan can take some time. DO NOT run any other programs while the scan is running When the scan is complete, the Save Report button will become available Click this and save the report to your Desktop as RootRepeal.txt Go to File then Exit to close the program Could you also rerun Win32Diag.exe & post the results. To post in next reply: ComboFix log RootRepeal log New Win32Diag log Update on how the computer is running
  12. Hi Those items are fine. Malwarebytes has reset those registry entries to what they should be. If you like Run DDS again: Link 1 Link 2 & Gmer: http://www.gmer.net/download.php then post the contents of the logs.
  13. Hi Sorry I couldn't be of more help to you. This machine was just to infected to take a risk in trying to clean it. At least with a fresh install you will have a properly functioning clean PC. Here's a couple of quite good guides if you need some assistance: http://forum.securitycadets.com/index.php?showtopic=6429 http://forums.whatthetech.com/How_Reformat...tem_t91962.html If you like once your done you can come back here & I can make some reccommendations that could stop this occurring again. Good luck with it
  14. Hi I hate to be the bearer of bad news but one or more of the identified infections on this system is a Backdoor Trojan. In addition, you have multiple other malware variants on this seriously infected system. Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more. I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to appraise them of your situation. In addition to the backdoor Trojan that has been identified, this system is afflicted with other infections. Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damages it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system. Prior to reformatting the system, the hard drive could be removed and attached to another system as a "slave," thereby allowing you to remove and salvage your data files. No programs or executable files should be saved as they would likely be infected, and all data files should be scanned with anti-virus and anti-spyware programs prior to being returned to the hard drive after it has been reformatted. If you are not comfortable performing this procedure yourself, we would advise you to take the computer to a reliable, local, computer repair shop and have them do the work for you. Should you have any questions, please feel free to ask.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.