rmurphy
-
Content Count
353 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by rmurphy
-
-
- Download OTListIt2 to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
- Download OTListIt2 to your desktop.
-
Please check your Private Messages. I have sent you one with instructions.
-
Uninstall the following programs:
Java™ 6 Update 3Java™ 6 Update 7Java™ SE Runtime EnvironmentDelete the following folder: C:\_OTMoveIt\
Reboot the computer.
Sality was found, which can be a system killer. However, it doesn't seem to have been too bad of an infection. Let's see if Dr.Web CureIt can find other traces of it.
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, in the menu, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
-
hmmm, really wish things would work...
Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
Close all open windows except for HiJack This and click fix checked.
Reboot your computer.
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options Remove found threats and the option Scan unwanted applications is checked
- Click Scan (This scan can take several hours, so please be patient)
- Once the scan is completed, you may close the window
- Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
Also post an Uninstall list...
To obtain an Uninstall list.
- Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
- Tick the box next to YES, I accept the Terms of Use
-
It might be that something is blocking them, can't tell for sure if it is an infection or not.
Let's see what happens if we try them in safe.
Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Once you've logged into safe mode, try running both MBAM and SUPER (one at a time) according to the instructions previously given. Once they have finished (or failed), reboot and post the logs (or let me know it didn't work).
-
Try running MBAM again. If it still freezes, try the following.
Download and scan with SUPERAntiSpyware Free for Home Users
- Double-click SUPERAntiSpyware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
- Under "Configuration and Preferences", click the Preferences button.
- Click the Scanning Control tab.
- Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
[*]Click the "Close" button to leave the control center screen.
[*]Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
[*]On the left, make sure you check C:\Fixed Drive.
[*]On the right, under "Complete Scan", choose Perform Complete Scan.
[*]Click "Next" to start the scan. Please be patient while it scans your computer.
[*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
[*]Make sure everything has a checkmark next to it and click "Next".
[*]A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
[*]If asked if you want to reboot, click "Yes".
[*]To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
[*]Click Close to exit the program.
- Close browsers before scanning.
- Double-click SUPERAntiSpyware.exe and use the default settings for installation.
-
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
[*]Double click on combofix.exe & follow the prompts.
[*]When finished, it will produce a report for you.
[*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
- Please, never rename Combofix unless instructed.
-
Your hijack this log looks clean. What is the exact message your antivirus is telling you?
Let's see if MBAM detects anything...
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
Inactive topic...
If you still need help on this problem, contact me or one of the Moderators to re-open this up.
Topic closed.
-
Welcome to BestTechie! I'm Ryan, and I'll be helping you.
These scans may take a while to run, so please be patient.
Step 1:
Please download Malwarebytes' Anti-Malware fromorDouble Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next toUpdate Malwarebytes' Anti-MalwareandLaunch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then clickScan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure thateverything is checked, and clickRemove Selected. You may be prompted to Restart.(See Extra Note)
- When disinfection is completed, a log will open in Notepad. Please save this to your desktop.
Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Step 2:
Please clickto download AVP Tool by Kaspersky.- Save it to your desktop.
- Reboot your computer into SafeMode.You can do this by restarting your computer and continually tapping theF8key until a menu appears.Use your up arrow key to highlight SafeMode then hitenter.
- Double click the setup file to run it.
- Click Next to continue.
- It will by default install it to your desktop folder.Click Next.
- Hit ok at the prompt for scanning in Safe Mode.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- System Memory
- Startup Objects
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.
- Then click on Scan at the to right hand Corner.
- It will automatically Neutralize any objects found.
- If some objects are left un-neutralized then click the button that says Neutralize all
- If it says it cannot be Neutralized then chooose The delete option when prompted.
- After that is done click on the reports button at the bottom and save it to file name it Kas.
- Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
Please post the logs from MBAM and AVP in your next reply.
-Ryan
-
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
-
instructions posted in chat
-
Sorry for the delay, I wanted to get a second opinion because I couldn't find anything malicious.
Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
Close all open windows except for HiJack This and click fix checked.
Reboot your computer.
Please rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.
-Ryan
-
hmm... I can't see anything that you would causing your issue.
Please update and perform another full scan with MBAM, and then post the log.
-Ryan
-
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
[*]Double click on combofix.exe & follow the prompts.
[*]When finished, it will produce a report for you.
[*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
-Ryan
- Please, never rename Combofix unless instructed.
-
Download Lop S&D < here
Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
-Ryan
-
Please download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Open JavaRa.exe again and select Search For Updates.
- Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Close all open windows except for HiJack This and click fix checked.
Reboot your computer.
Please rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.
-Ryan
- Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
-
That looks How is the computer running?
Please post a new hijackthis log, as well as an uninstall list.
To obtain an Uninstall list.- Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generatesuninstall_list.txt)
-Ryan
-
Welcome to BestTechie! I'm Ryan, and I'll be helping you fix your computer.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
-RYan
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
Welcome to BestTechie. I'm sorry that nobody has replied to you yet, the malware forum is always a bit busy. Please let me know if you still require assistance, and if so, please post a new hijack this log.
-Ryan
-
Welcome to BestTechie! I'm Ryan, and I'll be helping you.
I do see a few things that could contribute to your problem, so let's get started on fixing them.
Disable resident protections (Antivirus...); you'll re-enable them after the scan
Download Lop S&D < here
Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
-Ryan
-
Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.
Sorry for the delay in getting to your post. If you still require help, follow the directions below. If you do not need help, please let us know so we can close this topic.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
-Ryan
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.
Sorry for the delay in getting to your post. If you still require help, follow the directions below. If you do not need help, please let us know so we can close this topic.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
-Ryan
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.
Sorry for the delay in getting to your post. If you still require help, follow the directions below. If you do not need help, please let us know so we can close this topic.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
-Ryan
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
Windows-no Disk
in Malware Removal
Posted
Without knowing the full extent of the sality infection, it's probably safer (and with the trouble we're having, easier) to just back up your documents (no exe or scr files) and reformat. We probably could get it all to work, it would just take longer, and if we can't get it to, you'll end up reformatting anyways.
Let me know what you want to do.
-Ryan