OK when you start the computer immediately press and hold F8
A menu will then appear
From the list select “repair my computer”
If that should fail then we will reset the system and approach it a different way
Again get to the safe mode menu but this time select
Safe mode with a Command prompt
At the command prompt, type %systemroot%\system32\restore\rstrui.exe and then press ENTER.
Follow the instructions that appear on the screen to restore your computer to a functional state.
system
December 22, 2011, 8:42pm
22
Ok, going to do the first and see how it works.
Wish me luck.
system
December 22, 2011, 9:05pm
23
didn’t work out and i didn’t had the Safe mode with a Command prompt, but as i have an Acer i hitted alt+f10 hopping for any restoration menu, but now i’m on a screen that say
Edit windows boot options for: Windows Setup
Path: \windows\system32\boot\winload.exe
and then a large command in ending in boot.wim.
Damn, how do i have to proceed?
Edit: Sorry if i’m panicing a little, but i’m kind of scared.
Edit 2: Also, if it is helpfull, i’m windows 7
Aye those were commands for windows 7
OK lets try a different approach now
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications , usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
system
December 22, 2011, 9:33pm
25
Well, now i activate the normal mode the antivirus aren’t active. And now i clicked it and it doenst load, still thinking.
Should i try in safe mode?
edit: ok, forget last part, and the antivirus suddenly came out, but deactivated, also now is trying to create a restore point.
So you are now back in normal Mode ?
system
December 22, 2011, 9:38pm
27
I am.
Damn it, i’m doing it wrong? is completing the stages well i think.
When i pass you the log you can tell me later.
system
December 22, 2011, 9:43pm
28
one thing, autoscan is part of the combofix?
Yep it will check all known malware infection points
system
December 22, 2011, 9:48pm
30
ok, i got scared.
Also, when rebooted it got the black background again, so i had to restart and enter the safe mode, now is preparing the log.
It can be scary the first time you see it run ;D
system
December 22, 2011, 9:54pm
32
Alright, theres the log, but i don’t see it worked.
So what do we do now?
Also i have to say that the avast and MBAM poped out when it started.
OK I think I know what the black screen problem was… OTL was still clearing all of your temporary folders (they must have been rather full )
What problems are you experiencing at the moment ?
system
December 22, 2011, 10:00pm
34
well, now it got slow, the voice recognition (that was infected i think) doesn’t work, Didn’t checked out but avast didnt work (as it was broken or something)
Now i don’t know what is going on, so how should i proceed from know?
Well, well, not really slow but the programs that start with the computer doesn’t start untill a long while, don’t know how is now as i’m scared to try.
Also, can you tell me what was going on with the install file on the d:? thats my restore disk to restart the computer into factory configuration. I would like to know if it got infected too and i can confirm i’m damned.
Is avast working now ?
If not then run a repair
Go to control panel
Programs and Features
Select Avast
On the popup scroll down on the left to the repair and select that
system
December 22, 2011, 10:06pm
36
can i do it on safe mode?
system
December 22, 2011, 10:10pm
37
ok, tried to do it on safe mode and gave me an error saying.
Error procesing packages.
Please use full update.
And then this:
22.12.2011 23:08:49 general: Started: 22.12.2011, 23:08:49
22.12.2011 23:08:49 general: Running setup_ais-509 (1289)
22.12.2011 23:08:49 system: Operating system: Windows 7 ver 6.1, build 7600, sp 0.0 x64
22.12.2011 23:08:49 system: Memory: 13% load. Phys:4194303/4194303K free, Page:4194303/4194303K free, Virt:2029324/2097024K free
22.12.2011 23:08:49 system: Computer WinName: USUARIO-PC
22.12.2011 23:08:49 system: Windows Net User: Usuario-PC\Usuario
22.12.2011 23:08:49 general: Cmdline: /uninstwiz
22.12.2011 23:08:49 general: Old version: 509 (1289)
22.12.2011 23:08:49 registry: Deleted registry: Software\AVAST Software\Avast\UpdateReady
22.12.2011 23:08:49 system: Using temp: C:\Users\Usuario\AppData\Local\Temp_asw_aisI.tm~a01492 (251384M free)
22.12.2011 23:08:49 general: SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
22.12.2011 23:08:49 general: DldSrc set to inet
22.12.2011 23:08:49 internet: SYNCER: Agent=Syncer/5.00 (ais-1289;p)
22.12.2011 23:08:49 system: Computer DnsName: Usuario-PC
22.12.2011 23:08:49 system: Computer Ip Addr: 192.168.1.2
22.12.2011 23:08:49 system: Installed in: C:\Program Files\AVAST Software\Avast (251384M free)
22.12.2011 23:08:49 internet: SYNCER: Type: use IE settings
22.12.2011 23:08:49 internet: SYNCER: Auth: another authentication, use WinInet
22.12.2011 23:08:49 package: Part prg_ais-509 is installed
22.12.2011 23:08:49 package: Part vps_win32-11122200 is installed
22.12.2011 23:08:49 package: Part setup_ais-509 is installed
22.12.2011 23:08:49 package: Part jrog-a7 is installed
22.12.2011 23:08:49 package: Part jrog2-3b9 is installed
22.12.2011 23:08:49 general: LoadState: Edition=1
22.12.2011 23:08:49 general: Old version: 509 (1289)
22.12.2011 23:08:49 file: SetExistingFilesBitmap: 944->430->429
22.12.2011 23:08:49 general: GUID: 49695e14-7f89-453f-9a78-83a5dd1e8ed3
22.12.2011 23:08:49 general: Server definition(s) loaded for ‘main’: 255 (maintenance:0)
22.12.2011 23:08:49 general: SelectCurrent: selected server ‘Download323 AVAST5 Server’ from ‘main’
22.12.2011 23:08:49 internet: SYNCER: Type: use IE settings
22.12.2011 23:08:49 internet: SYNCER: Auth: another authentication, use WinInet
22.12.2011 23:08:54 general: Operation set to INST_OP_REPAIR
22.12.2011 23:08:54 general: Entered SetupProcessAIS::Do( INST_OP_REPAIR )
22.12.2011 23:08:54 general: Entered SetupProcessWin32Avast::Do( INST_OP_REPAIR )
22.12.2011 23:08:54 general: Entered SetupProcessWin32::Do( INST_OP_REPAIR )
22.12.2011 23:08:54 general: Entered SetupProcess::Do( INST_OP_REPAIR )
22.12.2011 23:08:54 general: Entered SetupProcessAIS::Do( INST_OP_UPDATE_INSTALL_PACKAGES )
22.12.2011 23:08:54 general: Entered SetupProcessWin32Avast::Do( INST_OP_UPDATE_INSTALL_PACKAGES )
22.12.2011 23:08:54 general: Entering:UpdateInstallPackages
22.12.2011 23:08:54 general: progress thread start
22.12.2011 23:08:54 package: LoadProductVpu: C:\Program Files\AVAST Software\Avast\Setup\prod-ais.vpx
22.12.2011 23:08:54 package: ERROR: Unable to verify prod-ais.vpx, error 0x2000000B
22.12.2011 23:08:54 package: Error processing packages. 0x20000011
system
December 22, 2011, 10:19pm
39
ok, this is weird.
