I came home last week to find my current virus protection (McAfee) was in the process of being removed and I didn’t have the ability to cancel it out. (My son and his friend was apparantly on my computer viewing sites that are known for viruses, adult sites). Then I received notice that Windows needed to shut down in order to protect computer, got blue screen, saying something about memory bios. Since then I have been able to go into safemode to download and run other virus scan such as TrendMicro and Eset (not McAfee, will not let me reinstall it). Was just recently advised that Avast is a very good program. After removing viruses using Eset and Trend, was able to downlown Avast, ran scans and removed more viruses. Now it’s say my system is secured, however after I’m on the computer, I can hear music, or something that sounds like commercial ads. At that point if I try to use IE, it tells me “webpage cannot be found”, or it will redirect me to another webpage such as bing, or yellow pages. I have ran numerous scans using Avast, some have found virus and removed them using a quick scan, however will not let me do a full scan, I get error messages such as: some file cannot be scanned, File Name:BootC: Error no more data is available or File Name *MBR0: Error maximum number of secrets that can be stored has been reached. I also tried loading Malwarebytes in safemode and regular mode, it will install files, but will not launch a scan, even when i try to double click the exe file for malwarebytes. Somehow once I remove a virus, others are still able to get thru, Avast did give me information that a malware threat was stopped while I was using the computer. One scan from a different virus scan (cannot recall which 1) indicated I had some type of Backdoor virus but the scan hadn’t finished yet, before the complete scan could finish, my computer froze and shut down again. Once again, i hear what sounds like comercial ads. Unable to view any virus web pages again. Please help me. Also seem to have to click more times than normal, which might suggest i have spyware. Can’t install superantispyware either. I have logs from Avast, also from Hijack. Still somehting is wrong.
Hello
Plan a avast scan at startup, when you’re in you run a scan to scan will then start in areas a scanner you all my hard drives and you click the bottom plan now and then you restart and you let avast to work.
You told me that he is found and you launch a scan with malwarebytes in safe mode puts you up to date before!
Yes, I did that, I ran Avast at startup, scanned all the harddisks, according to the report no virus was found. Malwarebytes does not launch, it will install, but I can’t get it to run a scan. I’ve now loaded a new web browser, because I believe the problem has something to do with Internet Explorer. Or if I try to launch a spyware scan from numerous different sources, I get a message saying not allowed by administrator. I am the administrator on this computer. I wonder if the virus has changed that status now. I tried to Defrag my system, I can’t even do that now. I’m currently in safemode, gonna try to run some otherI I know the their is still something wrong with the computer, even though Avast say no virus found and system is secured, but I hear the commercial ads again. Maybe because I went to IE web browser? Going forward, gonna use Firefox. Yep, and still have to click like 3 times for it to process. Had to click “post” for this 3 times.
Try this for starters - it can be run from safe mode, if you do not have an internet connection ignore the update portion - you may have to upload to mediafire and post the sharing link for me to get the data
Download avz4.zip from here
[*]Unzip it to your desktop to a folder named avz4
[*]Double click on AVZ.exe to run it.
[*]Run an update by clicking the Auto Update button on the Right of the Log window:
http://i768.photobucket.com/albums/xx326/perplexus13/malware/avz-update-button.png
[*]Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again
[*] Start AVZ.
[*] Choose from the menu “File” => "Standard scripts " and mark the "Advanced System Analysis with Malware removal mode enabled " check box.
http://perplexus.geekstogo.com/avz-standardscripts-asa-removal.png
[*] Click on the “Execute selected scripts”.
[*] Automatic scanning, healing and system check will be executed.
[*] A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
[] It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
[] All applications will work properly after the system restart.
When restarted
[*] Start AVZ.
[*] Choose from the menu “File” => "Standard scripts " and mark the “Advanced System Analysis " check box.
http://i768.photobucket.com/albums/xx326/perplexus13/malware/avz-standardscripts.png
[*] Click on the “Execute selected scripts”.
[*] A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post
To attach a file, do the following:
[*]Click Add Reply
[*]Under the reply panel is the Attachments Panel
[*]Browse for the attachment file you want to upload, then click the green Upload button
[*]Once it has uploaded, click the Manage Current Attachments drop down box
[*]Click on
http://www.geekstogo.com/forum/style_images/11168623649/folder_attach_images/attach_add.png
to insert the attachment into your post
Not sure I did this correctly. I didn’t reboot my computer until after 1st execute selected scripts was completed. I then restarted computer in safemode, but just got hourglass (frozen for about 20 mins). I then restarted computer again in regular mode, (got to screen name menu and then froze), turned off computer and restarted in safemode with networking (nothing again), then turned off and restarted in safemode with networking again, this time it worked. Was able to finish the next execute selected scripts. Now I’m still confused, it says to “add reply” I don’t see that option available. I hope it’s meant to be attached here.
