Good morning! I’m SO thankful I have found this forum. I’m hoping someone can help me.
I came here initially because despite running Avast all the time, I had acquired the Internet Security 2010 virus. I downloaded Malwarebyte’s Anti-malware and was able to remove it. However, I am still having problems in that whenever I use a search engine, the links seem to take me somewhere else other than the site I’m looking for.
As advised in the Malwarebyte instructions, before I started, I uninstalled and reinstalled that program, ran it again and found nothing. Then I installed and ran OTL and have attached the results here.
Can anyone advise me what to do next? I’m not terribly adept at any of this but I can follow directions to the letter if they’re made clear!
[*]Download the attached Fix.txt to your desktop
[*]Drag and drop the file to the Custom Scans/Fixes box at the bottom,
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
Caution
These types of scans can produce false positives. Do NOT take any action on any “<— ROOKIT” entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
[*]Click NO
[*]In the right panel, you will see a bunch of boxes that have been checked … leave everything checked and ensure the Show all box is un-checked.
[*]Now click the Scan button. Once the scan is complete, you may receive another notice about rootkit activity.
[]Click OK.
[]GMER will produce a log. Click on the [Save…] button, and in the File name area, type in “GMER.txt”
[*]Save it where you can easily find it, such as your desktop.
Here’s what came up when the fix was complete. It’s not called OTL but I’m assuming it’s correct. Do I wait to do the next bit or do I do it while you’re checking this?
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
Well now I’ve got REAL problems because the computer won’t even boot up! It shut itself down sometime today whole I was gone and it won’t start even in safe mode. Not sure what to do at this point but I’m going out of town for a couple of days so it will just have to wait until I get back I guess.
ISOBurner this will allow you to burn OTLPE.iso to a CD and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions
Second
[*]Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
[*]When downloaded double click and this will then open ISOBurner to burn the file to CD
[*]Reboot your system using the boot CD you just created. Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
[*]Your system should now display a Reatogo desktop. Note : as you are running from CD it is not exactly speedy
[*]Double-click on the OTLPE icon.
[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes
[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start.
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system.
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.
Hi a few quick questions did it shut down and fail to start after the combofix run ?
At what stage does the computer shut down when you try to boot ?
Does it reference a file/driver at any stage ?
Did this happen after the last windows update ?
The reason I ask is that I can see no sign of combofix on the last log
I would like you to run OTLPE again please and type the following into the custom scans box
Okay, here’s the most recent scan with the custom options.
Actually, now that I go back and look at the sequence, it shut down and failed to start before I ever got to the combofix run. I couldn’t boot it up to even download it.
I’m not sure where it was getting hung up. It doesn’t shut down. It’s during the black screen after I select (“Windows XP for Home” or whatever it says)and it loads a long list of things. It gets to one of them (I want to say yes, it’s one of the drivers (I remember 32 being part of the name) then just sits there forever and never goes beyond that.
It looks like it was the windows update that killed it - this will happen with systems that are infected with TDL3. I will replace the infected file with a good copy and hopefully you should be able to get back in
Download the attached fix.txt
Copy to the USB you are using for transfers
Start OTLPE as you did previously from CD
[*]Insert your USB drive with fix.txt on it
[*]Start OTLPE
[*]Drag and drop fix.txt into the Custom scans and fixes box
[*]If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done to normal mode if possible
[*]Then post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
Hurray! I was able to restart normally and everything looks fine. However, since thOTL log was short, I copied it intending to paste it into the message rather than attaching it, but then couldn’t couldn’t open any sort of program to copy it into and the computer froze and I had to just turn the power off to restart it, so I don’t have the log from running the fix.
On a very bright note, it looks like the redirects are gone, so it would APPEAR my problem is solved, but I’m not sure, so you tell me, what would you like me to do next, if anything?
Oh, and YES, the first thing I saw once it was started up was the infamous, Windows update notification so it looks like you’re right about that causing the inability to boot up!
