-
Content Count
105 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Everything posted by sari
-
Chrissie, That looks good. Just a little clean up, and you should be ready to go. Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. You can also delete the smitfraudfix program we installed at the beginning. Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the
-
Chrissie, That looks better - I'm going to have you run an online virus scanner just as a final check. Please do an online scan with Kaspersky WebScanner Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When th
-
Chrissie, It looks like those runs cleaned up a lot of the issues. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O21 - SSODL: genadmui - {16824F4F-3B2B-AF53-C6C2-098B56D7403C} - C:\Program Files\gehndkd\genadmui.dll Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode. Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Please remove these entries from Add/Remove Programs in the Control Panel(if pre
-
Chrissie, First, I want to verify that what you're dragging looks like this: . Second, let's delete your version of Combofix and download a newer one. Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Link 1 Link 2 Link 3 **Note: It is important that it is saved directly to your desktop** Once it's saved, drag the recovery console to it again, and report back here. Thanks, sari
-
Chrissie, I'm checking on this - we'll get it resolved and get the rest of the PC cleaned up.
-
Chrissie, I would really like for the recovery console to be installed. While I don't anticipate that we'll need it, there are still a number of infected files present. Would you please try dragging the recovery console file over to Combofix again? If you're asked to accept any EULAs by Microsoft, please accept them - it's a just a license agreement for the recovery console software. Once you've completed that, re-run combofix and post the log. Thanks, sari
-
Chrissie, We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen
-
Chrissie, Hi, and welcome to Besttechie. Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a
-
cirobest, Welcome to Besttechie. I apologize for the wait - I hope you're still checking. You have something called Lop, and I can help you with it. Disable your Avast anti-virus; you'll re-enable it after the scan Download Lop S&D < here Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt) sari
-
samuel3838, Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Thanks, sari
-
Samuel3838, Sorry - I didn't realize you had replied to this, and I was away for part of that time. Let me review what you have and I'll post shortly. sari
-
Panda08, You'll download SP2 - that will install the recovery console. sari
-
raiannon, Could you give some more detail on what you see? That hijackthis log is clean, so I'm curious what symptoms you're seeing, or what the scanners have found.
-
Panda08, You had an infection called Wareout, that redirects your browser to other sites and generally interferes with how your PC runs. Most viruses, spyware, etc., interfere with the performance of the PC, so I'm not surprised yours was running much faster after that - it was the primary infection on your PC. I'd like you to follow some directions to install what's called the Recovery Console. This isn't to clear up anything you have; it's more of a safety measure. We're seeing more cases of nasty viruses that can prevent PCs from booting up, and having this installed could help you out i
-
Panda08, How are things running now? Are you still having issues with slowness, because your logs are clean now. sari
-
Panda08, 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new HijackThis log. Let me know how things are running. sari
-
Panda08, It appears that you've been infected with a flash drive virus - these get into your computer by USB devices such as thumb drives. We have a little tool to run for that one. 1 - Flash Drive Disinfector Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well. Wait until it has finished scanning
-
Panda08, Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Thanks, sari
-
Panda08, That looks better. There are no visible signs of infection, but I'd like to have you run an online virus scan. Please do an online scan with Kaspersky WebScanner Click on Accept You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected:Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Arch
-
Panda08, You definitely still have some signs of infection in your log. Please download FixWareout from here: http://downloads.subratam.org/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead. Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal
-
samuel3838, I'm going to help answer some of your questions here. That line was part of Live Messenger. Did you uninstall it? If you did, then the file is no longer present on your PC, but the registry entry remains. This isn't malicious - it's just leftovers. I could offer more assistance for the filenames that look odd, but you'd have to re-enable them in msconfig so that I can see them - they don't show up in your hijackthis log if they're disabled from startup. What kind of popups are you getting? sari
-
Marco, My turn to apologize for the delay - last week's holiday really put me behind. It's possible that since your anti-virus had expired, it wasn't up-to-date with definitions, and downloading a new one gave you more current protection. You definitely had some nasty files that the last round with combofix should have also cleared up. How is everything still running? No more popups or anything? sari
-
Marco, That was helpful in finding some information. I have a different fix for you to run now. Open a new Notepad file, then "Copy/Paste" the text in the Codebox below into it (including the URL up top): http://www.besttechie.net/forums/index.php?showtopic=12807 Collect:: C:\WINDOWS\system32\tyekjvcbnm.exe Suspect:: C:\WINDOWS\bnetunin.exe C:\WINDOWS\diabswun.exe File:: C:\WINDOWS\system32\vcmon.exe Folder:: C:\Program Files\Video Add-on Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explo
-
Marco, I've had a couple of experts look at this, and we're a little confused as to why it won't run, especially since it did before. I'm going to have you run a different program to see if it cleans anything up and shows us some additional information. Download ComboFix from Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall. Thanks, sari
-
Marco, I have a couple of things for you to do. Please download Navilog1 by IL-MAFIOSO: http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip * Extract its contents to the desktop. * Double click on navilog1.exe to install it on your computer. * When the installation is complete, the tool will start automatically. * If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it. * Press E for English from the language Menu. * Type 1 in the next Menu to select Search and press Enter. * Wait for the Scan to finish (It may take a