My desktop is infected with this. I have tried the fix as posted on Bleeping computer. I can’t do anything on the computer, so I unplugged it from the internet. Put rkill, iExplore, eXplorer, and exehelper on my flash from my laptop. Ran them on the desktop- rkill terminated rkill, the others just showed a log with nothing terminated and a message about do you want to continue running in safe mode. I clicked yes most times, nothing happened. Could not get Malwarebytes to run. When I checked that I didn’t want to run in safe mode, it gave me choices to roll back, but of course, these didn’t work.
What do I do now?
Also, are any of my passwords at risk and will my other lap tops be ok connected via wireless, but not on a network?
Thanks tons,
Sequoia
Try this
Note: If using Firefox right-click on any download links and choose Save As
Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop
Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.
http://oldtimer.geekstogo.com/OTH/OTH_Main.gif
Then select Start OTL. OTL will now run
[*]Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
Select Scan.txt that you downloaded
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Click the Internet Explorer button, post these logs in your Virus Removal topic.
I put the files on to my flash, since I can’t do anything on the desktop. I tried to open the OTH.scr file and it opens up in the notepad with gibberish and the comment that it needs to be run under Win32. How do I do that please?
Sequoia
btw: what’s your avast version? v4 or v5?
v4 running on a xp os
I will update once I get back on-line!
since i can’t obtain any samples from v5 users, there’s a probability that v5 detects at least one part of the infection chain and stops it while v4 does not… it could be caused by some additional module in v5 (heur engine, generic unpacker etc)… anyway, it’s difficult to elaborate on it when we don’t have relevant samples for this particular rogue family… as a general note, i can really suggest to install v5, there may be significant differences in proactive detections of pretty fresh (unknown) malware…
Well, I won’t be able to install the newer version of Avast, yet, since I can’t get my desktop to allow me to run anything.
So back to the main problem, any suggestions on what I need to do to get the changes made that I need to so that I can run Malwarebytes?
I can’t even get a log established since I don’t know how to make it run in Win32 to open up the OTH, then the OTL.
Thanks,
Sequoia
bleepingcomputers.com describes manual removal steps… it would be great if you could locate the binary and rename it (it’s possible even when the binary is running) and restart your pc… after restarting the malware won’t run anymore and you should be able to send us the renamed sample (and install new version of avast etc)…
Did you use Firefox to download the files ? If so you need to right click and select save as… Otherwise FF will not save it properly - it is an exe file disguised as a screen saver which is why FF gets confused and does not save it correctly