Jump to content

ICE Malware Removal

loringdesign
 Share

Recommended Posts

loringdesign

loringdesign

Posted
  • Author
Posted

delete the first copy as here is the completed version

hello, I would  like to set a block of time today  or when you are able to work on this so that i can give it my full attention and make  use of the valuable help you are offering. By coming and going so sporadically i don't mean to be unappreciative or difficult. I was being pulled in many directions  but now its more manageable. So i will address your four points as best I can and then if you would be kind enough to let me know when you can work on this again i will try to shift my schedule accordingly. if we could hit it first thing monday  morning that would probably be best. So if you are 3 hrs ahead and are able to help me around 8  or 9 (east coast time) I plan to up early and prepared. if the morning doesnt work my next opening would be late afternoon my time. Lastly, would it be helpful to start with a phone call if you even work that way? if so im  at 3107708114 anytime. Ok  I will address  the 4 points below in orange font:

 

1: Can you get to a command prompt with the infected computer??
if i understand the quick answer is "no" but i have to ask 2 questions back

A) is a command prompt very particular as in "safe mode with command prompt" or is it anywhere Im able to type  words like start menu "run" or "search"?

B) Does "infected computer" refer to the infected drive only or literally the unit with desktop and multiple drives 

 

I tried  to run the infected drive set as master in all 3 safe modes and from the cd using all your suggestions and tricks only to end  up on the ICE page

`
2: Not getting the malware out of the registry is going to be a problem.

what should i try?

3: If you have Malwarebytes 2.0 on the good drive, we can run a Custom scan on the infected hard drive.
This would be the first thing to do.

I have the free version but have a day or so left on the trial of the full version

How do I run a custom scan

4: Then access the infected drive and look for the malware files. (below are samples from past infections)
The can be anywhere but usually in these locations.
Of course the user names will be different:

Ok, but you say "look at", will we be able to delete the malware files?

 

end

Link to post
Share on other sites
  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

MrCharlie

MrCharlie

Posted
Posted

1: Can you get to a command prompt with the infected computer??
if i understand the quick answer is "no" but i have to ask 2 questions back

A) is a command prompt very particular as in "safe mode with command prompt" or is it anywhere Im able to type words like start menu "run" or "search"?

Yes, safe mode with command prompt

B) Does "infected computer" refer to the infected drive only or literally the unit with desktop and multiple drives

Just the drive

I tried to run the infected drive set as master in all 3 safe modes and from the cd using all your suggestions and tricks only to end up on the ICE page
`
2: Not getting the malware out of the registry is going to be a problem.
what should i try?

Will get to that later

3: If you have Malwarebytes 2.0 on the good drive, we can run a Custom scan on the infected hard drive.
This would be the first thing to do.
I have the free version but have a day or so left on the trial of the full version
How do I run a custom scan

This is the first thing I want to do:

With the infected drive set as slave and the good drive as master
Computer up and running off the good drive
Start Malwarebytes > choose Scan > Custom Scan > Scan Now > Put a check in the box next to the infected drive (may be E, F, etc) > Now click Start Scan

That should start a scan on the infected drive.


4: Then access the infected drive and look for the malware files. (below are samples from past infections)
The can be anywhere but usually in these locations.
Of course the user names will be different:
Ok, but you say "look at", will we be able to delete the malware files?

We'll address this after running Malwarebytes.

No need for me to call you and I'm here all day.

MrC

Link to post
Share on other sites
loringdesign

loringdesign

Posted
  • Author
Posted

i need to be at appointments from 1230 on . Didnt think the scan would take so long . is it normal? im at 61000 objects scanned , duration 4 hrs, 6 bad guys detected. are you able to tell me any of the next steps  for when i come back? what time to you clock out?

 

I do have a tech support through remote access with norton although they did not seem current with ICE. at some point i am able to get in windows and online should i have them clean it up? I was thinking it might be better to stick with you to the end but i wanted you to know i had that source. especially with your registry concerns right. anyways thanks again. im just going to let the scan run

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Did it boot up???

If so.......(please use notepad to save the logs or just post them)

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

There were 2 logs from Malwarebytes, one showed the malware and one was clean.

Can you post or attach the one showing the malware, please use note pad so I can read it.

---------------------

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

-------------------------------

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites
loringdesign

loringdesign

Posted
  • Author
Posted

ON RECOVERY: Lastly you might recall i compounded my problems last week by erasing data (back up wasnt recording this drive) on the "F" drive when installing windows because i reformatted. Im prepared to except a lost there but wanted to try to get some  of it back if possible; my work files, dwgs, cad files, sketch up,  jpegs, word docs etc. Are you able to assist me there at all?

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

.XML <-------I don't know what program creates these files with .XML extensions. If I open them up with notepad they come out all distorted.

Anyway, this was the only file deleted that was related to the virus.
Kaspersky may have gotten some also.

F:\Documents and Settings\All Users\Application Data\wjlqfvg.gsa

----------------------------------

Please complete these steps:
https://forums.malwarebytes.org/index.php?showtopic=145516&p=815408

--------------------------------------------------------------

The lost data is gone and probably over written by now.

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Lets see if we can get system restore repaired:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked: (Check them all)
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

MrC

Link to post
Share on other sites
loringdesign

loringdesign

Posted
  • Author
Posted

Ive got a few of your instructions backed up (not completed) since the crash. does it matter which i do first?

 

download and run roguekiller in safe mode

 

rescan with Farbar?

 

complete the Kaspersky steps above

 

find different log format ans rersend

 

also i will need to break from this soon for other obligations. doesit matter when ?
 

Link to post
Share on other sites
loringdesign

loringdesign

Posted
  • Author
Posted

if i double click  the xml malware log files they open right up via explorer or chrome. is that no good for you and if so how shall i resave them 

 

the only times there was an  over write on the F drive was when norton virus software and XP were installed. i did run a free recovery a while ago and it seemed like recognizable files were present just couldnt retrieve them

 

these3  files copied to my desktop before crash . dont know if the help or not

roguekiller fileexe dmp (wasnt permitted to be uploaded

2 more attached

debug.log

drwtsn32.log

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.