…back after trying to send zip files thru the additional options below, got error message unable to attach those types of files (allowed file types: txt, jpg, gif, png, log). Need to know still how to submit the zip files to you?
Ok I was taking note previously of those numerous scans I was running using different programs before I installed Avast. I mentioned above about a backdoor virus, here is the actual name and location of it: C:\sckw.exe BackDoor-DKI.gen.bm, but as I mentioned the system had shut down before I could do anything with it. Another 1, Avast did catch and I believe I deleted it or put it in a chest, it’s name and location was C:\RECYCLER.…\Dc75.exe FakeAlert-KS.a.
Please I hope you can continue to help me, just need to know how to send zip files to you?
My aplologies that end script was for another forum where those attachments are allowed
upload to Mediafire and post the sharing link.
No apologies necessary, I just appreciated all the help you are giving me. This was my 1st time using mediafire, hope I completed it ok. Let me know if I need to resend. Also note the names and location above of possible virus still on here. Thanks again for all your help.
http://www.mediafire.com/file/onjikoyj4jx/virusinfo_syscheck.zip
http://www.mediafire.com/file/g5ihzdnjquv/virusinfo_syscure.zip
I hope the zips completed correctly because as I mentioned earlier, not sure if I aborted the zip by continously restarting and shutting off computer. I do see more folders in the “Log” file. If you need me to redo the process let me know. Not sure once I restarted my computer if I was to let the zip complete before Windows installed? Is that why my computer froze due to the zip process being incomplete? Let me know if links above are ok. Crossing fingers hope I did this correctly.
You did fine
AVZ FIX
[*] Double click on AVZ.exe
[*] Click File > Custom scripts
[*] Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end )
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
SetAVZPMStatus(True);
DelCLSID('{5E2121EE-0300-11D4-8D3B-444553540000}');
BC_DeleteFile('C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\extrac64_cab.exe');
DeleteFile('C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\extrac64_cab.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','extrac64_cab.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','RTHDBPL');
BC_DeleteFile('C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\wsoxcmenar.tmp');
DeleteFile('C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\wsoxcmenar.tmp');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','NI.UWAS5LP_0001_0811');
BC_DeleteFile('C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\4TEN8XYN\WAS5Scan[1].exe');
DeleteFile('C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\4TEN8XYN\WAS5Scan[1].exe');
BC_DeleteFile('C:\PROGRA~1\MALWAR~1\mdext.dll');
DeleteFile('C:\PROGRA~1\MALWAR~1\mdext.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[*] Note: When you run the script, your PC will be restarted
[*] Click Run
[*] Restart your PC if it doesn't do it automatically.
ON COMPLETION
Malwarebytes’ Anti-Malware
Please download Malwarebytes’ Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Ok i ran the code in custom script. My computer did restart on it’s on, but the “Found New Hardware” wizard popped up but from unknown source, asking if I want to install? Once again, hearing the ads. I did the first of to run the code in regular mode, should I do this in safemode? Not gonna install the new hardware until I hear back from you, but should I complete the rest of your instructions which is to install malware? Sorry but can’t paste a screen print.
blue screen is a software or device that are not compatible to your pc thats why they got a blue screen…,.
You need to check your pc to the technician because ur pc need to format and check the drivers or softwares that are having a conflict to your pc.
