BleepingComputer.com: XP Anti-Virus 2011

Man, this is giving me brain ache! Hope you can help!

I was having problems a few days ago with one of these Malware things. I can't remember the name of the specific one but I used your guide to get rid of it and it worked. The usual rKill and Malwarebyets job. Sorted.

Damn thing happens again today or at least I thought so. Seemed the same but with a new name as shown in the topic title. I had a look at the removal guide and it seemed pretty straight forward; usual rKill then Malwarebytes job. So I downloaded rKill.com as usual from my uncle's laptop (what I'm using at the moment as the Maleware won't let me get on the internet using my PC), put it on my dongle and treied running it on my computer. It seemed to work. Brought up the log file after it ran as usual. Problem is that as soon as I tried Malwarebytes, the internet or anything else the maleware came back. So, I tried downloading one of the other named rKill files. All the rKill files ending in '.exe' didn't run at all. All the other ones ran as '.com' did but failed to do it's job.

So, I'm stuck. I'm currently having to use my uncle's laptop to accsess the internet and have to transfer any programs. I have included the log files requested barring the gmer one. It wouldn't allow me to run it so I assume it's either the malware or my computer isn't 32-bit. I haven't been able to check as it won 't let me look at the system configuration.

That's as much as I can think to add. If there's anything else you need then please say so.

I hope you can help and thanks for taking the time to have a look, it's much appreciated

Quote

Quote

In that case we'll do it like this.



To protect your clean computer, please use Flash Disinfector

Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your flashdrive
Please download OTL to your flashdrive

Move the flashdrive to your infected computer.

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.



Then select Start OTL. OTL will now run

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
  
• Click the Internet Explorer button, post these logs in your Virus Removal topic.

If needed use your other computer to post the logs (they are saved on your flashdrive)

This post has been edited by heir: 08 April 2011 - 03:31 AM

Thank you for the reply mate :D

Strangely, it seems to have fixed. I was advised by a friend to run a boot time scan using Avast. When I did this it didn't seem to work but when I switched my computer on to use the methods you have advised there is no malware on my PC now. I'm running another scan at the moment to make sure but it seems to have worked. Fingers crossed.

TerrierChad, on 09 April 2011 - 01:26 PM, said:

There was probably a Bootkit or Rootkit that avast took care of.
Most likely there are more stuff in there.
Please run the scan in my previous post and I 'll have a look.
Please also update MBAM and do a Quickscan and let MBAM remove what it finds. Please post the log from MBAM as well.

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.