Jump to content

antimalwar doctor virus not able to tur on my PC


Recommended Posts

the virus antimalwar doctor is blocking me from using windows xp it is always restarting. I am not able to use windows even in safe mode.

I am working outside Windows.

i Followed these first steps on another PC:

1. Download OTLPEStd.exe to your desktop.

2. Ensure that you have a blank CD in the drive.

3. Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD.

4. Reboot the infected system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here.

5. As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads. smile.gif

6. Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy.

7. Double-click on the OTLPE icon.

8. Select the Windows folder of the infected drive if it asks for a location.

9. When asked "Do you wish to load the remote registry", select Yes.

10. When asked "Do you wish to load remote user profile(s) for scanning", select Yes.

11. Ensure the box "Automatically Load All Remaining Users" is checked and press OK.

12. OTL should now start.

13. Double-click on the Custom Scans/Fixes box and a message box will popup asking if you want to load a custom scan from a file.

Select Scan.txt on your USB drive.

14. Press Run Scan to start the scan.

15. When finished, the file will be saved in drive C:\OTL.txt.

here is the link for the file:

http://www.cijoint.fr/cjlink.php?file=cj20.../cijkYpUP5g.txt

Please Help

Link to post
Share on other sites

Hello tatiana

Welcome to Malwarebytes.

=====================

It is no longer allowed that we use OTLPE.

But under the circumstances (since you already have it) then I will help you remove the malware with it.

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Link to post
Share on other sites

Hi,

I prefer trying to clean the machine first to avoid wasting time reinstalling all the software/tools I need.

I will then use malwarebytes and an anti virus to scan the machine after this.

Can you help me to do this please?

TIA,

Tatiana

Hello tatiana

Welcome to Malwarebytes.

=====================

It is no longer allowed that we use OTLPE.

But under the circumstances (since you already have it) then I will help you remove the malware with it.

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Link to post
Share on other sites

Run OTLPE

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\oxlhkela.sys -- (oxlhkela)

DRV - [2010/10/19 08:59:31 | 000,054,016 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\uegmnl.sys -- (qhodc)

O4 - HKU\joseph_ON_C..\Run: [COM+ Manager] C:\Documents and Settings\joseph\.COMMgr\complmgr.exe ()

O4 - HKU\joseph_ON_C..\Run: [mediarealease70x700hh.exe] C:\Documents and Settings\joseph\Application Data\8267C1D234C96D4B544675A53B629E44\mediarealease70x700hh.exe (?????????? ??????????)

O4 - Startup: C:\Documents and Settings\joseph\Menu D

Link to post
Share on other sites

hi,

The scan is finish and I asked malwarebyte to delete the 6 found infections.

I then tried to open my session but I still have no icones on the desk just the background.

Below the report of the scan of malwarbyte.

Thank you in advance for your help.

-------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Version de la base de donn

Link to post
Share on other sites

hi,

The scan is finish and I asked malwarebyte to delete the 6 found infections.

I then tried to open my session but I still have no icones on the desk just the background.

Below the report of the scan of malwarbyte.

Thank you in advance for your help.

-------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Version de la base de donn

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Also post the OTL log please it is located here C:\_OTl\Moved Files\*.txt (where * is the time and date you ran OTL)

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Also post the OTL log please it is located here C:\_OTl\Moved Files\*.txt (where * is the time and date you ran OTL)

I decided to reinstall windows

thank you verry much for the help

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.