Ok i went ahead and downloaded the malware program, installation finished. It shows 3 things for the the 1) malware application to launch, 2) a help menu, and then the 3) uninstall for malware, however I can view the help screen information but it still will not launch the scan. I also tried to use the command parameters to scan, nothing. After I ran that custom script, something seems to be wrong with Internet Explorer and Firefox, that’s when that new hardware box showed it. It says unknown, but tried to install it and it’s seems to be so type of driver it’s trying to install, but was unsuccessful, couldn’t find information without a disk to complete process, don’t know what disk because it’s from an unknown source. I keep getting numerous pop up from IE saying encountered a problem and needs to close, even when computer is 1st booted up (have about 60 boxes now, I just keep moving them down, because if i hit “dont send”, IE will shut down. This was another version of IE i found on the computer in order to get to this site again. Firefox crashed, i chose not to send that report either, but somehow it still generated 1 and sent it. Probably not really firefox. I got lucky and found this to use. It showed that new program of that malware was on my computer, something keeping it still from launching. Sorry I can’t send you that report, because I can’t get it to launch. Anything else I can do? I’m gonna be bald soon, lol. Found exe files for TrendMicro and Eset, trend found no virus, eset found a trojan called Win32Olmarik, tried to clean it but eset couldn’t, so i then selected "no action:. Avast stopped a malware attempt trying to enter from Internet Explore, but avast said it was nothing more I needed to do. Some of this might be duplicate information because, I keep losing my location where i am typing at. Gonna try to send zip file of what Eset spywatcher logged just from me coming back to this site:
http://www.mediafire.com/file/ltctzgxzmjh/SysInspector-TILLMANS-100202-0120.zip
ok back again after hours, got eset nod32 to run a complete scan, I am going to remove eset off of computer now because i know it will conflict with avast, but it found 6 file, 1 removed, am attaching a zip file of that log, the programs at top of this zip were the ones found with a virus, they showed in red on the log, but I couldn’t get the color to show up for the text file. . Please keep helping me, i really like avast and avast service team. Thanks again Here’s the zip file of that log:
http://www.mediafire.com/file/qz3mwyqz5dj/LOGFROMESETNOD32.txt
It cleared most of the stuff from Qoobox (combofix quarantine) plus one of Avasts drivers
Lets have a look elsewhere on your system now. When did you run combofix and do you have the log ?
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.
Download OTS to your Desktop
[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
[*]Reg - Shell Spawning
[*]File - Lop Check
[*]File - Purity Scan
[*]Evnt - EvtViewer (last 10)
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post. if possible
Ok that’s probably answer the question why Avast keep aborting. Gonna run the OTS now, but any ideas on what’s going on with my Internet Explorer and FireFox? About 30 encountered error boxes again for IE. wonder if it’s in my startup, maybe that’s why? can’t go thru msconfig and change anything now, because keeps saying need to be admin? Is the combofix Hijack? Sorry not letting me go to the OTS page, keep getting message “Internet Cannot display page”, Firefox says http://oldtimer.geekstogo.com/.
Try this link http://cid-32d8666f4048075b.skydrive.live.com/self.aspx/Malware%20files/OTS.exe?lc=2057
The malware has respawned
OK that worked, here’s the OTS log.
ON completion of this I would like you to run MBAM and then let me know how it is running
Start OTS. Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Driver Services - Safe List]
YY -> (uzi0ndmw) AVZ-RK Kernel Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\uzi0ndmw.sys
YY -> (mfehidk) McAfee Inc. mfehidk [Kernel | System | Stopped] -> C:\WINDOWS\system32\drivers\mfehidk.sys
YY -> (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mfeavfk.sys
YY -> (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mfesmfk.sys
YY -> (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mfebopk.sys
YY -> (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mferkdk.sys
YY -> (eeCtrl) Symantec Eraser Control driver [Kernel | System | Stopped] -> C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > ->
YN -> HKEY_USERS\.DEFAULT\: "ProxyOverride" -> <local>;cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com
YN -> HKEY_USERS\.DEFAULT\: "ProxyServer" -> http=localhost:4363
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > ->
YN -> HKEY_USERS\S-1-5-18\: "ProxyOverride" -> <local>;cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com
YN -> HKEY_USERS\S-1-5-18\: "ProxyServer" -> http=localhost:4363
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2169575358-2773345186-1502121881-1009\] > ->
YN -> HKEY_USERS\S-1-5-21-2169575358-2773345186-1502121881-1009\: "ProxyOverride" -> <local>;cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com
YN -> HKEY_USERS\S-1-5-21-2169575358-2773345186-1502121881-1009\: "ProxyServer" -> http=localhost:3935
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2169575358-2773345186-1502121881-1009\] > -> HKEY_USERS\S-1-5-21-2169575358-2773345186-1502121881-1009\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> geebb -> Reg Error: Value error.
