Hi essexboy,
I went through few thread and found some solution here. Attached is the FRST.txt.
Can you please help me fix it? Thank you.
Hi essexboy,
I went through few thread and found some solution here. Attached is the FRST.txt.
Can you please help me fix it? Thank you.
I’ll get someone to help you here in a sec.
hello
Deactivate ALL your protections
Download here : http://www.bleepingcomputer.com/download/combofix/dl/12/ : Combofix and register it on your desktop.
change the name of Combofix in what you want (your name,your dog’s name or what you want)
If you have XP => double click
If you have Vista ,windows 7 or 8 ,=> right click “run as administrator”
on Combofix renamed
¤¤¤¤¤¤¤¤¤¤ LET THE RECOVERY CONSOLE TO BE INSTALLED IF COMBOFIX ASKES ¤¤¤¤¤¤¤¤¤¤
!!!DON’T TOUCH ANYTHING WHILE COMBOFIX IS RUNNING!!!
Do not forget to reactivate your Antivirus and your Antispywares, before re-connecting you to internet.
Return on the forum, and copy and paste the totality of the contents of C:\Combofix.txt in your next message.
If, after the restart of your pc by combofix, you have errors " Key marked for deletion " or with internet connection, restart again your computer
He cannot boot the system
i didn’t see REATOGO ^^
I 'll find something else
Running from the recovery console… This is my take
S3 lzgjvkjj; C:\WINDOWS\system32\wfqyfd.dll [x] S3 powlgy; C:\WINDOWS\system32\wfqyfd.dll [x] S3 zlhdsf; C:\WINDOWS\system32\wfqyfd.dll [x] NETSVC: zlhdsf -> C:\WINDOWS\system32\wfqyfd.dll ==> No File. NETSVC: lzgjvkjj -> C:\WINDOWS\system32\wfqyfd.dll ==> No File. NETSVC: powlgy -> C:\WINDOWS\system32\wfqyfd.dll ==> No File.
ok open notepad and copy/paste the following lines :
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pingthis.bat ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk → C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
S3 lzgjvkjj; C:\WINDOWS\system32\wfqyfd.dll
S3 powlgy; C:\WINDOWS\system32\wfqyfd.dll
S3 zlhdsf; C:\WINDOWS\system32\wfqyfd.dll
NETSVC: zlhdsf → C:\WINDOWS\system32\wfqyfd.dll ==> No File.
NETSVC: lzgjvkjj → C:\WINDOWS\system32\wfqyfd.dll ==> No File.
NETSVC: powlgy → C:\WINDOWS\system32\wfqyfd.dll ==> No File.
save as… “fixlist.txt” to the desktop
launch again FRST and click on Fix
http://upload.sosvirus.net/images/2013/08/03/2xb6XZ.png
Attach the log “Fixlog.txt”
G3n and Essex have arrived. THanks guys. Although g3n I think is being looked after by Essex. If you have issues understanding g3n, please tell him as he’s french! I might be able to help with what he’s trying to say…
My PC can start at normal mode now. Thank you everyone here for the help. Attached is the fixlog. Really appreciate and thank you very much
hello
it’s not ended ^^
Warning ! : Only these links are not official download tool on other links !
Warning ! : This tool can be wrongly detected as virus
Warning ! : This tool is powerful carefully follow the instructions below
all " non-essential windows " process will be cut, save your work. There will be an extinction of the office during the scan → do not panic .
Disable all protection if possible, antivirus, sandbox , firewalls , etc. …
Download and save Pre_Scan on your desktop :
http://www.telecharger.sosvirus.net/gen-hackman/winlogon.exe (renamed winlogon )
http://www.aht.li/1731274/winlogon.exe (renamed winlogon )
if the tool is restarted several times, it will offer you a menu and no option is required , run the " Scan | Kill " option
if the tool is blocked by infection using this version with these other extensions:
http://www.telecharger.sosvirus.net/gen-hackman/Pre_Scan.scr
http://www.telecharger.sosvirus.net/gen-hackman/Pre_Scan.pif
http://www.telecharger.sosvirus.net/gen-hackman/Pre_Scan.com
if the tool detects a proxy and you do not have it installed click "delete proxy "
It may be that black windows flash , let it work .
the tool will send to a server that has the virus quarantined so that I can improve and study these infections further.
Let the tool restart the pc .
Attach the report Pre_Scan_date_hour.txt which will appear at the root of the system drive (usually C: )
DO NOT MAIL TO THE FORUM ! ( it is too long)
Sorry to disappoint you, g3n-h@ckm@n. After the PC back to normal, i quickly backup all the important files and the PC has been formatted. Really appreciate your help here
hello
it was totally useless ! your computer was saved