I am posting from a different computer. The infected machine is a Dell desktop running Windows XP SP3, Avast free, and Malwarebytes Pro. Avast scan results found C\Documents and Settings\username\Application Data\adaware\data\111117070025-f. list is infected by JS.downloader-BLR (trojan). This has been placed in the Virus Chest for now.
I believe I know the probable source of the infection. Another family member received an email which was empty when opened. The sender was called with questions. The sender said her email account has been hacked, and several of her contacts have received similar emails.
My time demands prevent me form spending long periods of uninterrupted time devoted to this; so I will have to follow instructions in a piece meal fashion. I hope to find the time to post back today. If not, I will definitely post back by tomorrow.
We had to wait for the bank to open. We have just notified the bank of the possibility of online banking activities being compromised. The password has been changed on a clean computer. MBAM scan is running on the infected machine. I will return to the other steps after completing some higher priority tasks.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
The infected machine has a damaged operating system. It does not and has not had System Restore for over two years. I use full image backups as a fall back. It is a long story. There have been several attempts to find System Restore or repair the OS to regain it. For that reason I did not paste the [CREATERESTOREPOINT] command in the previos scan. With that in mind – Will the absence of System Restore hider the fix if I include the command? Should I exclude [CREATERESTOREPOINT] in the fix?
I have encountered a problem which may be self inflicted. While running the fix, OTL stalled. The bottom of the window says that it is killing processes. This message has been displayed for over 45 minutes with no change.
I may have caused this because MBAM displayed a window stating that MBAM had been unexpectedly terminated. Out of force of habit (without thought) I closed the MBAM window.
I need to know if I should initiate the fix again or not. One way or the other I will find it necessary to shut down the infected computer within about one hour. When the afternoon sun shines on the side of the house where this computer is located, the room gets too hot to safely run the computer.
Yes but first you will need to stop MBAM from running at windows start as that is blocking OTL from running
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run[/color]
To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from “Start with Windows”
Reboot and start with number 1. below to run the OTL fix.
not a problem… I just make sure I read every line. (a good practice when performing downloads, installations, and updates) It is better to question than to assume.
The XP machine is off until the room cools off. I have disabled MBAM from running at start up. I will fix it later and run a new scan. I suspect that I should delete the offending file which is in the Virus Chest right now.
Regarding your offer to attempt to fix the missing System Restore, sure let’s give it a try after confirmation that the computer is clean… I am guessing that farbar service scanner is the first step. Hopefully the attempt will be successful. If not I can always proceed to an attempt to perform a repair install. I have the factory installation disks. I was preparing for that task when the infection showed up.
Click the Globe under my Avatar, that will take you to my skydrive. There you will find a zip folder with your name on it
Download that to the desktop and extract the two reg files inside to your desktop
Right click each in turn and select merge
Reboot.
System restore should now be available.
The logs look clean now… I can dig deeper if you wish though
I followed your instructions. System restore still does not work. I performed multiple reboots to see if that would help. When attemtping to access system restore I receive this message.
System restore is not able to protect you or computer. Please restart your computere, and then run system restore again.
Do we need to try something else?
As for anomalies … On the first attempt to access system restore, Control Panel froze up. I had to use task manager to end the process and reboot again. I have spent very little time on that machine lately. It seems to be running much slower than it did previously. It has too many users and too many programs installed on it. I am unsure if editing the startup programs and processes will resolve that problem. One way or the that task would take me a long time because I would have to research most of the entries.
The quick scan results are attached. Is it worthwhile to try something else to regain use of System Restore, or is a repair install my only reasonable cure? (I sure hate the thought of installing and configuring those 100+ programs.)
Click Start, Run and type %Windir%\INF
Locate the SR.INF file. If you have configured Windows Explorer to hide known file extensions, the file may show up as SR.
To see the file extensions for all file types, then try this:
On the Tools menu in My Computer, click Folder Options.
Click the View tab.
Clear the Hide extensions for known file types check box.
Right-click the SR.INF file, and then click Install
Windows will now attempt to reinstall System Restore, and may prompt you for the Windows installation source path.
Point to %Windir%\ServicePackFiles folder, or insert your slipstreamed Windows XP (matching the Service Pack level of your system.)
System Restore core files will be reinstalled. Restart Windows when prompted.