Sign in to follow this  
Followers 0
nkirk

Unable to Run Malwarebytes or Hijack This

17 posts in this topic

I have installed both Malwarebytes and Hijack This on PC based on having looked at other postings. (Original problem was an inability to get to AVG update website)

I am unable to run Malwarebytes or Hijack This (both give an egg timer for 10 seconds but no action beyond this)

Any guidance appreciated.

Share this post


Link to post
Share on other sites

I have tried running MAlwarebytes when renamed. This now launches but stops on the "Installing" page with the green bars having filled to the right. I cannot close the install window.

I will try a rename on Hijac This

Share this post


Link to post
Share on other sites
I have tried running MAlwarebytes when renamed. This now launches but stops on the "Installing" page with the green bars having filled to the right. I cannot close the install window.

I will try a rename on Hijac This

Share this post


Link to post
Share on other sites

Hi Jack This Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:01:24, on 10/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\dvd43\dvd43_tray.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

C:\WINDOWS\Philips\SPC610NC\Monitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\TEMP\winlognn.exe

C:\WINDOWS\services.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE

C:\DOCUME~1\Nick\LOCALS~1\Temp\csrssc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\services.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\services.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\services.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\deviceemulator.exe,C:\WINDOWS\system32\hhupd.exe,

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

O4 - HKLM\..\Run: [sPC610NC_Monitor] C:\WINDOWS\Philips\SPC610NC\Monitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [gohezo] C:\WINDOWS\system32\mettu.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sysftray2] c:\windows\bolivar27.exe

O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\WINDOWS\TEMP\winlognn.exe

O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe

O4 - HKLM\..\Run: [Xpunocu] rundll32.exe "C:\WINDOWS\Ikogur.dll",e

O4 - HKLM\..\Run: [Cbace] rundll32.exe "C:\WINDOWS\ajoyunolifetahef.dll",e

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SF.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\WINDOWS\TEMP\winlognn.exe

O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Nick\LOCALS~1\Temp\csrssc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [vxvjuelo.exe] C:\WINDOWS\vxvjuelo.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [nttvshna.exe] C:\WINDOWS\nttvshna.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: LimeWire On Startup.lnk (User 'SYSTEM')

O4 - .DEFAULT Startup: LimeWire On Startup.lnk (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1188690887904

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188691398529

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Zip Backup to CD (e4a8juuoa) - Unknown owner - C:\WINDOWS\system32\rouquu.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--

End of file - 8073 bytes

Share this post


Link to post
Share on other sites

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Share this post


Link to post
Share on other sites

I have installed the copied (downloaded onto another PC as I cannot access the website on the problem PC)

combofix onto the desktop.

However when combofix is launched I get an egg timer for about 10 seconds but nothing has happened after 10 mins

Share this post


Link to post
Share on other sites

Try renaming Combofix.exe to another name, try running it as another name in SAFE MODE if neither work then download and burn this CD from another PC at home, a friends, or at work as needed.

Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

  • Download the
    Avira AntiVir Rescue System
    from
    here
  • Place a blank CD in your burner and double-click on the downloaded file.

  • The program will automatically burn the CD for you.

  • Place the burned CD into the affected computer and start the computer from this CD.

  • On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.

  • Click on the
    Configuration
    button.

    • Select
      Scan all files
    • Select
      Try to repair infected files
      and
      Rename files, if they cannot be removed

    • Select
      Scan for dialers

    • Select
      Scan for joke programs (Jokes)

    • Select
      Scan for games

    • Select
      Scan for spyware (SPR)

    [*]
    Click on
    Virus scanner

    [*]
    Click on
    Start scanner
    at the bottom of the screen

    [*]
    Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Screen resolution problems

Please see the post
here
if you're unable to view the entire screen of Avira.

Share this post


Link to post
Share on other sites

With all other applications closed (Taskbar empty), open HijackThis again

and run Do a system scan only and place a check mark on the following items.

  • O4 - HKLM\..\Run: [Xpunocu] rundll32.exe "C:\WINDOWS\Ikogur.dll",e
  • O4 - HKLM\..\Run: [Cbace] rundll32.exe "C:\WINDOWS\ajoyunolifetahef.dll",e
  • O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
  • O4 - S-1-5-18 Startup: LimeWire On Startup.lnk (User 'SYSTEM')
  • O4 - .DEFAULT Startup: LimeWire On Startup.lnk (User 'Default user')
  • O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  • O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    Then Quit All Browsers including the one you're reading this in now.
    Then click on Fix checked and then quit HJT

Download but do not yet run ComboFix

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

Download it to your DESKTOP - it MUST run from the Desktop

download.bleepingcomputer.com/sUBs/ComboFix.exe

subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::