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
YY -> zwebauth.dll -> C:\WINDOWS\System32\ZWebAuth.dll
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YY -> "C:\WINDOWS\LMIE6.tmp\lmi_rescue.exe" -> C:\WINDOWS\LMIE6.tmp\lmi_rescue.exe [C:\WINDOWS\LMIE6.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue]
YN -> "C:\WINDOWS\system32\gfpjknxw.exe" -> [C:\WINDOWS\system32\gfp]
[Files/Folders - Created Within 30 Days]
NY -> avz4 -> C:\Documents and Settings\Compaq_Owner\Desktop\avz4
NY -> TrendMicro -> C:\Program Files\TrendMicro
NY -> McAfee -> C:\Documents and Settings\Compaq_Owner\Application Data\McAfee
NY -> Setup533 -> C:\WINDOWS\Setup533
[Files/Folders - Modified Within 30 Days]
NY -> uzi0ndmw.sys -> C:\WINDOWS\System32\drivers\uzi0ndmw.sys
NY -> avz4.zip -> C:\Documents and Settings\Compaq_Owner\Desktop\avz4.zip
NY -> 95 C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\*.tmp
NY -> 45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 1 C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\HouseCall\*.tmp files -> C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\HouseCall\*.tmp
NY -> 1 C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\HouseCall\*.tmp files -> C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\HouseCall\*.tmp
NY -> 1 C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\HCBackup\*.tmp files -> C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\HCBackup\*.tmp
[Files - No Company Name]
NY -> housecall.guid.cache -> C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[Custom Scans]
NY -> 45 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp
[Custom Items]
:Services
McSysmo
McShield
McNASvc
:end
[Empty Temp Folders]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.
I will review the information when it comes back in.
THEN
Malwarebytes’ Anti-Malware
Please download Malwarebytes’ Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
Hello,
Yesterday I tried to defrag my system it would not allow me again, so I followed the suggestions of Help and Support and it said to run a “chkdsk”. I ran the “chkdsk”, the log showed it fixing and removing some entries (believe something to do with register’s), however cannot locate the log for the process it ran, would think windows would store that information in a file on the system. After that process I am no longer receiving the numerous (internet Explorer encountered a problem and needs to close message and boxes). But I also removed Firefox from the system and did a restart.
I ran the OTS fix, attached is the log for that.
I tried to run the OTS scan again last nite, but it froze up, so I left the computer up, came back this morning it was still froze in same spot: This is what process it was working on: Manual File Scan - Looking in folder: C\Windows\WinSxs\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww. I had to boot computer this morning to unlock it, because "control, alt, delete - Windows Task Manager) did not load for me to end the task. I tried to run the OTS scan again this morning using the same commands you gave me the 1st time, same thing happened, after 1 hour, got hourglass (system froze) at that same location of the scan: (Manual File Scan - Looking in folder: C\Windows\WinSxs\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww).
Tried to run malware program, still not launching. I uninstalled then reinstalled it again, still not launching.
Did note that it said some parts of application may have to be removed manually. I also noticed that I had duplicate mbam files on my computer, probably from me loading it in safe mode also. I believe I removed the duplicate files.
I also noticed that right after starting my computer, after the start up applications load, including Avast), in my taskbar I get a icon and pop up from Java (saying Java Update available), It’s has been doing that since I noticed this problem with a virus, so far I have not updated it.
Also about a minute after that Java pop up, I can hear the music and commercial ads on my computer again.
I see polonus posted links from microsoft to fix problems with Malwarebytes not launching, gonna try that so I can attach that report.
Delete the copy of combofix that you have
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Link 1 is not an English verison, and Link 2 gives me message "Internet Explorer cannot display page". I think now the malware is even disabling access to Microsoft since Microsoft issued the essential security update about it. I've lost adminstrative rights to my computer, and last nite Microsoft could not access my computer either.
OK playing hard to get
Please download the file Kill.scr from my site and follow the instructions below
Kill.scr http://cid-32d8666f4048075b.skydrive.live.com/self.aspx/Malware%20files/kill.scr?lc=2057
[*] Double click Kill.
[*] Choose from the menu “File” => "Standard scripts " and mark the "Advanced System Analysis with Malware removal mode enabled " check box.
http://perplexus.geekstogo.com/avz-standardscripts-asa-removal.png
[*] Click on the “Execute selected scripts”.
[*] Automatic scanning, healing and system check will be executed.
[*] A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
[] It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
[] All applications will work properly after the system restart.
When restarted
[*] Start AVZ.
[*] Choose from the menu “File” => "Standard scripts " and mark the “Advanced System Analysis " check box.
http://i768.photobucket.com/albums/xx326/perplexus13/malware/avz-standardscripts.png
[*] Click on the “Execute selected scripts”.
[*] A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
Upload both virusinfo_syscure.zip and virusinfo_syscheck.zip to Mediafire and post the sharing link.