sarahw

Trusted Helpers
 View Profile  See their activity

  • Content Count

    424

  • Joined

  • Last visited

 Content Type 

Posts posted by sarahw

  2. Malware Removal Rookie[INACTIVE]

    in Malware Removal

    Posted

    Hi,

    Could you please tell me what is wrong with the computer.

    1.

    mbamicontw5.gif Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    2.

    Please do an online scan with Kaspersky WebScanner

    Click on Accept

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.

    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT

    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:

      • Extended (if available otherwise Standard)

      • Scan Options:

      • Scan Archives
        Scan Mail Bases

      [*]Click OK

      [*]Now under select a target to scan:

      • Select My Computer

      [*]This will program will start and scan your system.

      [*]The scan will take a while so be patient and let it run.

      [*]Once the scan is complete it will display if your system has been infected.

      • Now click on the Save as Text button:

      [*]Save the file to your desktop.

      [*]Copy and paste that information in your next post.

  6. Hijack Log :\

    in Malware Removal

    Posted

    are you thinking of msconfig?

    Have you disabled anything form startup?

    • Open HiJackThis
    • Click on the "Config..." button on the bottom right
    • Click on the tab "Misc Tools"
    • Check off the 2 boxes next to the Box that says "Generate StartupList log"
    • Click on the button "Generate StartupList log"
    • Copy and past the StartupList from the notepad into your next post

  7. Hijack Log :\

    in Malware Removal

    Posted

    Hi,

    Welcome to the site :)

    I deleted the codeboxes as they are not neccesary and its easier for me to read it this way.

    Please read the following:

    How To Load Windows Safe Mode

    How to show hidden files, folders and system files

    I want you to change your computers settings to "Show all hidden files and folders" and "unhide operating system files" using the directions above.

    Next, re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O4 - HKLM\..\Run: [sYS1] C:\WINDOWS\system32\system.exe

    O4 - HKLM\..\Run: [sYS2] C:\WINDOWS\system32\bad1.exe

    O4 - HKLM\..\Run: [sYS3] C:\WINDOWS\system32\bad2.exe

    O4 - HKLM\..\Run: [sYS4] C:\WINDOWS\system32\bad3.exe

    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

    You will not be able to view this thread in safe mode. write down or save in notepad the following instructions.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

    C:\WINDOWS\system32\system.exe

    C:\WINDOWS\system32\bad1.exe

    C:\WINDOWS\system32\bad2.exe

    C:\WINDOWS\system32\bad3.exe

    After that, Reboot normally.

  8. Vundo (trojan.vundo.h) On Xp And External Hard Drive

    in Malware Removal

    Posted

    Hi there,

    Welcome to the site :)

    I'll be handling your log and will get you cleaned up.

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Please include the C:\ComboFix.txt in your next reply for further review.

  9. My Hijackthis Log

    in Malware Removal

    Posted

    Hi,

    Sorry about the delay.

    If you still need help, follow these instructions:

    Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

  10. Warning Balloon

    in Malware Removal

    Posted

    Hi,

    Sorry about the wait.

    If you still need help, just follow these instructions:

    Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

  25. Login Loop Windows Xp[INACTIVE]

    in Malware Removal

    Posted

    Hi,

    However I was searching on Internet the about "sfc /scnanow" event. I have got a I386 folder in "c:\windows" and I have checked in registry the source path and it is OK. I have copied the I386 folder to C:\, i have changed the source path to "c:\", but I have got the same message. I think it is something wrong about service pack folder. What can I do?

    The sfc /scannow just copied files from I386 folder to replace broken files on your computer. There was no need to copy or rename anything. Can you please undo any changes you have made.

    It found a trojan in System Volume folder (File is A0005777.exe)

    Can you please give me the exact wording and add location of this.