I normally use this iMac, but I keep a PC because I use a couple of programs that are not available to run on mac OSX. The PC is fairly modern and I’m using Windows Vista Home Edition on it. I had been using Panda AV, but was so impressed with AVAST and the help I got with my wife’s HP PC… that I decided to switch, and discovered that somehow I picked up some maleware. The Vista machine has AntiMaleware Bytes on it, but when I went to run it, it said I didn’t have permission to access that. Even though it was installed, I can no longer find any trace of AMB or how to run a scan. BTW, I was logged in as administrator.
So I need some help. Please advise me on what steps to take to start the process. I want to install AVAST free edition and also get Anti Malwarebytes going again. And tell me if I need to sign in as Administrator or as a User and in regular or safe mode. Thanks in advance for the help.
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs
Here’s the scan data. I will DL per instructions but bear with me as I’m doing this by using a USB stick since the redirect won’t allow me to go to any designated page.
I have tried to download OTL and for some reason I wind up on a blank page on my mac, and on the pc I get a fatal error line of script at the top of the page. Is there an alternative E’Boy?
Luckily… I still had OTL on my wife’s desktop from the last time you helped me fix her problem. Copied it to the USB, then to the now ailing Vista desktop and pasted in the info, ran quick scan but nothing seems to be happening. Should the txt files appear in the desktop directory?
[]Quit all running programs
[]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[]When prompted, type 1 and validate
[]The RKreport.txt shall be generated next to the executable.
[*]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
That didn’t work. I renamed it, put it on the desktop and ran it… but the TXT files never appear. If I try to run it again, I get a popup window saying; “Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.” Would this stuff work if I was in safe mode?
Morning E’Boy… Well, nothing happening in safe mode either. Tried running RogueKiller and it did tell me that it was an outdated version but I tried to run it, nothing. Went up to my wife’s PC and downloaded the latest version to the USB stick, also have ComboFix on that stick, but I tried running the updated version on her PC just to confirm that a txt file was produced, then came back downstairs and tried copying the latest RogueKiller.exe to the desktop and ran it… NADA. Just runs and nothing appears.
BTW, what about fixing the permissions issue? Whenever I try to run Malwarebytes I get that popup about not having permission to access it.
If you have other suggestions I’ll try them as you shoot ideas this way. As always… thanks for the help.
OK lets work outside of windows to kill this nasty
OK next we will work outside of windows then Please print these instruction out so that you know what you are doing
[*]Download OTLPENet.exe to your desktop
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
[*]Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
[*]Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy [*]Double-click on the OTLPE icon.[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start
[*]Drag and drop this attached scan.txt into the Custom scans and fixes box, or double click the scan box
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.
In the OTLPE window, do you want me to use “Run Scan” or “Quick Scan”? I tried Run Scan and its about 2 minutes since I saw anthing moving in the bottom window pane, no C:/OTL.txt showing up or is is still scanning in the background? Will it say “Completed” when done?
It looks as though netbt.sys is infected with a TDL3 type. Run this from either safe or normal mode no matter which
Please read carefully and follow these steps.
[*]DownloadTDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
Downloaded the TDSKiller to my desktop as suggested, and tried to run it… scans four items and closes in less than one second. Doesn’t look like its scanning the entire C:\ drive in less than one second. Duration is 00:00:0 Processed: 0 Objects, Infection: Not Found. Doesn’t sound like its running properly. Ran it in safe mode and its not asking me to reboot or anything.