The computer doesn’t look working weirdly except by the fact that every starting program doesn’t start at the very beggining like always.
And the error is the same. I’ll post the inform in the next post.
system
December 22, 2011, 10:20pm
40
22.12.2011 23:17:12 general: Started: 22.12.2011, 23:17:12
22.12.2011 23:17:12 general: Running setup_ais-509 (1289)
22.12.2011 23:17:12 system: Operating system: Windows 7 ver 6.1, build 7600, sp 0.0 x64
22.12.2011 23:17:12 system: Memory: 17% load. Phys:4194303/4194303K free, Page:4194303/4194303K free, Virt:2029312/2097024K free
22.12.2011 23:17:12 system: Computer WinName: USUARIO-PC
22.12.2011 23:17:12 system: Windows Net User: Usuario-PC\Usuario
22.12.2011 23:17:12 general: Cmdline: /uninstwiz
22.12.2011 23:17:12 general: Old version: 509 (1289)
22.12.2011 23:17:12 system: Using temp: C:\Users\Usuario\AppData\Local\Temp_asw_aisI.tm~a04136 (251417M free)
22.12.2011 23:17:12 general: SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
22.12.2011 23:17:12 general: DldSrc set to inet
22.12.2011 23:17:12 internet: SYNCER: Agent=Syncer/5.00 (ais-1289;p)
22.12.2011 23:17:12 system: Computer DnsName: Usuario-PC
22.12.2011 23:17:12 system: Computer Ip Addr: 192.168.1.2
22.12.2011 23:17:12 system: Installed in: C:\Program Files\AVAST Software\Avast (251417M free)
22.12.2011 23:17:12 internet: SYNCER: Type: use IE settings
22.12.2011 23:17:12 internet: SYNCER: Auth: another authentication, use WinInet
22.12.2011 23:17:12 package: Part prg_ais-509 is installed
22.12.2011 23:17:12 package: Part vps_win32-11122200 is installed
22.12.2011 23:17:12 package: Part setup_ais-509 is installed
22.12.2011 23:17:12 package: Part jrog-a7 is installed
22.12.2011 23:17:12 package: Part jrog2-3b9 is installed
22.12.2011 23:17:12 general: LoadState: Edition=1
22.12.2011 23:17:12 general: Old version: 509 (1289)
22.12.2011 23:17:12 file: SetExistingFilesBitmap: 944->430->429
22.12.2011 23:17:12 general: GUID: 49695e14-7f89-453f-9a78-83a5dd1e8ed3
22.12.2011 23:17:12 general: Server definition(s) loaded for ‘main’: 255 (maintenance:0)
22.12.2011 23:17:12 general: SelectCurrent: selected server ‘Download347 AVAST5 Server’ from ‘main’
22.12.2011 23:17:12 internet: SYNCER: Type: use IE settings
22.12.2011 23:17:12 internet: SYNCER: Auth: another authentication, use WinInet
22.12.2011 23:18:30 general: Operation set to INST_OP_REPAIR
22.12.2011 23:18:30 general: Entered SetupProcessAIS::Do( INST_OP_REPAIR )
22.12.2011 23:18:30 general: Entered SetupProcessWin32Avast::Do( INST_OP_REPAIR )
22.12.2011 23:18:30 general: Entered SetupProcessWin32::Do( INST_OP_REPAIR )
22.12.2011 23:18:30 general: Entered SetupProcess::Do( INST_OP_REPAIR )
22.12.2011 23:18:30 general: Entered SetupProcessAIS::Do( INST_OP_UPDATE_INSTALL_PACKAGES )
22.12.2011 23:18:30 general: Entered SetupProcessWin32Avast::Do( INST_OP_UPDATE_INSTALL_PACKAGES )
22.12.2011 23:18:30 general: Entering:UpdateInstallPackages
22.12.2011 23:18:30 general: progress thread start
22.12.2011 23:18:30 package: LoadProductVpu: C:\Program Files\AVAST Software\Avast\Setup\prod-ais.vpx
22.12.2011 23:18:30 package: ERROR: Unable to verify prod-ais.vpx, error 0x2000000B
22.12.2011 23:18:30 package: Error processing packages. 0x20000011
Also, thanks to MBAM i know i’m still infected and recieving attacks.