Jump to content

P12

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hey Maniac, In my last email, I asked several questions about the instructions related to disconnecting from Internet and about TCP/IP protocol settings access in Windows 7. Two days ago I forged ahead with the instructions on flushing dns, and in spite of my confusions, I figured out how to chec the TCP/IP protocols, and then I ran the dns flush. Then I was able to update Malware tool successfully (e.g. I now longer got the message ""The database is outdated by 69 days. Prgram_error_updating (12007,0,WinHttpSendRequest)"). And then I was able to run the scan, and since then my wife's computer has shown no signs of having the SystemTool infection. So, I am happy to report that the problem has been resolved. I will copy your latest reply into the document I am putting all information relating to SystemTool in, and if I hve the problem again, I will know what to do. I really appreciate your help Maniac. You guys are doing a service to us. Can you give me information about making a donatation?
  2. [oops.... sorry about the double post... So, the upshot is that i still have some questions in following the instructions provided under 306583. These questions related mainly to 1) I don't know how to successfully perform item 1 (e.g. disconnect infected computer from network) 2) Since the infected computer runs Windows 7 Home Edition, I am not sure how to follow the instructions in item 3. Thanks for any help you can provide. Dave
  3. In reviewing the instructions found at 306583, I encountered some problems: Item 1 says to disconnect my computer from the internet. My network connection is an ATT wireless/wired router (a "2wire"). I can disconnect the Cat5 cable from the infected computer, but since the router is also wireless, and since the computer is wireless enabled, I don't think the computer is truly disconnected from the internet. I could disconnect the router from the internet, OR i could remove power to the router, and that would ensure that the computer had no internet connection. Is this what I should do? So, without a clear understanding of how to perform item 1 from 306583, I'm not sure if I'm able to proceed effectively.... In any case, I did perform item 2 (Router reset). But then Item 3 (again, from issue 306583) indicates I am supposed to "reset the ip/dns setting of my internet connection". a)Does "internet connection" mean my router (which I think of as my internet connection), or does it mean the internet settings on my infected computer? if it means the settings on my infected computer, then I have a couple questions: i)The infected computer is running Windows 7 Home Edition, and the directions in item 3 are not written for Windows 7. Can you help with that? for instance... ii) I run Start--> Control Panel, then "Network and Internet", then "Network Sharing Center", and then "Change adapter settings" (and I don't even know if this is right). iii) Then I am presented with 2 options: First, Local Area Computer (Realtek PCIe FE Fimaily Controller) and Secondly Wireless Network (Atheros AR9285 802.11 b/g/n WiFi Adaptor. I am not sure if one is my default connection, although I typically logon via wireless with this computer. iv) I right-click the Wireless option, select properties, and there is no general tab, so I cannot follow the item 3 instructions. I do see that ther is an IP V6 protocol, and also an IP V4 protocol, but I do not know if I should select one of these (the item 3 instructions just say "Double click on the internet protocol (TCP/IP)".
  4. In reviewing the instructions found at 306583, I encountered some problems: Item 1 says to disconnect my computer from the internet. My network connection is an ATT wireless/wired router (a "2wire"). I can disconnect the Cat5 cable from the computer, but since the router is also wireless, and since the computer has a wireless network card in it, I don't think the computer is truly disconnected from the internet. I could disconnect the router from the internet, OR i could remove power to the router, and that would ensure that the computer had no internet connection. Is this what I should do? So, without a clear understanding of how to perform item 1 from 306583, I'm not sure if I'm able to proceed effectively.... In any caswe, I did perform item 2 (Router reset). But then Item 3 indicates I am supposed to "reset the ip/dns setting of my internet connection". a)Does "internet connection" mean my router (which I think of as my internet connection), or does it mean the settings on my infected computer? if it means the seetings on my infected computer, then I have a couple questions:
  5. Thank you for the additional help. I was able to successfully run WiNlOgOn.exe, and this then allowed me to run the executable that I'd renamed from mbam-setup to explorer. However, when I then went into Program files and renamed the mbam.exe to iexplore.exe, and ran it, I clicked "Update" and "Check for Updates", and got this message: "The database is outdated by 69 days. Prgram_error_updating (12007,0,WinHttpSendRequest)" But, I went ahead and performed the "quick scan". The results, though, did not show anything related to System Tool--they only showed the files explorer.exe, uSeRiNiT.exe, and WiNlogon.exe as being infected. So, I am guessing that unless I can get the Malware database updated, I won't be able to eradicate System Tool virus. How do I successfully update the database, and will this then allow me to remove the System Tool virus? Thanks, Dave Below is the log from mbam--- Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5363 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2/28/2011 9:50:17 AM mbam-log-2011-02-28 (09-50-05).txt Scan type: Quick scan Objects scanned: 162484 Time elapsed: 4 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Lisa\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. c:\Users\Lisa\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. c:\Users\Lisa\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
  6. I have gone through the steps outlined in Borislav's topic 66064. After renaming the mbam-setup.exe to explorer.exe, I try to run the newly named file, but get the message "Application cannot be executed. The file explorer.tmp is infected. Activate antivirus software". Many programs I run-- (for example Windows Explorer help, my installed and up-to-date antivirus software, and, as you saw above the renamed mbam-setup.exe) fail to execute because of the System Tool virus. So...what do I do? Also, if I try booting up in safe mode, could that help? And--a silly question--to boot in safe mode I need to press F8--does that mean, on this laptop that is having problems, that I press the fn key and while it is depressed I then press the F8 key? And I just keep pressing it while system boots up?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.