chamber

Trusted Helpers
  • Content Count

    13
  • Joined

  • Last visited

Posts posted by chamber

  1. Looks like the Kaspersky scan had an error.

    Lets try this one.

    Please download AVP Tool by Kaspersky.

    • Save it to your desktop.
    • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

    • Double click the setup file to run it.
    • Click Next to continue.
    • It will by default install it to your desktop folder. Click Next.
    • Hit ok at the prompt for scanning in Safe Mode.
    • It will then open a box. There will be a tab that says Automatic scan.
    • Under Automatic scan make sure these are checked.


    • System Memory

    • Startup Objects

    • Disk Boot Sectors.

    • My Computer.

    • Also any other drives (Removable that you may have)

    After that click on Security level then choose Customize, click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then ok. Choose OK again to go back to the main screen.

    • Click on Scan at the top right hand Corner.
    • It will automatically Neutralize any objects found.
    • If some objects are left un-neutralized then click the button that says Neutralize all
    • If it says it cannot be Neutralized then choose the delete option when prompted.
    • After that is done click on the reports button at the bottom and save it as Kas to the desktop
    • Post only the detected Virus\malware in the report, it will be at the very top under Detected

    Note: This tool will self uninstall when you close it so please remember to save the log before closing it.

  2. Sorry for the delay, I had internet problems over the weekend.

    The logs are looking better.

    1) TFC

    Download TFC to your desktop

    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

    2) Malwarebytes

    mbamicontw5.gif Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    3) JavaRa

    Please download JavaRa to your desktop and unzip it to its own folder

    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    4) Kaspersky

    Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

    1. Click Accept, when prompted to download and install the program files and database of malware definitions.

    2. To optimize scanning time and produce a more sensible report for review:

    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

    3. Click Run at the Security prompt.

    The program will then begin downloading and installing and will also update the database.

    Please be patient as this can take quite a long time to download.

    • Once the update is complete, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan. [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

    In your reply I would like to see copied and pasted,

    1) Malwarebytes log

    2) Kaspersky scan

  3. I want to get a new scan with OTL using a different custom scan.

    Are you still experiecing redirects?

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under the Custom Scan box paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %SYSTEMDRIVE%\*.exe
      HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions
      %SYSTEMDRIVE%\eventlog.dll /s /md5
      %SYSTEMDRIVE%\scecli.dll /s /md5
      %SYSTEMDRIVE%\netlogon.dll /s /md5
      %SYSTEMDRIVE%\cngaudit.dll /s /md5
      %SYSTEMDRIVE%\sceclt.dll /s /md5
      %SYSTEMDRIVE%\ntelogon.dll /s /md5
      %SYSTEMDRIVE%\logevent.dll /s /md5
      %SYSTEMDRIVE%\iaStor.sys /s /md5
      %SYSTEMDRIVE%\nvstor.sys /s /md5
      %SYSTEMDRIVE%\atapi.sys /s /md5
      %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
      %SYSTEMDRIVE%\viasraid.sys /s /md5
      %SYSTEMDRIVE%\AGP440.sys /s /md5
      %SYSTEMDRIVE%\vaxscsi.sys /s /md5

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  4. Can you please give a detailed description of exactly what the problem you are having is?

    Please download GooredFix from one of the locations below and save it to your Desktop

    Download Mirror #1

    Download Mirror #2

    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

  5. Hi,

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  6. Hi,

    Lets get a better look at your system.

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under the Custom Scan box paste this in
      netsvcs
      %SYSTEMDRIVE%\*.exe
      %systemroot%\system32\eventlog.dll
      %systemroot%\system32\scecli.dll
      %systemroot%\netlogon.dll
      %systemroot%\system32\cngaudit.dll
      %systemroot%\system32\sceclt.dll
      %systemroot%\ntelogon.dll
      %systemroot%\system32\logevent.dll
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  7. Best thing to do would be to get hold of the computer and get some scans done.

    With these rogue programs there is usually somthing left behind.

    If you can get a hold of it then,

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

    1. If you are using Firefox, make sure that your download settings are as follows:
      • Tools->Options->Main tab
      • Set to "Always ask me where to Save the files".

    [*]During the download, rename Combofix to Combo-Fix as follows:

    CF_download_FF.gif

    CF_download_rename.gif

    [*]It is important you rename Combofix during the download, but not after.

    [*]Please do not rename Combofix to other names, but only to the one indicated.

    [*]Close any open browsers.

    [*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------


    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

    [*]Double click on combo-Fix.exe & follow the prompts.

    [*]When finished, it will produce a report for you.

    [*]Please post the "C:\Combo-Fix.txt" for further review.

    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**