hello…
same as before…
my computer infected by this malware…
n here some log from the scan…
is anyone can help me?
thx b 4…
I see you have already run combofix could I see the log please
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present ipconfig /flushdns /c:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
THEN
Run OTL again
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
/md5start
explorer.exe
winlogon.exe
/md5stop
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.
yes i do use it…
here the log…
…
hum…i wait 4 ur reply or …
do what u say b4 ?? (running the OTL)
Run OTL scan now please - Combofix could not find a spare copy of winlogon or explorer. If OTL cannot find one do you have access to a windows CD or another computer where we can copy them from ?
here the log…
huh window cd?? --a i dont hv one…
another comp ?? well yes i hv… but how i can copy it ??
btw, while i running the OTL… “tread has detected!!” it was from avast… is that ok ?
OK what I need you to do now is copy both explorer.exe and winlogon.exe from the other computer to a USB stick and place the files on your c: drive so that they are like this
C:\explorer.exe
C:\winlogon.exe
Then
-
Please open Notepad
[*] Click Start , then Run[*]Type notepad .exe in the Run Box. -
Now copy/paste the entire content of the codebox below into the Notepad window:
Fcopy:: c:\winlogon.exe|c:\windows\system32\winlogon.exe c:\explorer.exe|c:\windows\explorer.exe
-
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
-
Save the above as CFScript.txt
-
Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
- After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
[*]Combofix.txt [*]A new OTListit log.
OMG…
i use different ver of windows to replace “expoler.exe” n “winlogon.exe” --a
mine is windows XP sp3 n the other is windows 7
now may laptop keep rebooting…
so ?? is there another way to fix it ?
or i must reinstal the windows ??
http://cid-32d8666f4048075b.office.live.com/self.aspx/Malware%20files/winlogon.exe
http://cid-32d8666f4048075b.office.live.com/self.aspx/Malware%20files/EXPLORER.EXE
Download the above two files to your C drive then run the CFScript as previously posted
the problem is…
i cant logon to my computer…
it always reboot…
…how i can fix the problem ??
sorry… im not expert at this… --a
n it has blue screen with it…
heres the notice…
“Stop:c000021a {Fatal Error}
The windows logon process system process terminated unexpectedly with a status of 0xc0000139 (0x00000000 0x00000000).
the system has been shut down”
so is any one can help me ??
or i must reinstall it ?? --a
Can you get to safe mode ? If so let me know as we will need to work from there. By using the wrong version of winlogon it will not work properly
Also if you ahve a disc we can do a repair install
no… i cant…
its always stuck with that blue screen n fatal error thing…
what disc? windows disc ? no i dont hv it… --a
Please print these instruction out so that you know what you are doing
File details OTLPEStd.exe
Bytes=97,702,766
MB=93.1
MD5=FC1A07D156DE710955032B1CF7891671
[*]Download OTLPEStd.exe to your desktop
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
[*]Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
[*]Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
[*]Double-click on the OTLPE icon.
[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes
[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start.
[*]Drag and drop this attached scan.txt into the Custom scans and fixes box
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system.
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.