OTL log NEW
lols hahaha ask http://google.com about the removal of w32/kiddo or conficker …
Read the hole topic dude!
It is not about KIDO anymore!
I don’t have kido it seems!
Some download dropper or something that really makes your os run as slow as it can!
Almost invisible to the any AV. software…
READ THE TOPIC AND STOP TELLING STUPID ADVICES!
Btw i already googled it that’s how i ended up HERE in the first place!
Mr. google can’t provide any more useful advices cuz he’s not a human!
I need expert advice!
http://filelist.ro/pic/smilies/rant.gif
The otl made something now…
My yahoo messenger started with my OS as it should of.
Finally it started!
http://filelist.ro/pic/smilies/mml.gif
Still my pc freezes a lot and the speed is terrible!
If you guys can’t figure out something i will format my C:\ drive and install a fresh copy of Windows
http://filelist.ro/pic/smilies/cry.gif
If i can salvage this OS i will give you a
http://filelist.ro/pic/smilies/beer.gif
Hi dark-wisper
Try Avira RescueCD
- download it to a clean system (other than your infected computer)
- launch rescuecd.exe file and place a blank CD in your writer unit
- choose your burning device from the drop down list and press burn button. Please wait until the disc is created. At the end you should see a success message
- place the rescue disc in the infected computer and boot from it.
- scan your PC
after removal, come back to windows and then Please post here a HiJackThis log.
Lets go for a little TLC and then scan for rootkits
Download TFC to your desktop
[*]Open the file and close any other windows.
[*]It will close all programs itself when run, make sure to let it run uninterrupted.
[*]Click the Start button to begin the process. The program should not take long to finish its job
[*]Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
THEN
Download and run Auslogics Disc Defragmenter
NOW THE SCAN
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
Caution
These types of scans can produce false positives. Do NOT take any action on any “<— ROOKIT” entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
[*]Click NO
[*]In the right panel, you will see a bunch of boxes that have been checked … leave everything checked and ensure the Show all box is un-checked.
[*]Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
[]Click OK.
[]GMER will produce a log. Click on the [Save…] button, and in the File name area, type in “GMER.txt”
[*]Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Let’s start with posting this… i downloaded as advised in an earlier topic.
AVZ found something here but i think they’re false positive.
here is the log.
Hmm AVZ stated that it failed to find the image path - could you run GMER please to check that out
GMER gave me blue Screen Of DEATH.
Now OS is slower.
OK big boy time
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
I allready done that 3 times… found nothing
I will gie it another try.
If you could post the log as Combofix does not recognise all malware
Combo fix log:
It is attached to netsvc
-
Please open Notepad
[*] Click Start , then Run[*]Type notepad .exe in the Run Box. -
Now copy/paste the entire content of the codebox below into the Notepad window:
MBR::
NetSvc::
dsakaew
oydes
meeypeqgp
-
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
-
Save the above as CFScript.txt
-
Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
- After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
[*]Combofix.txt .
Log 2 here!
How is it running now ?
I have one port to close
-
Please open Notepad
[*] Click Start , then Run[*]Type notepad .exe in the Run Box. -
Now copy/paste the entire content of the codebox below into the Notepad window:
MBR::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6209:TCP"=-
-
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
-
Save the above as CFScript.txt
-
Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
- After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
[*]Combofix.txt .
Let’s say it works a bit faster.
Just a bit…
I will try the
MBR::Registry::
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“6209:TCP”=-
as you explained…
But it’s easier to do →
right click on desktop->new->word pad-> rename it to CFScript.txt
And pase the content of your post from the quote and save it to… Then drag 'n drop to combofix
Log 3 here
GMER log here
OK they both show clean of apparent malware now
Well my pc is moving really slow as my internet connection is horrible…
I can’t watch on youtube any clip… it loads a 5 minute clip in 30 minutes >:(
If you want i can pm you with my yahoo id and you can get into my pc using teamviewer.
I can give you my teamviewer id and pass through msn or what live messenger you have and connect onto my pc and try everything out.