Driver::
xykvbzgd
ethhadmz
e4a8juuoa

File::
c:\windows\Ikogur.dll
c:\windows\ajoyunolifetahef.dll
c:\windows\system32\Drivers\xykvbzgd.sys
c:\windows\system32\drivers\ethhadmz.sys
c:\windows\system32\rouquu.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xpunocu"=-
"Cbace"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xykvbzgd.sys]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa87786-4a07-11dd-bb5c-00155871ec0f}]

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disconnect from the Internet.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  • It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

Then see if you can install, update and run MBAM

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

Share this post


Link to post
Share on other sites

Logs included from:

the updated combofix with the CF script

Anti malware scan - (however this was not updated as the PC is now unable to access the internet - the pC is not being assigned an IP address for some reason)

Hijack this

combofixlog_14Feb.txt

mbam_log_2009_02_14__00_07_07_.txt

hijackthis_14_feb.txt

combofixlog_14Feb.txt

mbam_log_2009_02_14__00_07_07_.txt

hijackthis_14_feb.txt

Share this post


Link to post
Share on other sites

Please click on START - RUN and copy/paste the contents of this CODE box in the run line and click OK

DEL /F /Q %WINDIR%\SYSTEM32\*.TMP

Then run this:

Disable and Enable System Restore-WINDOWS XP

This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.

Turn ON System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

Then download and run this AV scanner:

Download to the desktop: Dr.Web CureIt

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    check.gif
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

Share this post


Link to post
Share on other sites

I get a message saying windows cannot find "DEL".

Boot up is now inconsitent and unreliable

Although systme finds the wireless - there is no IP address and no internet connectivity (Same in Safe Mode)

I cannot run Notepad

run "CMD" gives the DOS box for 2 seconds before it disappears.

Share this post


Link to post
Share on other sites

Can you copy Dr Web over to it and run it from another PC please.

After it runs take a look at one of these fixes.

There are various issues that can cause loss of Internet activity. It could be Malware that is on your system that needs to be removed first, however it could also be from the removal of Malware or similar issues. Step one should be to ensure you remove any Malware from your system first.

Depending on what is wrong there are 3 methods of repair that you can try to re-establish connectivity.

METHOD 1

LSP-Fix

Repairs Winsock 2 settings, caused by buggy or improperly-removed Internet software, that result in loss of Internet access

METHOD 2

WinSock XP Fix 1.2

It can often cure the problem of lost connections after the removal of Adware components or improper uninstall of firewall applications or other tools that modify the XP network and Winsock settings.

If you encounter connection problems after removing network related software, Adware or after registry clean-up; and all other ways fail, then give WinSock XP Fix a try.

METHOD 3

Microsoft KB article to reset TCP/IP

One of the components of the Internet connection on your computer is a built-in set of instructions called TCP/IP. TCP/IP can sometimes become corrupted. If you cannot connect to the Internet and you have tried all other methods to resolve the problem, TCP/IP might be causing it.

Because TCP/IP is a core component of Windows, you cannot remove it. However, you can reset TCP/IP to its original state by using the NetShell utility (netsh)

Share this post


Link to post
Share on other sites

You have the Win32.Virut Virus. This infects executable files on your system.

This is very difficult if not impossible to fully remove and many advisers recommend to format the drive and re-install Windows.

Dr Web claims to have repaired many of the files according to that post. However it's best to scan with other tools as well and due to it's ability to spread to other systems on the network you might not want it on the network with your other computers.

In any case I would re-run the Dr Web scan and then maybe this scanner from Avira. Though saving your data and rebuilding the box is probably the best choice in this case.

Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

  • Download the
    Avira AntiVir Rescue System
    from
    here
  • Place a blank CD in your burner and double-click on the downloaded file.

  • The program will automatically burn the CD for you.

  • Place the burned CD into the affected computer and start the computer from this CD.

  • On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.

  • Click on the
    Configuration
    button.

    • Select
      Scan all files
    • Select
      Try to repair infected files
      and
      Rename files, if they cannot be removed

    • Select
      Scan for dialers

    • Select
      Scan for joke programs (Jokes)

    • Select
      Scan for games

    • Select
      Scan for spyware (SPR)

    [*]
    Click on
    Virus scanner

    [*]
    Click on
    Start scanner
    at the bottom of the screen

    [*]
    Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Screen resolution problems

Please see the post
here
if you're unable to view the entire screen of Avira.

Share this post


Link to post
Share on other sites

Thanks for the advice.

I will try the scans - but given problems network adapters on the PC and lack of internet connection I was contemplating the rebuild.

Share this post


Link to post
Share on other sites

I've done a bit more searching with other sites and no one of any reputation that I can find recommends trying to save the box either.

Get your data off, be sure you don't infect another system with any potential data saved. DO NOT save any EXE, SCR type files period.

Just your data.

Then wipe and rebuild.

If you need help or links on the rebuild process please let me know.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.